Risk Management · June 15, 2025

3 biggest types of fraud in business

According to the 2025 Payments Fraud and Control Survey Report conducted by the Association for Financial Professionals, or AFP, 79% of organizations were targets of either an actual or attempted fraud attack in 2024, up 15% from 2022.

The good news is that much of today's fraud is preventable. In a recent webinar, Fraud Counterattack: How to Protect Your Business from Financial Threats, leaders from First Citizens and McKinsey discussed several effective strategies you can use to safeguard your company from financial harm.

Today’s biggest fraud threats

1Check fraud: the most common type of business fraud

Despite continued warnings that checks are the most popular target for fraud, checks still play a significant role in business transactions. According to the AFP, 63% of organizations reported experiencing check fraud. But not all check fraud schemes are created equal. There are four types of check fraud to keep in mind.

Type of fraud

Definition

Counterfeit checks

A check that resembles a legal check but is a fraudulent reproduction

Altered or washed checks

A legal check that has been altered or had the ink removed to be rewritten with a different payee's name or amount

Forged maker signature

A legal check bearing a forged issuing signature on the front of the check

Forged endorsement

A legal check bearing a forged endorsement signature on the back of the check

Here's an example illustrating how fraudulent checks cause financial harm to a business:

  1. Company office manager, Samara, reviews accounts daily to identify any unauthorized activity.
  2. Samara goes on medical leave, and account reconciliation duties are neglected while she's away.
  3. Several counterfeit checks pay on the account and go undetected during this time.
  4. When Samara returns, she files a check fraud dispute for each of the counterfeit checks.
  5. The claim is denied because the checks weren't reported within 30 days of the statement date showing the first unauthorized check.

Because Samara is the single point of failure in the example above, the business suffers an unrecoverable financial loss. Streamlining and modernizing your account reconciliation process can help protect against check fraud.

2Business email compromise: the most financially damaging fraud type

According to a February 2025 global insights report from cybersecurity company Fortra, the volume of business email compromise, or BEC, scams has increased by 13% compared to January 2025. BEC scams occur when fraudulent emails arrive asking for payments that appear to be from trusted sources such as clients, vendors or creditors. This type of fraud is often more sophisticated and harder to detect because it resembles a legitimate request, potentially causing bigger financial losses per incident.

Here's an example of the steps taken by a fraudster who used BEC to convince an employee to reroute payments from a trusted business vendor to a fraudulent account.

  1. Company staff member Donovan receives an email from "Rita" who he regularly corresponds with at a local hospital. Rita asks that the hospital's payments be changed to ACH instead of checks.
  2. Donovan forwards Rita's email to his accounts payable department and asks that the hospital's payment instructions be updated to Rita's specifications.
  3. As subsequent invoices are received, payments are disbursed to a fraudulent account through ACH for several months.
  4. The hospital contacts Donovan to report non-payment.
  5. Because months passed before Donovan found the compromise, no funds were recovered from the fraudster's bank.

Unfortunately, Donovan's scenario is not uncommon due to a lack of email safety protocols at many businesses. In fact, according to the recent AFP survey, less than 60% of organizations have the written procedures needed to safeguard against BEC.

3Bank impersonator scams: the fastest growing and most deceptive scams

This example of a bank impersonator fraudulently accessing a business account to remove funds through wire illustrates how quickly and easily a modern-day bank impersonation can result in significant financial losses.

Infographic showing a bank impersonator scam case study
  1. Business owner, John, receives text from "bank" and responds no
  2. John receives call from the bank's phone number from "the bank's fraud department" offering to dispute charge
  3. John receives text during the call with a link to his "online banking login page" and enters his credentials
  4. John shares code he receives by text during call and believes a dispute has been filed for the unauthorized charge
  5. Fraudster uses John's info to log in to his online banking and initiate wires

First Citizens Bank

Why you need to protect your business from fraud

“Businesses are increasingly becoming targets of fraud over consumers because fraudsters know that businesses are where all the money is," explains Sharon Crabbe, financial crimes senior manager at First Citizens and webinar panelist.

In addition, businesses have far fewer protections against fraud than consumers. For example, under the Electronic Fund Transfer Act, or Regulation E, consumers are protected from a range of fraudulent transactions not afforded to businesses.

Type of fraud

Consumer protection window

Business protection window

Checks

30 days after date of statement showing first unauthorized check

30 days after date of statement showing first unauthorized check

Debit cards

60 days after discovery—bank gives provisional credit

No coverage

ACH debit (receiving institution)

60 days after posting

24 hours after posting

ACH debit (originating institution)

Covered by Regulation E

ACH reversal can be initiated up to five days after ACH is processed, but there's no guarantee of funds being returned

Wires

No coverage

No coverage

Other digital banking (Zelle® and bill pay)

Covered by Regulation E

No coverage

Businesses have limited fraud protection and short response windows—often as little as 24 hours—with no guaranteed recovery for unauthorized checks, ACH debits, wires or digital payments. Those realities make proactive security measures an essential part of business operations.

The bottom line

Fraudsters are embracing more creative and sophisticated approaches when targeting their victims. It's crucial to establish strong defense strategies to effectively protect your business from threats.

For help enhancing your company's fraud resiliency, explore bank-provided fraud prevention tools.

In the fight against fraud, you're not alone

Contact our dedicated team of banking experts to explore smart solutions for fraud prevention services.

Learn more about fraud prevention services

Insights
Financial insights for your business

Risk Management

How to safeguard your business from financial fraud

Protect your business from financial harm using a range of straightforward strategies shared by our panel of fraud industry veterans.
By developing and implementing a comprehensive fraud management plan, you'll have the resources needed to address financial threats as they occur.
Management

Get started on your compliance journey

A corporate compliance program is an investment in the defense of your business's future.
The best compliance policy has little value if employees aren't aware of it.
Risk Management

Bank fraud prevention tools to try

Business fraud can impact your business's finances, your reputation and customer trust.
Fraud incidents may disrupt operations, erode customer loyalty and trust and threaten revenue streams, leading to reputational damage. Implementing a proactive, multilayered fraud prevention strategy can become a competitive advantage, mitigating risk while building long-term value.

Zelle® and the Zelle® related marks are wholly owned by Early Warning Services, LLC and are used herein under license.

This material is for informational purposes only and is not intended to be an offer, specific investment strategy, recommendation or solicitation to purchase or sell any security or insurance product, and should not be construed as legal, tax or accounting advice. Please consult with your legal or tax advisor regarding the particular facts and circumstances of your situation prior to making any financial decision. While we believe that the information presented is from reliable sources, we do not represent, warrant or guarantee that it is accurate or complete.

Third parties mentioned are not affiliated with First-Citizens Bank & Trust Company.

Links to third-party websites may have a privacy policy different from First Citizens Bank and may provide less security than this website. First Citizens Bank and its affiliates are not responsible for the products, services and content on any third-party website.

First Citizens Bank is a Member FDIC and an Equal Housing Lender icon: sys-ehl.

NMLSR ID 503941