Fraud on the Farm: It’s Time to Protect Yourself
-
bookmark
-
print
Pick up any business publication and you’ll likely come across an article about cybercrime and payment fraud, yet this topic is rarely front and center in agribusiness. Operators usually don’t consider procedures and practices around cash flow and fraud prevention until there’s an issue.
But cyberattacks and payment fraud are industry agnostic. According to the Association for Financial Professionals, in 2022 71% of businesses were victims of payment fraud via email, and 63% faced check fraud. Digital payment fraud is also on the rise. Agribusinesses may be more susceptible than other businesses to payment fraud because fraudsters perceive them as being both lucrative targets and having less sophisticated fraud protection tools.
The FBI has previously warned that farms and agriculture cooperatives are particularly vulnerable during the key planting and harvest seasons. Also, dairy farms collect more electronic data than ever. Think about all your farm management and financial records. They make a valuable target for fraudsters, leaving you more vulnerable to schemes such as ransomware, in which cybercriminals block access to your key systems until you pay a sum of money. Such attacks can disrupt production, shipping or receiving.
Given farming’s critical timelines for key seasonal activities like planning and harvesting, any disruptions to the supply chain can be significant. Furthermore, the financial and reputational risk of being a fraud victim can be expensive and damaging, so all business owners—including ag operators—should have solid fraud prevention protocols in place.
“We all rely on insurance for our businesses, homes, health, cars and equipment,” says Scott Murayama, BMO’s Senior Director and Team Lead, Treasury and Payment Solutions. “We hope insurance will cover us if something goes wrong. Fraud prevention tools and practices can prevent fraud from harming us before it goes wrong.”
In an industry where margins are razor-thin, you can’t afford to be the victim of fraud. Here are six common types of cyberattacks and the payment fraud they lead to, along with some suggested prevention tips that you can implement in your operation as part of your fraud prevention protocol.
Malware. This type of fraud infiltrates computer systems and performs unauthorized activities and transactions, such as email takeover, corporate account takeover, identity theft, data breaches and theft, and denial of service.
Fraudsters count on human behavior to execute their crimes, often by creating a false sense of urgency, such as warning that your account will be closed within 24 hours if you don’t act immediately. That appeal to immediate action should be a red flag. While email and mobile messages help keep communication flowing with vendors and others, it pays to be cautious before clicking on a hyperlink.
Prevention Tips:
-
Regularly update antivirus and antimalware software on all devices.
-
Always verify the source of fund transfer requests.
-
Ensure website links are legitimate. Hover over a link to see where it is actually linking to.
-
Be aware of any changes to financial services websites you frequently visit. Also look out for unusual experiences, including unfamiliar URLs appearing in the browser window.
Phishing. This is one of the most common ways to infect computer systems with malware or begin a ransomware attack. Typically, criminals execute phishing attacks through unsolicited emails that appear legitimate, often with real company names and logos. The email may request personal or financial information or urge you to click a link that will direct you to a fraudulent website. From there, malware can infect email accounts and corporate networks, which can lead to identity theft and corporate email takeover, as well as facilitate hacking into databases.
Prevention Tips:
-
Validate that the person sending the email is who they say they are. A small spelling error in the email address is a telltale sign that the message is fraudulent.
-
Review emails for grammar and spelling errors, which are often red flags that the email is not legitimate.
-
Hover over any hyperlinks to see where they are really sending you to, and don’t open any links that are unfamiliar or unexpected.
-
Call the vendor directly to verify they sent the email.
Email compromise. These scams are highly prevalent and are often the starting point for executing fraudulent electronic payments or wire transfers.
Prevention tips:
-
Always call a vendor at a known phone number before sending a wire or electronic payment.
-
Always call a vendor at a known number to verify a change in wire or electronic payment information before sending payment to the new account.
-
Don’t rely on a single email or text message—verify the authenticity by contacting the supplier or vendor.
Identify fraud. This uses another individual’s personal information—often obtained through malware or phishing—without authorization to commit a crime or defraud others.
Prevention Tips:
-
Don’t share sensitive information like bank account, social security and passport numbers over email or social media.
-
Monitor your accounts for fraudulent activity on a regular basis.
-
Review your credit report regularly.
-
Secure your vendor accounts with a personal passcode.
Electronic payment fraud. This occurs when someone steals another person’s payment information to make unauthorized transactions or purchases. A fraudster needs only two pieces of information to initiate an automated clearinghouse (ACH) transaction: your chequing account and bank routing numbers. Email compromise is often the starting point for electronic payment fraud.
Prevention Tips:
-
Monitor transactions carefully and often.
-
Restrict business transaction access to authorized individuals.
-
Implement dual control, which require two users to complete a transaction, reducing the risk of payment errors and fraudulent transactions.
-
Implement segregation of duties. That is, the person authorized to initiate transactions is separate from the person authorized to approve transactions.
-
Avoid paper cheques or invoices.
-
Consider using virtual, single-use credit cards.
-
When using direct-deposit payroll, require employees to provide a voided cheque for any payment changes.
-
Enroll in ACH positive pay or an ACH filter from your bank to prevent unauthorized debits from your account.
Cheque/payroll fraud. This occurs when someone attempts to gain money by unlawfully writing bad cheques, forging a cheque in another person’s name or fabricating a cheque. Farm clients typically discover this type of fraud when a cheque clears their account for an amount that is different from the one they wrote it for, usually a payroll cheque. Unfortunately, we’re also beginning to see an increase in cheque fraud where items are not altered, only the endorsement on the cheque is forged.
Prevention Tips:
-
Use electronic payment methods where possible, such as electronic funds transfer (EFT), payment card, virtual card or direct deposit payroll.
-
Enroll in your bank’s digital cheque service, which offers electronic review of all cheques issued and automated cheque processing and reconciliation to help reduce the risk of fraud.
-
Monitor transactions carefully, preferably daily. Mobile banking can make daily oversight of transactions more accessible.
-
Keep cheque stock locked in a secure location and restrict employee access.
-
Review internal cheque creation and signing processes to ensure there are always at least two employees involved in the accounts payable process.
-
Limit your cheque runs to monthly or twice a month if possible.
Fraudsters are constantly evolving and developing more sophisticated methods. The key to mitigating your risk is to remain vigilant and adopt best practices. Where possible, implement automation into your key processes. Where automation is not possible, consider implementing strong internal controls such as dual control and segregation of duties.
In an industry where margins are razor-thin, you can’t afford to be the victim of fraud.
This article was originally published in Progressive Dairy.
Brad Guse
Director, Production Agriculture, US Food, Consumer and Agribusiness
Pick up any business publication and you’ll likely come across an article about cybercrime and payment fraud, yet this topic is rarely front and center in agribusiness. Operators usually don’t consider procedures and practices around cash flow and fraud prevention until there’s an issue.
But cyberattacks and payment fraud are industry agnostic. According to the Association for Financial Professionals, in 2022 71% of businesses were victims of payment fraud via email, and 63% faced check fraud. Digital payment fraud is also on the rise. Agribusinesses may be more susceptible than other businesses to payment fraud because fraudsters perceive them as being both lucrative targets and having less sophisticated fraud protection tools.
The FBI has previously warned that farms and agriculture cooperatives are particularly vulnerable during the key planting and harvest seasons. Also, dairy farms collect more electronic data than ever. Think about all your farm management and financial records. They make a valuable target for fraudsters, leaving you more vulnerable to schemes such as ransomware, in which cybercriminals block access to your key systems until you pay a sum of money. Such attacks can disrupt production, shipping or receiving.
Given farming’s critical timelines for key seasonal activities like planning and harvesting, any disruptions to the supply chain can be significant. Furthermore, the financial and reputational risk of being a fraud victim can be expensive and damaging, so all business owners—including ag operators—should have solid fraud prevention protocols in place.
“We all rely on insurance for our businesses, homes, health, cars and equipment,” says Scott Murayama, BMO’s Senior Director and Team Lead, Treasury and Payment Solutions. “We hope insurance will cover us if something goes wrong. Fraud prevention tools and practices can prevent fraud from harming us before it goes wrong.”
In an industry where margins are razor-thin, you can’t afford to be the victim of fraud. Here are six common types of cyberattacks and the payment fraud they lead to, along with some suggested prevention tips that you can implement in your operation as part of your fraud prevention protocol.
Malware. This type of fraud infiltrates computer systems and performs unauthorized activities and transactions, such as email takeover, corporate account takeover, identity theft, data breaches and theft, and denial of service.
Fraudsters count on human behavior to execute their crimes, often by creating a false sense of urgency, such as warning that your account will be closed within 24 hours if you don’t act immediately. That appeal to immediate action should be a red flag. While email and mobile messages help keep communication flowing with vendors and others, it pays to be cautious before clicking on a hyperlink.
Prevention Tips:
-
Regularly update antivirus and antimalware software on all devices.
-
Always verify the source of fund transfer requests.
-
Ensure website links are legitimate. Hover over a link to see where it is actually linking to.
-
Be aware of any changes to financial services websites you frequently visit. Also look out for unusual experiences, including unfamiliar URLs appearing in the browser window.
Phishing. This is one of the most common ways to infect computer systems with malware or begin a ransomware attack. Typically, criminals execute phishing attacks through unsolicited emails that appear legitimate, often with real company names and logos. The email may request personal or financial information or urge you to click a link that will direct you to a fraudulent website. From there, malware can infect email accounts and corporate networks, which can lead to identity theft and corporate email takeover, as well as facilitate hacking into databases.
Prevention Tips:
-
Validate that the person sending the email is who they say they are. A small spelling error in the email address is a telltale sign that the message is fraudulent.
-
Review emails for grammar and spelling errors, which are often red flags that the email is not legitimate.
-
Hover over any hyperlinks to see where they are really sending you to, and don’t open any links that are unfamiliar or unexpected.
-
Call the vendor directly to verify they sent the email.
Email compromise. These scams are highly prevalent and are often the starting point for executing fraudulent electronic payments or wire transfers.
Prevention tips:
-
Always call a vendor at a known phone number before sending a wire or electronic payment.
-
Always call a vendor at a known number to verify a change in wire or electronic payment information before sending payment to the new account.
-
Don’t rely on a single email or text message—verify the authenticity by contacting the supplier or vendor.
Identify fraud. This uses another individual’s personal information—often obtained through malware or phishing—without authorization to commit a crime or defraud others.
Prevention Tips:
-
Don’t share sensitive information like bank account, social security and passport numbers over email or social media.
-
Monitor your accounts for fraudulent activity on a regular basis.
-
Review your credit report regularly.
-
Secure your vendor accounts with a personal passcode.
Electronic payment fraud. This occurs when someone steals another person’s payment information to make unauthorized transactions or purchases. A fraudster needs only two pieces of information to initiate an automated clearinghouse (ACH) transaction: your chequing account and bank routing numbers. Email compromise is often the starting point for electronic payment fraud.
Prevention Tips:
-
Monitor transactions carefully and often.
-
Restrict business transaction access to authorized individuals.
-
Implement dual control, which require two users to complete a transaction, reducing the risk of payment errors and fraudulent transactions.
-
Implement segregation of duties. That is, the person authorized to initiate transactions is separate from the person authorized to approve transactions.
-
Avoid paper cheques or invoices.
-
Consider using virtual, single-use credit cards.
-
When using direct-deposit payroll, require employees to provide a voided cheque for any payment changes.
-
Enroll in ACH positive pay or an ACH filter from your bank to prevent unauthorized debits from your account.
Cheque/payroll fraud. This occurs when someone attempts to gain money by unlawfully writing bad cheques, forging a cheque in another person’s name or fabricating a cheque. Farm clients typically discover this type of fraud when a cheque clears their account for an amount that is different from the one they wrote it for, usually a payroll cheque. Unfortunately, we’re also beginning to see an increase in cheque fraud where items are not altered, only the endorsement on the cheque is forged.
Prevention Tips:
-
Use electronic payment methods where possible, such as electronic funds transfer (EFT), payment card, virtual card or direct deposit payroll.
-
Enroll in your bank’s digital cheque service, which offers electronic review of all cheques issued and automated cheque processing and reconciliation to help reduce the risk of fraud.
-
Monitor transactions carefully, preferably daily. Mobile banking can make daily oversight of transactions more accessible.
-
Keep cheque stock locked in a secure location and restrict employee access.
-
Review internal cheque creation and signing processes to ensure there are always at least two employees involved in the accounts payable process.
-
Limit your cheque runs to monthly or twice a month if possible.
Fraudsters are constantly evolving and developing more sophisticated methods. The key to mitigating your risk is to remain vigilant and adopt best practices. Where possible, implement automation into your key processes. Where automation is not possible, consider implementing strong internal controls such as dual control and segregation of duties.
