Cyberattacks on the Farm Are on the Rise: Here’s How to Protect Yourself
Pick up any business publication and you’ll likely come across an article about cybercrime and payment fraud, yet this topic is rarely front and center in agribusiness. Operators usually don’t consider procedures and practices around cash flow and fraud prevention until there’s an issue.
But cyberattacks and payment fraud are industry agnostic. According to Statistics Canada, just under one-fifth of Canadian businesses were impacted by cybersecurity incidents in 2021.1 Agribusinesses may be more susceptible than other businesses to payment fraud because fraudsters perceive them as being both lucrative targets and having less sophisticated fraud protection tools.
According to a study at the University of Guelph, suspected cyberattacks on farming networks are on the rise as they adopt more technology in their day-to-day operations.2 Think about all your farm management and financial records. They make a valuable target for fraudsters, leaving you more vulnerable to schemes such as ransomware, in which cybercriminals block access to your key systems until you pay a sum of money. Such attacks can disrupt all aspects of your production.
Given farming’s critical timelines for key seasonal activities like planning and harvesting, any disruptions to the supply chain can be significant. Furthermore, the financial and reputational risk of being a fraud victim can be expensive and damaging, so all business owners—including ag operators—should have solid fraud prevention protocols in place.
“We all rely on insurance for our businesses, homes, health, cars and equipment,” says Scott Murayama, BMO’s Senior Director and Team Lead, Treasury and Payment Solutions. “We hope insurance will cover us if something goes wrong. Fraud prevention tools and practices can prevent fraud from harming us before it goes wrong.”
In an industry where margins are razor-thin, you can’t afford to be the victim of fraud. Here are six common types of cyberattacks and the payment fraud they lead to, along with some suggested prevention tips that you can implement in your operation as part of your fraud prevention protocol.
Malware. This type of fraud infiltrates computer systems and performs unauthorized activities and transactions, such as email takeover, corporate account takeover, identity theft, data breaches and theft, and denial of service.
Fraudsters count on human behavior to execute their crimes, often by creating a false sense of urgency, such as warning that your account will be closed within 24 hours if you don’t act immediately. That appeal to immediate action should be a red flag. While email and mobile messages help keep communication flowing with vendors and others, it pays to be cautious before clicking on a hyperlink.
Prevention Tips:
-
Regularly update antivirus and antimalware software on all devices.
-
Always verify the source of fund transfer requests.
-
Ensure website links are legitimate. Hover over a link to see where it is actually linking to.
-
Be aware of any changes to financial services websites you frequently visit. Also look out for unusual experiences, including unfamiliar URLs appearing in the browser window.
Phishing. This is one of the most common ways to infect computer systems with malware or begin a ransomware attack. Typically, criminals execute phishing attacks through unsolicited emails that appear legitimate, often with real company names and logos. The email may request personal or financial information or urge you to click a link that will direct you to a fraudulent website. From there, malware can infect email accounts and corporate networks, which can lead to identity theft and corporate email takeover, as well as facilitate hacking into databases.
Prevention Tips:
-
Validate that the person sending the email is who they say they are. A small spelling error in the email address is a telltale sign that the message is fraudulent.
-
Review emails for grammar and spelling errors, which are often red flags that the email is not legitimate.
-
Hover over any hyperlinks to see where they are really sending you to, and don’t open any links that are unfamiliar or unexpected.
-
Call the vendor directly to verify they sent the email.
Email compromise. These scams are highly prevalent and are often the starting point for executing fraudulent electronic payments or wire transfers.
Prevention tips:
-
Always call a vendor at a known phone number before sending a wire or electronic payment.
-
Always call a vendor at a known number to verify a change in wire or electronic payment information before sending payment to the new account.
-
Don’t rely on a single email or text message—verify the authenticity by contacting the supplier or vendor.
Identify fraud. This uses another individual’s personal information—often obtained through malware or phishing—without authorization to commit a crime or defraud others.
Prevention Tips:
-
Don’t share sensitive information like bank account, social security and passport numbers over email or social media.
-
Monitor your accounts for fraudulent activity on a regular basis.
-
Review your credit report regularly.
-
Secure your vendor accounts with a personal passcode.
Electronic payment fraud. This occurs when someone steals another person’s payment information to make unauthorized transactions or purchases. A fraudster needs only two pieces of information to initiate an automated clearinghouse (ACH) transaction: your chequing account and bank routing numbers. Email compromise is often the starting point for electronic payment fraud.
