Skip to main content Skip to main content

New Cybercrimes Reported Against Businesses Sending ACH Payments

May 15, 2017

Recent reports show an increase in fraud using Automated Clearing House (ACH) payments, a standard transactional method used by most businesses. ACH payments are often under less scrutiny than wire transfers, giving scammers an opportunity for success in exploiting the looser oversight. However, the TGB team urges our clients to minimize exposure to risk by using common sense in dealing with special payment requests—like a change of account number or employee’s home address—it is always best to verify twice and pay once.

Here are two new schemes targeting ACH business payments:

Fake Invoice Payments
Phishing attacks through a supplier or vendor are increasingly more common because the vendor-supplier relationship is a trusted one.  How does it work?  Attackers call or email a business that has a longstanding relationship, pretending to be that supplier. The fraudsters trick the company into sending funds for a legitimate invoice to a new account controlled by them. If the administrator makes the payment, the fraud usually isn’t detected until the business is contacted by the real supplier to request payment on the authentic (now past due) invoice.

When a scam begins with a vendor, it is because the cyber thief can see all their files, allowing the crook to create a fake but official-looking invoice. The attacker has a full view of the vendor’s email account and discovers that invoices are typically emailed. The crook emails a phony invoice with a new ACH payment address hoping the business will process it as usual.  If the company does so, the funds are likely lost.

Payroll Account Change
Human Resource administrators are also being tricked into sending payroll funds to scammers’ accounts. The crook steals login credentials from executives or employees, then they send an email to HR requesting a change to their direct deposit account information. If that account information for the direct deposit is changed, the paycheck is deposited in the scammer’s account.

Protect Your Company From ACH Fraud
You can reduce risk and save your business from unauthorized ACH transactions by monitoring and reconciling accounts daily.

If you notice that an unauthorized ACH item has posted to your business account, contact the bank immediately.

Contact our Treasury Services Department to learn more about fraud prevention tools, including the pricing for these fee-based services.