By Chad Engle, Loss Prevention Manager and Safety Specialist
Best Practices and Emerging Scams Every Public Entity Should Know
Business fraud continues to rise nationwide, and county governments are not immune. In fact, attempted ACH and wire fraud is becoming so common that even individuals are frequent targets. My own father‑in‑law has experienced multiple attempts by fraudsters to compromise his personal bank accounts, a reminder that these tactics are no longer rare, sophisticated attacks aimed only at large organizations—they are widespread, persistent, and increasingly convincing. For public entities, a single successful attempt can result in significant financial loss and time‑consuming recovery efforts, making prevention critical.
Drawing on guidance from the National Automated Clearing House Association (NACHA) and fraud prevention experts, the following best practices and scam awareness tips can help counties strengthen controls and reduce risk.
Best Practices to Prevent ACH and Wire Fraud
Always verify payment changes by phone.
Before sending funds or changing payment instructions, verbally confirm the request using a previously known and trusted phone number. Never rely solely on email or text messages, even when the request appears legitimate.
Be cautious of new or changed payment instructions.
Fraudsters frequently request that routine payments be redirected to a “new” account. Treat any change in banking information as high risk until independently verified.
Match payments to legitimate invoices.
Confirm payment requests align with approved invoices and established vendor relationships. Fraudsters routinely pose as trusted vendors.
Think before clicking links or opening attachments.
Emails may appear to come from coworkers or vendors but may contain malware or phishing links designed to steal credentials or banking information.
Closely inspect sender email addresses.
Scammers often use look‑alike email domains (for example, “.co” instead of “.com”). Small differences matter.
Never verify requests by replying to email.
If an email account has been compromised, a fraudster can respond and falsely confirm the request.
Watch for urgency and pressure.
Fraudulent requests often demand immediate action and discourage verification. Urgency is a major warning sign.
Limit exposure through strong cyber and financial controls.
- Use dual approval and multi‑factor authentication for electronic funds transfers
- Restrict financial processing to designated computers
- Apply regular security patches and updates
- Deploy enterprise‑grade antivirus and intrusion detection tools
- Limit sensitive information shared on social media and public websites
Scams Counties Should Watch For
Business Email Compromise (BEC) and Phishing
Criminals gain access to an employee’s email account and monitor activity (sometimes for lengthy periods of time) before impersonating trusted contacts to initiate fraudulent transfers.
Senior Executive Spoofing
Employees receive urgent transfer requests that appear to come from county leadership but originate from spoofed or hacked email accounts.
Overpayment Scams
Fraudsters send a payment for more than the agreed amount and request the excess be wired back. The original payment is later returned as fraudulent.
Vendor Spoofing
Scammers impersonate known vendors and request changes to banking instructions, diverting funds directly to fraudulent accounts.
Final Thought
Fraud prevention depends on clear procedures, employee awareness, and a culture that encourages verification over urgency. Real‑world experiences—both personal and professional—show that slowing down and confirming unusual requests remains one of the most effective defenses.
Source and Credit:
Adapted from “Tips for Preventing ACH and Wire Fraud,” (April 8, 2025) with permission of the author, Jan Sheridan, Vice President – Treasury Management at Union Bank & Trust (UBT).
