April is Fraud Prevention Month. This is a good time to remind everyone of check washing and payment redirection schemes and that we must remain vigilant now and during the summer vacation and holiday season to reduce the risk of being a fraud victim.
Check washing is an old but effective way to steal public funds. Thieves get possession of a paper check, typically through the mail, then use chemicals to “wash” the payee name off the check and make themselves the payee. Then, cash or deposit the check to steal the County’s money. The American Banker’s Association Foundation has recommended measures to combat check washing.
Similarly, payment fraud by phishing and/or business email compromise (BEC) is on the rise. This is where the objective of “re-directing” money to a bad actor, a cybercriminal pretending to be a vendor or employee of the government and then re-directing funds into fraudulent accounts. In these BEC/”re-direct” schemes the cybercriminal impersonates a trusted vendor, business partner or employee in an email and requests a change to the bank account, investment account, or a transfer of funds to a specified bank account unaffiliated with the legitimate business.
Always, independently verify payment redirection requests.
The Ohio Auditor of State's Bulletin 2024-003 includes a host of preventative measures, and the Auditor has produced a payment security checklist that it encourages public offices to follow.
CORSA, like the Auditor of State, strongly encourages members consider enrollment in the anti-fraud services Positive Pay and ACH Positive Pay.