Prevention Tips:
-
Monitor transactions carefully and often.
-
Restrict business transaction access to authorized individuals.
-
Implement dual control, which require two users to complete a transaction, reducing the risk of payment errors and fraudulent transactions.
-
Implement segregation of duties. That is, the person authorized to initiate transactions is separate from the person authorized to approve transactions.
-
Avoid paper cheques or invoices.
-
Consider using virtual, single-use credit cards.
-
When using direct-deposit payroll, require employees to provide a voided cheque for any payment changes.
-
Enroll in ACH positive pay or an ACH filter from your bank to prevent unauthorized debits from your account.
Cheque/payroll fraud. This occurs when someone attempts to gain money by unlawfully writing bad cheques, forging a cheque in another person’s name or fabricating a cheque. Farm clients typically discover this type of fraud when a cheque clears their account for an amount that is different from the one they wrote it for, usually a payroll cheque. Unfortunately, we’re also beginning to see an increase in cheque fraud where items are not altered, only the endorsement on the cheque is forged.
Prevention Tips:
-
Use electronic payment methods where possible, such as electronic funds transfer (EFT), payment card, virtual card or direct deposit payroll.
-
Enroll in your bank’s digital cheque service, which offers electronic review of all cheques issued and automated cheque processing and reconciliation to help reduce the risk of fraud.
-
Monitor transactions carefully, preferably daily. Mobile banking can make daily oversight of transactions more accessible.
-
Keep cheque stock locked in a secure location and restrict employee access.
-
Review internal cheque creation and signing processes to ensure there are always at least two employees involved in the accounts payable process.
-
Limit your cheque runs to monthly or twice a month if possible.
Fraudsters are constantly evolving and developing more sophisticated methods. The key to mitigating your risk is to remain vigilant and adopt best practices. Where possible, implement automation into your key processes. Where automation is not possible, consider implementing strong internal controls such as dual control and segregation of duties.
1 The Daily — Impact of cybercrime on Canadian businesses, 2021 (statcan.gc.ca)
Read more
Christopher Costain, P.Ag
Director, Agriculture Industry Sectors
Chris works with a team of passionate BMO professionals who serve our customers in the agriculture sector across Canada, providing financial solutions, strategies, …(..)
View Full Profile >Pick up any business publication and you’ll likely come across an article about cybercrime and payment fraud, yet this topic is rarely front and center in agribusiness. Operators usually don’t consider procedures and practices around cash flow and fraud prevention until there’s an issue.
But cyberattacks and payment fraud are industry agnostic. According to Statistics Canada, just under one-fifth of Canadian businesses were impacted by cybersecurity incidents in 2021.1 Agribusinesses may be more susceptible than other businesses to payment fraud because fraudsters perceive them as being both lucrative targets and having less sophisticated fraud protection tools.
According to a study at the University of Guelph, suspected cyberattacks on farming networks are on the rise as they adopt more technology in their day-to-day operations.2 Think about all your farm management and financial records. They make a valuable target for fraudsters, leaving you more vulnerable to schemes such as ransomware, in which cybercriminals block access to your key systems until you pay a sum of money. Such attacks can disrupt all aspects of your production.
Given farming’s critical timelines for key seasonal activities like planning and harvesting, any disruptions to the supply chain can be significant. Furthermore, the financial and reputational risk of being a fraud victim can be expensive and damaging, so all business owners—including ag operators—should have solid fraud prevention protocols in place.
“We all rely on insurance for our businesses, homes, health, cars and equipment,” says Scott Murayama, BMO’s Senior Director and Team Lead, Treasury and Payment Solutions. “We hope insurance will cover us if something goes wrong. Fraud prevention tools and practices can prevent fraud from harming us before it goes wrong.”
In an industry where margins are razor-thin, you can’t afford to be the victim of fraud. Here are six common types of cyberattacks and the payment fraud they lead to, along with some suggested prevention tips that you can implement in your operation as part of your fraud prevention protocol.
Malware. This type of fraud infiltrates computer systems and performs unauthorized activities and transactions, such as email takeover, corporate account takeover, identity theft, data breaches and theft, and denial of service.
Fraudsters count on human behavior to execute their crimes, often by creating a false sense of urgency, such as warning that your account will be closed within 24 hours if you don’t act immediately. That appeal to immediate action should be a red flag. While email and mobile messages help keep communication flowing with vendors and others, it pays to be cautious before clicking on a hyperlink.
