David Kavney 
Terra Carnrike-GranataWe’re all aware of the many ways that scammers are working to defraud individuals out of their hard-earned money. But small businesses continue to be in the crosshairs of today’s online criminals. The Federal Trade Commission (FTC) highlights a wide range of fraudulent schemes targeting businesses, including scams involving fake invoices and unordered merchandise, online […]
Already an Subcriber? Log in
Get Instant Access to This Article
Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.
- Critical Central New York business news and analysis updated daily.
- Immediate access to all subscriber-only content on our website.
- Get a year's worth of the Print Edition of The Central New York Business Journal.
- Special Feature Publications such as the Book of Lists and Revitalize Greater Binghamton, Mohawk Valley, and Syracuse Magazines
Click here to purchase a paywall bypass link for this article.
We’re all aware of the many ways that scammers are working to defraud individuals out of their hard-earned money. But small businesses continue to be in the crosshairs of today’s online criminals.
The Federal Trade Commission (FTC) highlights a wide range of fraudulent schemes targeting businesses, including scams involving fake invoices and unordered merchandise, online listings and advertising, credit card processing and equipment leasing, tech support, altering online reviews, bank and business impersonation scams, and the list goes on.
In its 2024 Internet Crime Report (https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf), released earlier this year, the FBI showed that business-email compromises resulted in $2.77 billion in losses to businesses. Phishing or spoofing scams, defined by the FBI as “the use of unsolicited email, text messages, and telephone calls purportedly from a legitimate company requesting personal, financial, and/or login credentials,” were the cause of $70 million in losses. Other scams, like tech support and personal data breaches, resulted in losses exceeding $1.4 billion.
In all, businesses and individuals lost a record $16.6 billion to cybercriminals last year, and projections are that artificial intelligence (AI)-driven scams could result in as much as $40 billion in losses by 2027.
Protecting your business’s valuable financial assets starts with internal security: a few simple steps can go a long way in protecting your business from external threats. Your business should:
• Trust but verify whenever you receive a request for payment or invoice changes from customers, vendors or partners. It is important to make direct contact using a trusted phone number to confirm the instructions aren’t coming from a scammer.
• Implement good computer-security practices. It’s essential to establish and maintain basic security procedures and controls for your business, and to update and distribute these to all employees regularly.
• Safeguard your information. Some simple steps include installing commercial antivirus software on all computers, ensuring those programs are updated regularly, and installing spyware detection programs.
• Educate your employees. A robust security program, combined with awareness of warning signs, safe practices, and responses to a suspected takeover, is crucial for protecting your company and its customers.
• Protect your online environment. Do not use unprotected Internet connections. Encrypt sensitive data and keep your computer up to date with the latest virus protections. Use complex passwords and change them periodically.
• Partner with your bank to prevent unauthorized transactions.
• Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop-ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity, and remove any systems that may have been compromised. Keep records of what happened. And never share one-time pins, especially if you receive a call from someone claiming to be your financial institution. Banks don’t ask for that.
• Understand your responsibilities and liabilities. The account agreement with your bank will outline the commercially reasonable security measures required for your business. You must understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover.
Despite taking these critical steps, businesses can sometimes be victimized by cybercriminals. In such cases, immediate action is crucial to help limit the damage or loss.
In the event of a cybercrime incident, several steps should be taken. First and most important, cease all activity on your computer system immediately, contact your bank, and change your online banking passwords. Other actions include opening new accounts, filing reports with local police and the FBI’s Internet Crime Complaint Center, and keeping meticulous records of events around the hack.
If you’ve lost your business’s credit or debit cards or checks, contact your bank.
If you think you’re being scammed through email, remember that financial institutions will never ask for personal information or account access credentials in an email. Don’t click on any links or respond to the message — delete the email and check your computer for spyware or other malware and contact your bank.
Identity theft can impact businesses as well as individuals, and there are several ways to know if you have been victimized. They include notices or emails telling you that your account information has been updated or that your information may have been compromised, bills or collection calls for accounts you’ve never opened, unknown accounts or inquiries that appear on your credit report, or an unexpected denial of a credit card application. If you suspect your identity has been stolen, contact your bank and place a fraud alert on your credit report by contacting one of the three major credit bureaus: Equifax, Experian, or TransUnion.
In our increasingly digital world, threats abound, with the growth of AI-based scams exponentially increasing those threats. Our Business Fraud Information Center provides a full range of resources and information to help keep your business secure. We work to provide up-to-date fraud information and alerts to help ensure your business won’t be one of the thousands victimized by scammers.
David Kavney is regional president of Central New York and the Mohawk Valley, and president of Central New York and Pennsylvania. In this role, he supports NBT’s commercial-banking leaders and teams in Central New York, Mohawk Valley, the Southern Tier, and Pennsylvania. Terra Carnrike-Granata is senior director of information security at NBT Bank, where she designs and implements sophisticated controls to prevent loss and mitigate risk, while also developing innovative ways to educate consumers and businesses on cyber threats.
David Kavney is regional president of Central New York and the Mohawk Valley, and president of Central New York and Pennsylvania. In this role, he supports NBT’s commercial-banking leaders and teams in Central New York, Mohawk Valley, the Southern Tier, and Pennsylvania. Terra Carnrike-Granata is senior director of information security at NBT Bank, where she designs and implements sophisticated controls to prevent loss and mitigate risk, while also developing innovative ways to educate consumers and businesses on cyber threats.