Whenever you access the Internet through a PC or a mobile device, you run the risk of exposing yourself and your company’s systems to online scams or unauthorized app downloads. You may be unaware information has been stolen until the money is gone from your account.
Online fraud schemes attempt to obtain confidential information—including passwords, personal ID numbers, and token codes—and use it to access your accounts, transfer money, or commit other fraudulent acts. The primary methods of online fraud are social engineering, malware, and a combination of both.
Social engineering is an attempt to manipulate you into performing actions or divulging confidential information by impersonating a trustworthy entity in electronic communications. These communications can be sent by email (phishing) or text message (smishing).
Malware is malicious software installed on your computer without your consent. Once there, it can record keystrokes, re-direct your browser, or display fake websites, all in an effort to impersonate your business in online banking transactions. Your computer can become infected with malware through documents attached to emails, links contained in emails, infected search engine results, or by clicking on links, videos, and documents on legitimate websites, particularly social networking sites.
How you can help protect your company
Implement dual custody
Use dual custody (PDF*) for online payment and self-administration services. Dual custody, an industry best practice, requires a second level of approval to release online payment transactions and make self-administration user changes.
Update antivirus programs
Ensure that your company’s firewalls, servers, and client applications or systems are updated with all vendor-recommended patches and that your company’s antivirus and antispyware software are installed and updated regularly.
Use caution if you receive an email or text message expressing an urgent need for you to update your information, activate an account, or verify your identity by calling a phone number or submitting information on a website. Also practice caution with e-mail attachments and downloadable files.
Educate your employees
Educate your employees about online fraud and train them never to give out their online banking access credentials, including passwords, PINs, token codes, and token serial numbers.
Use stand-alone PCs for online banking
To initiate money movement transactions, use stand-alone PCs that are not enabled for email or web browsing.
Use trusted websites
Always access the Commercial Electronic Office® (CEO®) portal through our trusted wellsfargo.com web address and the CEO Mobile® service through our mobile apps.
Protect your network
Identify trusted websites for your business and block access to any web address that is not relevant to your employees’ business needs.
Monitor online accounts daily
Actively monitor your online accounts to detect suspicious activities. Contact your customer service group immediately if you notice anything out of the ordinary.
Use notification/alert services
Sign-up for the CEO Event Messaging service to receive text or e-mail notifications alerting you of electronic debits from your accounts.
We can help
Talk to your relationship manager or contact us to implement dual custody on your Wells Fargo business accounts or to learn about other tools and services to help build a strong fraud protection program to help your company avoid falling victim to online fraud.
* You need Adobe® Reader® to read PDF files. Download Adobe Reader for free.
Regulation E - This Regulation outlines the rules and procedures for electronic funds transfers (EFTs) for consumers. Please note: The protections and deadlines included in Regulation E do not apply to business accounts. It only establishes rights, liabilities, and responsibilities for consumers transacting business on consumer accounts.
Tip: Make sure to review your accounts regularly and frequently to minimize the risk of fraud.
Wells Fargo Bank, N.A. Member FDIC