Prevention Tips:
-
Regularly update antivirus and antimalware software on all devices.
-
Always verify the source of fund transfer requests.
-
Ensure website links are legitimate. Hover over a link to see where it is actually linking to.
-
Be aware of any changes to financial services websites you frequently visit. Also look out for unusual experiences, including unfamiliar URLs appearing in the browser window.
Phishing. This is one of the most common ways to infect computer systems with malware or begin a ransomware attack. Typically, criminals execute phishing attacks through unsolicited emails that appear legitimate, often with real company names and logos. The email may request personal or financial information or urge you to click a link that will direct you to a fraudulent website. From there, malware can infect email accounts and corporate networks, which can lead to identity theft and corporate email takeover, as well as facilitate hacking into databases.
Prevention Tips:
-
Validate that the person sending the email is who they say they are. A small spelling error in the email address is a telltale sign that the message is fraudulent.
-
Review emails for grammar and spelling errors, which are often red flags that the email is not legitimate.
-
Hover over any hyperlinks to see where they are really sending you to, and don’t open any links that are unfamiliar or unexpected.
-
Call the vendor directly to verify they sent the email.
Email compromise. These scams are highly prevalent and are often the starting point for executing fraudulent electronic payments or wire transfers.
Prevention tips:
-
Always call a vendor at a known phone number before sending a wire or electronic payment.
-
Always call a vendor at a known number to verify a change in wire or electronic payment information before sending payment to the new account.
-
Don’t rely on a single email or text message—verify the authenticity by contacting the supplier or vendor.
Identify fraud. This uses another individual’s personal information—often obtained through malware or phishing—without authorization to commit a crime or defraud others.
Prevention Tips:
-
Don’t share sensitive information like bank account, social security and passport numbers over email or social media.
-
Monitor your accounts for fraudulent activity on a regular basis.
-
Review your credit report regularly.
-
Secure your vendor accounts with a personal passcode.
Electronic payment fraud. This occurs when someone steals another person’s payment information to make unauthorized transactions or purchases. A fraudster needs only two pieces of information to initiate an automated clearinghouse (ACH) transaction: your chequing account and bank routing numbers. Email compromise is often the starting point for electronic payment fraud.
Prevention Tips:
-
Monitor transactions carefully and often.
-
Restrict business transaction access to authorized individuals.
-
Implement dual control, which require two users to complete a transaction, reducing the risk of payment errors and fraudulent transactions.
-
Implement segregation of duties. That is, the person authorized to initiate transactions is separate from the person authorized to approve transactions.
-
Avoid paper cheques or invoices.
-
Consider using virtual, single-use credit cards.
-
When using direct-deposit payroll, require employees to provide a voided cheque for any payment changes.
-
Enroll in ACH positive pay or an ACH filter from your bank to prevent unauthorized debits from your account.
Cheque/payroll fraud. This occurs when someone attempts to gain money by unlawfully writing bad cheques, forging a cheque in another person’s name or fabricating a cheque. Farm clients typically discover this type of fraud when a cheque clears their account for an amount that is different from the one they wrote it for, usually a payroll cheque. Unfortunately, we’re also beginning to see an increase in cheque fraud where items are not altered, only the endorsement on the cheque is forged.
Prevention Tips:
-
Use electronic payment methods where possible, such as electronic funds transfer (EFT), payment card, virtual card or direct deposit payroll.
-
Enroll in your bank’s digital cheque service, which offers electronic review of all cheques issued and automated cheque processing and reconciliation to help reduce the risk of fraud.
-
Monitor transactions carefully, preferably daily. Mobile banking can make daily oversight of transactions more accessible.
-
Keep cheque stock locked in a secure location and restrict employee access.
-
Review internal cheque creation and signing processes to ensure there are always at least two employees involved in the accounts payable process.
-
Limit your cheque runs to monthly or twice a month if possible.
Fraudsters are constantly evolving and developing more sophisticated methods. The key to mitigating your risk is to remain vigilant and adopt best practices. Where possible, implement automation into your key processes. Where automation is not possible, consider implementing strong internal controls such as dual control and segregation of duties.
1 The Daily — Impact of cybercrime on Canadian businesses, 2021 (statcan.gc.ca)
What to Read Next.
AI Insights: Opportunities and Risks
Devon Dayton | February 23, 2024 Technology Banking
We all work in a dynamic environment. What remains constant in business are the changes we have to navigate, particularly when it comes to adapting t…
Continue Reading>
Tell us three simple things to
customize your experience
