October is Cybersecurity Awareness Month

As we recognize Cybersecurity Awareness Month, Carver Bank encourages business owners to stay alert and informed.                                                                     

Financial fraud remains one of the greatest risks facing organizations today. From sophisticated phishing attempts to Business Email Compromise (BEC) schemes, cybercriminals are finding new ways to target companies of every size and industry.

The consequences can be severe - drained accounts, disrupted operations, and reputational harm that can take years to repair. Now is the perfect time to review your company’s defenses and strengthen your protection against evolving cyber threats.

Understanding Business Email Compromise (BEC)

Cybercriminals are increasingly using social engineering to deceive employees into sending payments or sharing sensitive data. These scams - collectively known as Business Email Compromise - often involve criminals impersonating vendors, customers, internal staff, or financial institutions.

Attackers exploit spoofed email domains, hijacked legitimate accounts, or weak authentication protocols to infiltrate communication channels. Once inside, they manipulate trusted conversations to redirect funds or gain access to confidential information.

Studies show that more than 65% of businesses have encountered BEC attempts in recent years.

The Growing Threat of Vendor and Supply Chain Fraud

A particularly dangerous trend within BEC is supply chain and vendor fraud  where criminals pose as legitimate suppliers and convince companies to change payment details. Because these scams depend on psychological manipulation rather than malware, they often bypass standard cybersecurity tools.

The financial impact can be staggering. In 2024, the FBI’s Internet Crime Complaint Center (IC3) recorded over $2.8 billion in BEC losses, with vendor impersonation making up nearly 45% of those cases.

One notable example: in Eagle Mountain City, Utah, a fraudulent vendor email during a road construction project led to a $1.13 million loss after scammers inserted themselves into a genuine email thread and issued fake payment instructions.

These cases highlight how easily routine business communication can be exploited - and why verification protocols are critical.

🧩 Reduce Your BEC Risk: A Practical Checklist

No organization is immune, but strong internal controls can dramatically lower your exposure. Use this checklist to evaluate your company’s cybersecurity posture:

Business Email Compromise (BEC) Risk-Reduction Checklist

  • Enable multi-factor authentication (MFA) on all business accounts

  • Implement Positive Pay for ACH and check protection

  • Adopt a Zero-Trust Security model - never trust, always verify

  • Require dual approval for all outgoing payments

  • Train staff regularly on phishing and impersonation tactics

  • Use anti-spoofing and email-filtering tools

  • Verify payment changes using a separate, trusted channel

  • Monitor email logs for unusual activity

  • Limit access to financial systems and sensitive data

  • Keep all systems patched and updated

  • Maintain a clear incident response plan

If anything feels suspicious, contact Carver Bank directly. Our fraud prevention team is ready to help verify requests and protect your accounts.

🧭 Additional Resources for Businesses

Expand your cybersecurity awareness with guidance from trusted national organizations:

Stay Vigilant. Stay Secure.

Cybercrime continues to evolve — but so can your defenses. By fostering awareness and adopting proactive measures, your business can reduce risk and maintain trust with your customers and partners.

This Cybersecurity Awareness Month, join Carver Bank in supporting the #BanksNeverAskThat campaign  and help protect both your business and your community from fraud.