Business fraud is evolving faster than ever — and fraudsters are using increasingly sophisticated tactics to target companies of every size. At Needham Bank, we’re committed to helping protect your business accounts, your financial data, and the money you work hard to earn. Staying aware of current scams is the most effective way to reduce your risk.
This guide combines insights from our Fraud Prevention Webinar with real-world examples of today’s most common tactics — including spoofed calls, fake emails, Business Email Compromise (BEC), vendor payment fraud, and social engineering schemes.
The Growing Threat of Business Fraud
Fraud attempts continue to rise across all industries. Recent findings show:
- 79% of organizations experienced attempted or successful payment fraud in 2024
- Check fraud accounts for 63% of all fraud incidents
- Businesses spend $4.61 for every $1 lost to fraud
- BEC scams caused $2.77 billion in losses last year alone
Fraud isn’t slowing down — which is why proactive protections and strong internal controls matter more than ever.
Protect Your Data Over the Phone: Caller ID Spoofing
Fraudsters can spoof Needham Bank’s name and phone number, making an incoming call appear legitimate. During these calls, scammers often create urgency to push you into sharing secure information.
Needham Bank will NEVER ask for your Symantec random token number.
This token is for your use only and should never be shared.
If anyone asks for it — even if the caller ID says “Needham Bank” — hang up immediately and call us directly at 781-444-2100.
Beware of Spoofed Email Addresses
Email spoofing is one of the easiest — and most effective — ways fraudsters impersonate trusted contacts.
Common tactics include:
Changing visually similar characters
- Real: JoeSmith@training.com
- Spoofed: JoeSmlth@training.com (lowercase “L” instead of “i”)
Using “r” + “n” to look like “m”
- Real: JoeSmith@training.com
- Spoofed: JoeSrnith@training.com
These subtle changes are easy to miss, especially when employees are busy or responding quickly.
Business Email Compromise (BEC): Today’s Most Costly Scam
BEC continues to be the #1 fraud threat to businesses, often involving wire transfers, ACH payments, or sensitive financial updates.
Here are the two most common BEC scenarios:
- Vendor Email Compromise
A known vendor emails updated payment instructions and asks you to send your next invoice to a “new bank account.” You pay the invoice — only to discover 30 days later the vendor never changed their banking details.
Result: The payment went to a fraudulent account, and recovering the funds is extremely difficult. - Internal Email Compromise
Accounting receives an email appearing to come from the CEO requesting an urgent wire transfer.Employees often comply because:
- The tone seems authentic
- The request is time-sensitive
- Spoofed email addresses look nearly identical
Later, when the accountant asks the CEO for details, the CEO responds: “What transaction?”
Why BEC Works
- Spoofed email addresses look legitimate
- Employees feel pressured by urgency
- Criminals use real business context
- Some email accounts may already be compromised
How to Prevent BEC & Payment Fraud
- Always verify payment changes with a phone call using a known phone number
- Never call the number in the email signature — it may be fraudulent
- Use dual-control approval for all ACH and wire transactions
- Establish strict callback procedures for vendor banking changes
- Train employees to pause and confirm unusual or urgent payment requests
Social Engineering Scams: Phishing, Smishing & Vishing
Fraudsters rely heavily on social engineering — tactics designed to trick employees into revealing information or installing malware.
Phishing (Email)
Requests that prompt you to click links, enter banking credentials, or download malware.
Smishing (Text Messages)
Fake toll violations, package delivery alerts, or account “lock” notifications that link to malicious websites.
Vishing (Phone Calls)
Fraudsters pose as Needham Bank and ask for login credentials or verification codes.
Reminder: Needham Bank will NEVER ask for:
- Online banking usernames or passwords
- Full Social Security numbers
- Security tokens
- Debit card PINs
- Authentication codes
If something feels wrong, hang up immediately and call Needham Bank.
Check Fraud: Still the Most Common Business Fraud
Despite digital payments, check fraud remains a leading threat:
- Altered Checks: Stolen checks are “washed” and rewritten with new amounts and payees
- Counterfeit Checks: Criminals replicate your checks using stolen account information
- Mail Theft: Postal theft continues to rise — even blue mailboxes are being targeted
Best protection: Transition to secure electronic payments whenever possible.
ACH & Wire Fraud
If a device is infected with malware, fraudsters may capture your banking credentials and:
- Log in as you
- Add new ACH or wire recipients
- Initiate unauthorized transfers
This is why multi-factor authentication (MFA) and strong endpoint protection are essential.
Cybersecurity Best Practices for Every Business
To strengthen your fraud defenses, implement:
- Mandatory employee security training
- Multi-factor authentication (MFA) for financial systems
- Strong password management policies
- Verified callback procedures for payment changes
- Dual-control approvals for ACH and wires
- Endpoint protection on all devices
- Regular reviews of user access permissions
Fraudsters target the path of least resistance — strong internal processes reduce your risk dramatically.
Needham Bank Is Here to Help Protect Your Business
If you unintentionally shared secure information, received a suspicious request, or have concerns about account activity, contact us immediately. Call Needham Bank directly at 781-444-2100. Our team is here to help you respond quickly and secure your accounts.
Additional Fraud Prevention Resources:
