As the Paycheck Protection Program (PPP) rolls out its second round of funding, small business are ready—and so are hackers. That’s why Breadcrumb Cybersecurity is sounding the alarm to small businesses that might be prey for accelerated fraud activity surrounding these loans.
Unfortunately, business disruption and reduced sales weren’t the only COVID-related issues small business owners dealt with in 2020.
“We saw increased activity as threat groups leveraged the COVID-19 situation to defraud businesses from their funding, and the PPP program has created an entirely new playbook with a lucrative opportunity,” says Brian Horton, CEO of Breadcrumb Cybersecurity, which helps companies navigate a wide range of advanced cybercrime, including ransomware, financial crime, intellectual property theft, destructive attacks and employee and insider fraud.
Throughout the first round of the PPP and disbursement of Economic Injury Disaster Loans (EIDL), the Breadcrumb Incident Response team investigated numerous wire fraud scams where small businesses were victimized and had their funds stolen, resulting in a loss of millions of dollars for local organizations. Most commonly, thieves would hack into email systems to reroute ACH deposits and have the funds deposited into their own accounts.
“Threat groups are intentional and calculative regarding the timing of their strikes. They are keenly aware of when businesses are typically sending or receiving large amount of funds,” Horton said, citing one instance where COVID-19 related “work from home delays” were used as a pretext to defraud an organization out of $2 million.
Typically businesses call the Breadcrumb Incident Response team when they have already been victimized or while fraudulent activity is in process, Horton notes. “We encourage small businesses to reach out to establish a relationship now so we can jump in immediately if warranted. Emergencies can happen to anyone, and every second matters.”
Wondering how to protect yourself? Breadcrumb Cybersecurity offers the following tips for small businesses to increase their security as the second round of PPP funds begin to arrive:
- Whenever possible, enable multi-factor authentication (MFA) for e-mail and banking services. By requiring multiple forms of verification, it increases your account security as passwords can be easily comprised.
- Fraudsters are improving their techniques, but malicious emails still typically contain broken English or improper use of grammar. If anything feels out of place, call and verify with the other party before clicking on a link.
- Always call to verify any requested banking/ACH updates. Even if the email looks legitimate, it’s wise to make a proactive call, using a number you find independently, rather than the one provided in the email.
- Be wary of an unsolicited email that implies a sense of urgency or threat; i.e. “we need funds now or we will turn off your account.” This is often a red flag for malicious activity.
- Have contact information at the ready so you can reach out to a cybersecurity company in response to a potential data breach. Immediate expert assistance is available worldwide 24/7 via the Breadcrumb Cyber Emergency Hotline at (866) 486-0070 or at [email protected].