3 biggest types of fraud in business
According to the 2025 Payments Fraud and Control Survey Report conducted by the Association for Financial Professionals, or AFP, 79% of organizations were targets of either an actual or attempted fraud attack in 2024, up 15% from 2022.

The good news is that much of today's fraud is preventable. In a recent webinar, Fraud Counterattack: How to Protect Your Business from Financial Threats, leaders from First Citizens and McKinsey discussed several effective strategies you can use to safeguard your company from financial harm.
Today’s biggest fraud threats
1Check fraud: the most common type of business fraud
Despite continued warnings that checks are the most popular target for fraud, checks still play a significant role in business transactions. According to the AFP, 63% of organizations reported experiencing check fraud. But not all check fraud schemes are created equal. There are four types of check fraud to keep in mind.
Type of fraud |
Definition |
---|---|
Counterfeit checks |
A check that resembles a legal check but is a fraudulent reproduction |
Altered or washed checks |
A legal check that has been altered or had the ink removed to be rewritten with a different payee's name or amount |
Forged maker signature |
A legal check bearing a forged issuing signature on the front of the check |
Forged endorsement |
A legal check bearing a forged endorsement signature on the back of the check |
Here's an example illustrating how fraudulent checks cause financial harm to a business:
- Company office manager, Samara, reviews accounts daily to identify any unauthorized activity.
- Samara goes on medical leave, and account reconciliation duties are neglected while she's away.
- Several counterfeit checks pay on the account and go undetected during this time.
- When Samara returns, she files a check fraud dispute for each of the counterfeit checks.
- The claim is denied because the checks weren't reported within 30 days of the statement date showing the first unauthorized check.
Because Samara is the single point of failure in the example above, the business suffers an unrecoverable financial loss. Streamlining and modernizing your account reconciliation process can help protect against check fraud.
2Business email compromise: the most financially damaging fraud type
According to a February 2025 global insights report from cybersecurity company Fortra, the volume of business email compromise, or BEC, scams has increased by 13% compared to January 2025. BEC scams occur when fraudulent emails arrive asking for payments that appear to be from trusted sources such as clients, vendors or creditors. This type of fraud is often more sophisticated and harder to detect because it resembles a legitimate request, potentially causing bigger financial losses per incident.
Here's an example of the steps taken by a fraudster who used BEC to convince an employee to reroute payments from a trusted business vendor to a fraudulent account.
- Company staff member Donovan receives an email from "Rita" who he regularly corresponds with at a local hospital. Rita asks that the hospital's payments be changed to ACH instead of checks.
- Donovan forwards Rita's email to his accounts payable department and asks that the hospital's payment instructions be updated to Rita's specifications.
- As subsequent invoices are received, payments are disbursed to a fraudulent account through ACH for several months.
- The hospital contacts Donovan to report non-payment.
- Because months passed before Donovan found the compromise, no funds were recovered from the fraudster's bank.
Unfortunately, Donovan's scenario is not uncommon due to a lack of email safety protocols at many businesses. In fact, according to the recent AFP survey, less than 60% of organizations have the written procedures needed to safeguard against BEC.
3Bank impersonator scams: the fastest growing and most deceptive scams
This example of a bank impersonator fraudulently accessing a business account to remove funds through wire illustrates how quickly and easily a modern-day bank impersonation can result in significant financial losses.

Why you need to protect your business from fraud
“Businesses are increasingly becoming targets of fraud over consumers because fraudsters know that businesses are where all the money is," explains Sharon Crabbe, financial crimes senior manager at First Citizens and webinar panelist.
In addition, businesses have far fewer protections against fraud than consumers. For example, under the Electronic Fund Transfer Act, or Regulation E, consumers are protected from a range of fraudulent transactions not afforded to businesses.
Type of fraud |
Consumer protection window |
Business protection window |
---|---|---|
Checks |
30 days after date of statement showing first unauthorized check |
30 days after date of statement showing first unauthorized check |
Debit cards |
60 days after discovery—bank gives provisional credit |
No coverage |
ACH debit (receiving institution) |
60 days after posting |
24 hours after posting |
ACH debit (originating institution) |
Covered by Regulation E |
ACH reversal can be initiated up to five days after ACH is processed, but there's no guarantee of funds being returned |
Wires |
No coverage |
No coverage |
Other digital banking (Zelle® and bill pay) |
Covered by Regulation E |
No coverage |
Businesses have limited fraud protection and short response windows—often as little as 24 hours—with no guaranteed recovery for unauthorized checks, ACH debits, wires or digital payments. Those realities make proactive security measures an essential part of business operations.
The bottom line
Fraudsters are embracing more creative and sophisticated approaches when targeting their victims. It's crucial to establish strong defense strategies to effectively protect your business from threats.
For help enhancing your company's fraud resiliency, explore bank-provided fraud prevention tools.
In the fight against fraud, you're not alone
Contact our dedicated team of banking experts to explore smart solutions for fraud prevention services.