Guest Commentator: Ray Abbott, SVP, Head of Cash Management, WSFS Bank @WSFS

How can business owners mitigate the risk of online financial fraud during times of crisis?

As businesses continue to shift to digital payment systems for in-store and online transactions during COVID-19, fraudsters and financial institutions (FIs) are caught in a game of cat and mouse.

While a layered or multi-step approach is always key to mitigating the risks of payment fraud, and as FIs innovate to protect their customers, so too do the fraudsters, finding new mouse holes to slip through in order to steal the account information of customers and businesses.

Here are the most common online scams your workforce should be aware of:

Email, Text and Social Media Phishing

Customers are using email, text and social media direct messaging to do business now more than ever before. And that means our customers and businesses are at a higher risk for phishing scams.

According to Data Breach Digest, the companion to an annual report on data breaches by Verizon, 90 percent of data breaches are the result of a “phishing or social engineering component,” meaning email, text message and social media direct messaging.

Subject lines that read “Confidential Matter,” for example, or come from an address you do not recognize, are clear indicators of a phishing scam.

Here are two more email scams your customers and employees will likely encounter this year:

Business Email Compromise – Your boss or colleague is in a meeting but has emailed you asking if you can “help with something, quickly.” The email address is not that of the person you believe is contacting you but that individual is, in fact, in a meeting. If you were to reply, the scammer will email again asking you to select a link or provide personal information.

If you believe an employee has fallen victim to this scam, contact the IT department and ask them to make sure phishing filters are installed across the company’s network. Phishing filters can’t stop all scams but they will reduce the attempts.

The Direct Message Scam – As social networking has evolved, scammers have found a new ecosystem to exploit. In most cases, Social Media scams can be easier to detect. If someone you don’t know sends you a direct message with a link, do not select that link. Just like email phishing, avoiding toxic links that could potentially reveal personal data, or allow the scammer to access data, is key to protecting your business.

 Protecting Your Business

These are some of the more and less common online scams. But, in addition to spotting the scams, it is also important to know how best to protect against them.

First, check-in with your FI and ask for their recommendation on how to protect your accounts from payment fraud and scammers. Ask how they can provide a layered approach to mitigating the risk payment fraud and ask about Fraud Prevention Services like online authentication methods, out of band authentication and dual control. There isn’t a one-size-fits-all solution so multiple protections are always the best course.

Before an emergency occurs, have an Incident Response Plan in place so that you know who to contact immediately, including IT, legal and finance.


WSFS Bank is a member of the Chamber’s Middle Market Action Team (MMAT), a consortium of leaders driving rapid growth in companies with annual revenues between $10M & $1B through targeted programs and strategies.

Upcoming Event

[Virtual] Defending Your Data Against Cyberthreats
Wednesday, June 3, 2020 | 11:00 a.m. – 12:00 p.m. | Held via Zoom

This workshop will bring together leaders in technology and privacy law to provide insight into what your organization should do in the event of a cyberattack, how to implement effective data protection systems, and why understanding the legal implications of cybersecurity is crucial to your organization.