We have seen a steadily increasing volume of bank and financial fraud with our clients. The form and sophistication of the fraud is worrying and my expectation is that these activities will continue to grow in both frequency and scope.

I recently attended an informational session hosted by M&T Bank documenting some of their challenges and the best practices they recommend to minimize your chances of being caught in one of these scams.

First, these frauds are not limited to personal or business/commercial accounts. Each account type has it’s own vulnerability that the perpetrators will try to leverage. But good practices can help reduce risk for both account types. Here are some takeaways that I thought were interesting:


Passwords should be changed frequently (once a month). Use of a password manager software is strongly recommended. It goes without saying that passwords should be less than obvious.

Multi Factor Authentication (MFA)

It’s a bit of a pain but MFA is now a virtual necessity. There are multiple different forms but the most common is a code being sent to your cell phone. Without that code the account can not be accessed even if your password is compromised.

Reconcile, Reconcile, Reconcile

The sooner fraud is noticed the better. Bank accounts must be reconciled every month and, frankly, bank transactions should be reviewed far more frequently than that.

Minimize Paper Checks

We have had multiple client checks that have been “washed”. Essentially, a legitimate check is written for an amount to a legitimate vendor. Check washing involves removing the legitimate vendors name and making it payable to someone else. Without a review of the cancelled checks these frauds often go unnoticed until the legitimate vendor comes calling for the payment they never received.

Unsolicited Emails, Texts and Other Communication

This is still a big problem. An email comes to an employee or individual that looks legitimate and they click the link. Then they are asked to update information, payment details, etc. Once that happens the perpetrators have their in and start accessing funds fraudulently. Training staff to never click unsolicited emails and call the requesting company if there is ANY uncertainty about the request.

While it may be impossible to completely eliminate the threat of one of these attacks, a little common sense coupled with some best practices can significantly decrease the odds of your company being scammed. If you have any questions about these or other issues facing your firm, feel free to reach out to Emily @ ewoods@woodscpa.net