In an industry where margins are razor-thin, you can’t afford to be the victim of fraud.
This article was originally published in Progressive Dairy.
What to Read Next.
Addressing the Cost of Corporate Climate Plans
Ela Eskinazi | March 28, 2024 | Business Strategy
More corporate leaders are taking a long-term view on the energy transition and treating climate change as a business risk requiring a discrete strat…
Continue Reading>More Insights
Tell us three simple things to
customize your experience.
Contact Us
Banking products are subject to approval and are provided in the United States by BMO Bank N.A. Member FDIC. BMO Commercial Bank is a trade name used in the United States by BMO Bank N.A. Member FDIC. BMO Sponsor Finance is a trade name used by BMO Financial Corp. and its affiliates.
Please note important disclosures for content produced by BMO Capital Markets. BMO Capital Markets Regulatory | BMOCMC Fixed Income Commentary Disclosure | BMOCMC FICC Macro Strategy Commentary Disclosure | Research Disclosure Statements.
BMO Capital Markets is a trade name used by BMO Financial Group for the wholesale banking businesses of Bank of Montreal, BMO Bank N.A. (member FDIC), Bank of Montreal Europe p.l.c., and Bank of Montreal (China) Co. Ltd, the institutional broker dealer business of BMO Capital Markets Corp. (Member FINRA and SIPC) and the agency broker dealer business of Clearpool Execution Services, LLC (Member FINRA and SIPC) in the U.S. , and the institutional broker dealer businesses of BMO Nesbitt Burns Inc. (Member Canadian Investment Regulatory Organization and Member Canadian Investor Protection Fund) in Canada and Asia, Bank of Montreal Europe p.l.c. (authorised and regulated by the Central Bank of Ireland) in Europe and BMO Capital Markets Limited (authorised and regulated by the Financial Conduct Authority) in the UK and Australia and carbon credit origination, sustainability advisory services and environmental solutions provided by Bank of Montreal, BMO Radicle Inc., and Carbon Farmers Australia Pty Ltd. (ACN 136 799 221 AFSL 430135) in Australia. "Nesbitt Burns" is a registered trademark of BMO Nesbitt Burns Inc, used under license. "BMO Capital Markets" is a trademark of Bank of Montreal, used under license. "BMO (M-Bar roundel symbol)" is a registered trademark of Bank of Montreal, used under license.
® Registered trademark of Bank of Montreal in the United States, Canada and elsewhere.
™ Trademark of Bank of Montreal in the United States and Canada.
The material contained in articles posted on this website is intended as a general market commentary. The opinions, estimates and projections, if any, contained in these articles are those of the authors and may differ from those of other BMO Commercial Bank employees and affiliates. BMO Commercial Bank endeavors to ensure that the contents have been compiled or derived from sources that it believes to be reliable and which it believes contain information and opinions which are accurate and complete. However, the authors and BMO Commercial Bank take no responsibility for any errors or omissions and do not guarantee their accuracy or completeness. These articles are for informational purposes only.
This information is not intended to be tax or legal advice. This information cannot be used by any taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer. This information is being used to support the promotion or marketing of the planning strategies discussed herein. BMO Bank N.A. and its affiliates do not provide legal or tax advice to clients. You should review your particular circumstances with your independent legal and tax advisors.
Third party web sites may have privacy and security policies different from BMO. Links to other web sites do not imply the endorsement or approval of such web sites. Please review the privacy and security policies of web sites reached through links from BMO web sites.
Notice to Customers
To help the government fight the funding of terrorism and money laundering activities, federal law (USA Patriot Act (Title III of Pub. L. 107 56 (signed into law October 26, 2001)) requires all financial organizations to obtain, verify and record information that identifies each person who opens an account. When you open an account, we will ask for your name, address, date of birth and other information that will allow us to identify you. We may also ask you to provide a copy of your driver's license or other identifying documents. For each business or entity that opens an account, we will ask for your name, address and other information that will allow us to identify the entity. We may also ask you to provide a copy of your certificate of incorporation (or similar document) or other identifying documents. The information you provide in this form may be used to perform a credit check and verify your identity by using internal sources and third-party vendors. If the requested information is not provided within 30 calendar days, the account will be subject to closure.