Business fraud prevention tips: Avoid key threats

Types of fraud that businesses should watch

Bad actors can commit fraud either inside or outside a company, known respectively as internal and external fraud.

Internal fraud is when an employee misuses their employer’s trust and deceives them for personal gain. Given the opportunity, these employees will commit internal fraud ranging from petty theft and embezzlement to document forging and fraudulent billing.

Conversely, external fraud can come from anybody outside the organization. It could be the person trying to cash a fake check or somebody hitting send on a spam email.

External theft comes in many different forms. Organizations may experience:

• Social engineering: Human interactions, like phone calls that target victims, instill fear and gather sensitive information.
• Phishing: Spam emails, often with a link, requesting information with the aim of gaining access to information and computers.
• Malware: Downloads from links or attachments that, if clicked on, give fraudsters access to your computer, network and personal information.
• Ransomware: A kind of malware that prevents the use of systems or electronics until a ransom is paid.
• Business email compromise: The impersonation of an executive or high-profile individual through an email that requests action, information or a purchase.

Check fraud is on the rise

Not all fraud is digital, of course. For example, check fraud is rampant right now. According to a survey from the Association for Financial Professionals, 63% of respondents say they experienced attempted or actual check fraud in 2024.

“Even though it may seem a little bit surprising – given the sophistication of all the different payment mechanisms that exist today – checks are still a really prevalent way that fraudsters are targeting small businesses and consumers alike,” says Melanie Bargo, Chief Risk Officer for Consumer and Business Banking at U.S. Bank.

Different types of check fraud to look out for are:

• Counterfeit checks: A fake check that includes legitimate account and routing numbers, logos and check stock
• Forged signature: A legitimate check with a falsified signature from an unauthorized party
• Altered checks: A legitimate check with the payee name and/or payment amount changed
• Check theft: When checks or entire checkbooks are stolen, often in mail or transit

The best way to avoid check fraud? Move away from checks. Nonphysical payments, such as ACH, wire transfers and digital billing, can eliminate most forms of check fraud. But if you or your business must use checks, do your due diligence by checking your statements, comparing the check amount you wrote with the amount that was paid and contacting your bank if you suspect any fraud.

Another tip: If you need to mail a check, refrain from leaving it in a mailbox and/or letting it sit in the mailbox between pickup times. To ensure the most secure sendoff, hand your check over at the post office.

Tips for avoiding cyberattacks at work

The best advice for mitigating fraud is to slow down and conduct due diligence. If you have a heavy workload and are hammering through your tasks, it’s easy to rush to open an email and act quickly. But before clicking a link, opening an attachment or making a purchase on behalf of a “coworker” who needs it, ask these questions:

• Is the email address’s domain correct? (For example, is it a Gmail address, or does it match the organization it’s said to be coming from)?
• Is there a noticeable number of grammatical errors in the email? (Note that with the rise of generative AI-fueled fraud, this will become less common.)
• Is the request being made typical of the individual contacting you?
• Is the level of urgency reasonable, or is it trying to trigger a negative or positive emotion that will lead you to act?

When in doubt, check with a colleague, manager or IT provider to limit the effects of fraud and raise awareness company-wide. Education, as always, is key.

You can take additional precautions, including:

• Blocking web pop-ups
• Having access controls to make sure that only the necessary people can access financial data or other important information
• Implementing strong authentication for those individuals
• Encrypting data so bad actors who do get access into a system may not be able to see, read or use the data
• Keeping antivirus software and firewalls up to date

Fight fraud at work by raising the alarm.

Admitting that you or someone on your team has fallen for a scam can feel embarrassing or uncomfortable, but it’s critical to raise the alarm immediately.

“It's very important that you contact [your business banker] as soon as you see something that may be concerning, and if it turns out to be nothing, there's no shame in that,” says Bargo. “We would much rather you call us and talk through it and figure it out together than have you not call at all and it turns into something much bigger.”

No matter what kind of cybersecurity concerns or fraud you’re dealing with, U.S. Bank can provide direction and business fraud prevention tips. From its secure form of check to educational seminars, U.S. Bank is your partner in the fight against fraud.

Explore U.S. Bank’s fraud protection tools for businesses.

For further insight into cybersecurity and fraud prevention strategies, watch the webinar “Navigating fraud and cybersecurity risks in today’s business environment.”