Fraud Protection

Guard Your Business Against Online Fraud

Guard Your Business Against Online Fraud

The likes of the WikiLeaks, Anonymous and online nation-state attacks have populated the news in recent years, and in all likelihood similar stories will continue to do so for some time to come. While online threats like these could impact certain mid-sized businesses—perhaps those dealing in political affairs or harboring intellectually sensitive capital—the greatest, most pressing threat remains overseas fraud schemes for financial gain. 

Here are some important things you need to know about online fraud schemes—and how to protect your business from falling prey to them.

The simple truth about phishing schemes

When companies fall victim to online fraud schemes, they want to believe it was only possible through the work of an expert, says Matthew Harper, head of client security management and group vice president at SunTrust. Yet, this often isn’t the case.

“People ask us how they broke the firewall—but they didn’t break the firewall or anything like that. Unfortunately, a fraudster sent a phish, and an employee clicked on a link and malware was installed on the machine,” Harper says. “It’s not exciting, but that’s what happens.”

The dangers of malware

Malware, short for malicious software, is a term used to describe a variety of attacks and is by far the biggest threat in regard to online fraud, Harper says.

When installed, malware can be used to steal sensitive information. Once those credentials are stolen, perpetrators can start diverting funds from your business’s bank accounts.

One such execution of malware fraud, called a man-in-the-middle attack, can happen once you log in to your bank account. The hacker, or the person in the middle of you and the bank, will send you to a legitimate-looking Web page. That page will say something to the effect of: The bank can’t process your transaction at this time, so please try again in 10 minutes. Meanwhile, the hacker has taken over the session you authenticated and is setting up wire transfers and Automated Clearing House (ACH) withdrawals to steal money.

Ways to help limit risk

The good news is that with internal controls, a lot of these attacks are preventable. To guard against malware, the most important step is to maintain good “computer hygiene.” Harper recommends drafting a checklist that may include the following:

  • Maintain cautious online behavior: Don’t open email or links from unknown people, only visit trusted sites, and don’t give away sensitive information to unsecure sources
  • Keep up to date with security patches from software providers
  • Use your bank’s malware protection tools
  • Limit how much access employees have to payment systems, including setting up dual control/approval and segregating responsibilities for transaction initiation and approval
  • Ask your bank to set wire limits; if you need to send a larger wire, call it in
  • Manage your banking from a single computer and/or mobile device that is solely used for that purpose
  • Strengthen online passwords by making them complex and long, in addition to changing them frequently and not using them for other logins

“A lot of times we get calls from clients asking about what we can do to stop a specific type of threat,” Harper says. “And our answer is this: By the sheer fact that you’re paying attention to this and reading about it, you’re better off than 98 percent of the companies. The fact that you ask your bank about security threats, you’re probably doing the right thing.”

This content does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.


Investment and Insurance Products:

Are Not FDIC or any other Government Agency Insured   Are Not Bank Guaranteed  May Lose Value 

© 2018 SunTrust Banks, Inc

equal housing logoSunTrust Bank is an Equal Housing Lender. Member FDIC

equal housing logoEqual Housing Lender. SunTrust Mortgage, Inc

SunTrust, SunTrust Mortgage, SunTrust PortfolioView, SunTrust Robinson Humphrey, SunTrust Premier Program, AMC Pinnacle, AMC Premier, Access 3, Signature Advantage Brokerage, Custom Choice Loan and SunTrust SummitView are federally registered service marks of SunTrust Banks, Inc. All other trademarks are the property of their respective owners.

Services provided by the following affiliates of SunTrust Banks, Inc.: Banking products and services are provided by SunTrust Bank, Member FDIC. Trust and investment management services are provided by SunTrust Bank, SunTrust Delaware Trust Company and SunTrust Banks Trust Company (Cayman) Limited. Securities, brokerage accounts and insurance (including annuities) are offered by SunTrust Investment Services, Inc., a SEC registered broker-dealer, member FINRA, SIPC, and a licensed insurance agency. Investment advisory services are offered by SunTrust Advisory Services, Inc., a SEC registered adviser. GFO Advisory Services, LLC is a SEC registered investment adviser that provides investment advisory services to a group of private investment funds and other non-investment advisory services to affiliates. Mortgage products and services are provided by SunTrust Mortgage, Inc.

SunTrust Mortgage, Inc. - NMLS #2915, 901 Semmes Avenue, Richmond, VA 23224, 1-800-634-7928. CA: licensed by the Department of Business Oversight under the California Residential Mortgage Lending Act, IL: Illinois Residential Mortgage Licensee #MB-989, Department of Financial and Professional Regulation, 100 W. Randolph, Suite 900, Chicago, IL 60601, 1-888-473-4858, MA: Mortgage Lender license #-ML-2915, NJ: Mortgage Banker License - New Jersey Department of Banking and Insurance, NY: Licensed Mortgage Banker—NYS Department of Financial Services, and RI: Rhode Island Licensed Lender.

"SunTrust Advisors" may be officers and/or associated persons of the following affiliates of SunTrust Banks, Inc.: SunTrust Bank, our commercial bank, which provides banking, trust and asset management services; SunTrust Investment Services, Inc., a registered broker-dealer, which is a member of FINRA and SIPC, and a licensed insurance agency, and which provides securities, annuities and life insurance products; SunTrust Advisory Services, Inc., a SEC registered investment adviser which provides Investment Advisory services.

SunTrust Private Wealth Management, International Wealth Management, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups and GenSpring are marketing names used by SunTrust Bank, SunTrust Banks Trust Company (Cayman) Limited, SunTrust Delaware Trust Company, SunTrust Investment Services, Inc., and SunTrust Advisory Services, Inc.

SunTrust Bank and its affiliates do not accept fiduciary responsibility for all banking and investment account types offered. Please consult with your SunTrust representative to determine whether SunTrust and its affiliates have agreed to accept fiduciary responsibility for your account(s) and if you have completed the documentation necessary to establish a fiduciary relationship with SunTrust Bank or an affiliate. Additional information regarding account types and important disclosures may be found at

SunTrust Robinson Humphrey is the trade name for the corporate and investment banking services of SunTrust Banks, Inc. and its subsidiaries, including SunTrust Robinson Humphrey, Inc., member FINRA and SIPC.