Fraud is consistently becoming more sophisticated and harder to detect. The Federal Trade Commission shows that consumers reported losing more than $10 billion to fraud in 2023, the highest ever reported— a 14 percent increase from the prior year. Alabamians who fell victim to fraud scams lost, on average, $50,670 in 2022; a total of 4,893 victims were reported in Alabama that year for a combined loss of nearly $248 million. While you can’t always prevent fraud from happening, you can take active steps to protect yourself, your family, or your business through awareness and education.
In this new monthly series, “Fraud EDU,” we will consult with and learn from local fraud-prevention experts to understand how fraud occurs, how to have a fraud awareness mindset, and how to prevent becoming a victim. From business email compromise and vendor impersonation, to the use of new AI technology, we will look at some of the most prevalent scams and tackle the biggest questions around the topic of fraud in order to stay vigilant and gain best practices of fraud prevention. Protect yourself, your family, and your business by staying up to date on recent scams and by joining us in this monthly series.
To start off, we sat down with Jeff Taylor, head of Commercial Fraud Forensics for Regions Bank, to discuss his own experience with thwarting scammers and empowering clients through effective fraud- prevention techniques. Taylor has nearly three decades of experience in the banking industry, and has led Regions’ Treasury Management Products and Services team responsible for Payables, Receivables, and Fraud Solutions. He leads the Bank’s efforts to evaluate, mitigate, and educate Commercial and Corporate clients regarding payments fraud – and his insights are applicable not just to businesses, but to everyday consumers, as well. His expertise and knowledge on the topic also allows him to lead and participate in national fraud-prevention consortiums focusing on the financial services industry.
Tell us a bit more about your role in Fraud Forensics for Regions Bank.
In 2019, we were in the process as a financial institution of redesigning our entire financial crimes unit– it was a massive undertaking, and we made the decision that we needed someone in our corporate banking group to really serve as a liaison between all of our teams, to work with the financial crimes unit, and our other involved teams to understand both sides of the equation. My job is to take the understanding of how payments work from a logistical and operational standpoint and then apply that to what’s happening in the fraud space– trying to understand what happened, how it happened, and how to keep it from happening again.
What would you say is the most important part of your job?
Education and awareness are the most important pieces of what I do– they are not only what I have the most passion for, but I believe they are my greatest responsibilities. Having conversations like this, meeting with clients, hearing their stories and talking about the things that they can do to help them prevent becoming a victim of fraud, are all so important. While we have systems and detection capabilities in place, we find the best defense is when the customer is on guard, as well. This applies to businesses and individuals alike. Consistent account monitoring is key. Contacting the bank only at its verified phone numbers is crucial. Refusing to give confidential information in response to an unsolicited call, text or email – that’s another vitally important step. When the customer is fraud aware and knows what to avoid, that’s what makes their financial resources even more secure. With our fraud-prevention we can’t provide 100% protection for our clients– so it’s really important that we help clients understand what they need to do to put controls on their side of payment transactions to help stop a scam before it actually occurs. With these tools, people and businesses can understand how to have a fraud awareness mindset, the different types of attack vectors, and how to take those types of preventative measures from the start.
How do you detect fraud?
A large part of my job is staying educated on the topic and staying up to date on what types of scams are out there. I am constantly reading and perusing articles from a number of industry experts to find some of the latest news events that are occurring or that are being reported by the FBI or Homeland Security, and I’m looking at all of these to determine what happened yesterday and what are the newest topics that we need to either be concerned about or to communicate those risks to team members. My role also affords many educational opportunities, whether it be an in-person or digital seminar, or a lunch and learn with clients, and I am constantly reviewing and researching information to stay the most up to date on the topic.
It’s important to understand the typologies and to understand how these situations happen. Fraudsters love three things: they love chaos, confusion, and fear. With those three elements in place, people are going to react and it’s going to create opportunities for a fraudster to compromise an individual in most cases. They prey on vulnerability and will often ingratiate themselves with a vulnerable individual.
What are some of the most common types of fraud and scams that you see?
