Salal’s Business Services team has recently seen an uptick in fraud incidents against our members, and the use of artificial intelligence and large language models such as ChatGPT are only accelerating the damage that cyber-criminals can do. One particularly prominent type of fraud we’re seeing is “phishing“ scams.
Phishing is defined as the fraudulent practice of sending emails or other messages purporting to be from reputable persons or legitimate businesses with the goal of, inducing individuals to reveal personal information or sensitive data, such as passwords and account numbers. These kinds of cybersecurity attacks involve malevolent individuals masquerading as trusted entities, in order to manipulate your staff into exposing your business to cybercrime.
Cybercriminals frequently use phishing to trick businesses into revealing their bank account information. Then they either use the info to scam you out of funds via wire transfer or falsely alert your business about changes in vendor’s payment account information, instructing you to send future payments to a new, fraudulent account. Always verify via a phone number you have on file for any vendors asking to change their account information to ensure the request is legitimate. Washington State’s Department of Financial Institutions has recently sent out a bulletin emphasizing the importance for credit unions to exercise a heightened level of security and due diligence in regard to processing wires, and we advise our business members to do the same.
Spam filters and other technological tools, such as multi-factor authentication and regular software updates, are important, but are often not enough. Everyone must remain vigilant against the deceptions involved in phishing attacks, and Salal is here to help.
Here are some key giveaways that indicate an email or other phishing attempt is fraudulent:
- The greeting is generic and no information about your actual account is included.
- The email threatens your account or offers you an unexpected refund.
- The email includes an invoice or coupon you don’t recognize, or asks you to click on a link.
- The email asks you to confirm personal information.
Our Senior Business Banking Representative Brandon Wilson, who goes by “Wilson,” confirms that Salal is seeing numerous members targeted by email compromise. “If members ever receive a change in payment instructions for an existing vendor, they should contact that vendor through a previously established phone number,” Wilson said.
Several of our members have been targeted via their vendors, Wilson reports. “These vendors’ email addresses are first compromised,” he said, “and then the fraudsters send our members updated payment instructions to send wires and ACH to the fraudsters.”
For every transaction authorized by your business, always be sure that you know the person or business to whom you are sending money, as well as the purpose of the payment. When sending a wire, double- and triple-check the details, and when receiving funds, allow at least a week for funds to clear before agreeing to any refunds. If a refund is ever deemed to be due, avoid sending refunds via wire.
If you discover fraudulent account transactions related to phishing, or if you suspect any other fraudulent activity, please contact Business Services immediately at BusinessServices@SalalCU.org or 206.298.9398. Please be prepared to provide detailed information about the fraudulent transaction, and please note that the affected account will be frozen until remedies can be put into place. Salal will attempt to recover any lost funds, but each fraud case is different, and funds recovery cannot be guaranteed. For additional assistance, you may wish to include local law enforcement in your fraud reporting.
Your Salal Business Services representative will outline your options and the required steps, which will typically include completion of paperwork via DocuSign, setting up Positive Pay fraud prevention service so that you can monitor check and ACH transactions, and closing the compromised account and opening a new account with a new account number.
Please note: Salal is unable to leave compromised accounts open and unsecured, as this places the business and credit union at risk, and we understand that an account freeze is disruptive to your business, so we will work diligently in partnership with you to resolve all instances of fraud.
The U.S. Federal Trade Commission is also interested in catching fraudsters, and invites you to report all phishing attempts:
- Forward all phishing emails to the Anti-Phishing Working Group at email@example.com.
- Forward all phishing text messages to SPAM (7726).
- Report the phishing attempt to the FTC at ReportFraud.ftc.gov.
Additional guidance, resources, and reporting information is available on the Federal Bureau of Investigation’s cybercrimes website.
You’re also welcome to read more about preventing fraud on the Salal website:
- SMS Fraud is on the Rise
- Protect Yourself from Credit Union Impersonation Scams
- Tips to Avoid Social Media Cyber Crime
Every transaction has the potential for fraud, so thank you for helping us protect you, and Salal Credit Union as a whole, against fraud!