One of the most common, that we continue to see again and again, is business email compromise, and it remains one of the most popular fraud trends because it continues to work. Last year alone, about 70 percent of businesses experienced this type of scam. The client will typically provide us with an email or a screenshot of the text, or the actual email itself, and there’s typically a letter left out of the email address, or a single letter changed, edits that are easy to overlook. It works because the criminals do a good job of impersonating legitimate people and businesses. And it works because we’re too often in a rush to complete tasks, even important ones like the origination of payments.
Vendor impersonation is also very common. It’s the same type of method; the fraudster will spoof the email address of the legitimate vendor, but perhaps with a single letter added or missing– any way that they think they can sneak the new address by. They will direct it towards accounts payable or vendor management teams, the associates in a company whose job is to pay what’s on the list and move it out of the way. It can be all too easy to get in a hurry, and they get these requests all the time– so it’s not uncommon that they would see these types of requests for payments. This is why we always suggest stop, call and confirm, because without that control in place to validate that request, the chances are pretty good that they will be paying a fraudster.
Another rapid change that we’re seeing is the use of AI software like Chat GPT. Fraudsters are no longer sending badly-written emails, like the Nigerian princess scam of the past. Today, fraudsters are able to use legitimate AI platforms to use perfectly-written, eloquent emails that are much more difficult to detect. (constantly looking for vulnerabilities and new ways to be successful in their fraud attempts)
Many times they will re-implement older scams, such as check fraud, which has seen a recent increase in use. They have figured out other ways to use that information, and with ever-growing technology and new ways for them to use counterfeit checks, it makes it much more difficult for individuals to detect.
Looking ahead to the second half of the year and beyond, what predictions do you have for possible scams we should watch out for in 2024?
Many of these scams are periodical, and they’re often based on events that happen throughout the year. In the summer months, we see the potential for many vacation rental scams– a fraudster will post fictitious photos of a rental home, hoping to attract buyers customers who are looking for a great deal and willing to pay up front, then arriving to find it’s not what you expected.
Going back to school, we’ll see fictitious school supply posts on the online marketplaces for hard-to-find items. In the fall, fraudsters tend to prey on vulnerable college students; then finally, into scams headed into the shopping season of November and December.
Besides these periodical scams, we’ll continue to see business email compromise scams because they’ve proven to be effective. What we see around the corner is the potential increase of the imposter and trusted partner scams and impersonating individuals. Lastly, we’ll continue to see a greater introduction of technology and artificial intelligence in scams, including deepfake audio and video. It’s becoming easier and easier for fraudsters to create these fake audio and video pieces without a lot of technology and experience on their own part.
What is the best piece of advice you could give for someone to protect themselves– or their business?
The best way to detect what’s happening in terms of fraud or a scam is to be educated on the way that these things occur. You can liken it to following the proper rules for driving– if you understand the rules and follow them, you have a much better chance of staying safe, whereas if you constantly drive down the left side of the road, the chances are high that you’ll get in a head-on collision. If you follow the rules (i.e., that we drive down the right side of the road), and you consistently follow that rule, you are much less likely to have a head-on collision.
Through the stories and information that I provide, I don’t try to scare people as much as I try to open their eyes, to understand what’s occurring out there, and then provide them with tools to help them prevent it. It’s scams you often don’t think about– but once you are the victim to one, you understand the seriousness of them.
Besides education, awareness is the other crucial component– to understand how these situations happen. We use the hashtag #befraudaware with Regions, because protecting yourself from fraud is all about awareness– educating yourself, understanding what these scams and attack vectors look like, so you can be more prepared, and be able to say “that doesn’t look or sound right.” This is applicable on the consumer and on the business side– education around this topic is so important. When people are vigilant and follow best practices for their own security, they will greatly decrease their chances of becoming a victim.
If you do become a victim, it’s imperative that you report the event immediately. Contact your financial institution, report to federal law enforcement, and also report to ic3.gov, which is the internet crime and complaint center, and the central reporting agency for internet crime.