How to Protect Your Business from Cyber Fraud, Embezzlement, and Credit Card Scams

ByDavid Taylor

Lessons from Phoenix Financial Crimes Detectives — delivered at the May 2026 Biltmore Area Partnership luncheon on cyber fraud, BEC, and internal embezzlement schemes.

Event Details
📅May 28, 2026
📍Embassy Suites Biltmore · 2630 E. Camelback Rd., Phoenix
🎤Detectives Kelly McGee & Sydney Price — Phoenix Police Department, Financial Crimes Detail

Promotional graphic for the May 28 BAP luncheon on cyber fraud in business featuring the Phoenix Police Financial Crimes presentation

At a recent Biltmore Area Partnership luncheon, Detectives Kelly McGee and Sydney Price from the Phoenix Police Department’s Financial Crimes Detail delivered a clear warning: financial crime is no longer a “big company problem.”

Local businesses — hotels, property managers, contractors, retailers, and professional service firms — are now frequent targets of sophisticated fraud schemes, often resulting in six- and seven-figure losses.

What makes these crimes especially dangerous is how ordinary they look at first glance: a routine email, a familiar vendor request, or a standard payment process.

Below is a distilled, practical guide based on real Phoenix cases and the detectives’ recommendations — designed to help you reduce risk immediately.

The Million-Dollar Email Scam

One of the most damaging threats facing businesses today is Business Email Compromise (BEC).

In one Phoenix case, a company lost over $1 million through what appeared to be normal vendor communication.

The attacker:

  • Spoofed a legitimate vendor’s email by changing a single character.
  • Built trust over time with casual, conversational emails.
  • Requested an update to banking information.
  • Received three payments before the fraud was discovered.

By the time the issue surfaced, the funds had already been moved through multiple accounts and into cryptocurrency. Investigators ultimately recovered $250,000 with help from the U.S. Secret Service — but the majority of the funds were gone.

“These scams don’t rely on hacking alone — they rely on human trust and small oversights.”

Financial criminals are methodical. They:

  • Study your website and LinkedIn to identify decision-makers.
  • Impersonate vendors, executives, or partners.
  • Time their requests when teams are busy or distracted.
  • Exploit the fact that most businesses prioritize speed over verification.

⚠ Key Risk Factor
A single missed detail — like one altered character in an email address — can trigger a catastrophic loss.

Strengthening Your First Line of Defense

The most effective protections are procedural, not just technical.

Email System Protections

  • Enable multi-factor authentication across all business accounts.
  • Monitor login activity for unfamiliar devices or locations.
  • Avoid shared inboxes for financial operations.

Payment Process Controls

  • Require verbal confirmation using a known phone number for any banking changes.
  • Set a mandatory second approval threshold for large transactions.
  • Start new email threads for payment instructions instead of replying to existing ones.
  • Cross-check updated payment details against original agreements.

These steps may feel slow — but that’s the point. Fraud depends on speed.

What to Do If You’re Hit

If you suspect fraud:

  1. Contact your bank immediately to attempt a freeze or recall.
  2. Notify your IT provider to identify the source of the breach.
  3. File a report with local law enforcement as quickly as possible.
  4. Document everything — emails, timestamps, account details, and approvals.

Investigators focus on tracing funds. The stronger your documentation, the better your chances of recovery.

The Internal Threat: Embezzlement

Not all financial crime comes from outside your business. Detectives highlighted three common internal risks:

Business Credit Card Misuse

Employees using company cards for personal purchases — often undetected when the same person both spends and approves.

Prevention

  • Separate spending and approval roles.
  • Require signed usage agreements.
  • Conduct regular statement and receipt reviews.

Unauthorized Payroll Changes

Employees with payroll access quietly increasing their own compensation.

Prevention

  • Require written, signed documentation for all pay changes.
  • Periodically audit payroll against approved records.

Check Fraud

Accounting software may show a payment to a legitimate vendor, while the actual cleared check is made out to an employee.

Prevention

  • Review cleared check images directly from your bank.
  • Spot-check high-value or unusual transactions.

Credit Card Fraud and Chargebacks

Businesses accepting card-not-present payments — especially over the phone or online — face elevated risk.

Examples shared included:

  • Fraudulent hotel bookings using stolen cards or rewards points.
  • Large phone orders for materials followed by third-party pickup.

The critical issue: if you don’t follow your merchant processor’s verification requirements, you absorb the loss.

Best Practices

  • Understand your processor’s rules for phone and online transactions.
  • Flag large, rushed, or unusual orders.
  • Be cautious with third-party pickups and buyers who avoid normal verification.

“Revenue tied to fraud is not real revenue — it will be reversed.”

Crypto and Data Exposure

Modern financial crime increasingly involves cryptocurrency and compromised data. Criminals benefit from rapid, global movement of funds, varying levels of international enforcement, and massive volumes of stolen personal and business data from past breaches.

For business owners, this means:

  • Assume sensitive data is already circulating.
  • Limit access to financial and personal information internally.
  • Require unique logins and strong passwords for all employees.
  • Have a response plan in place before an incident occurs.

The Bottom Line

The message from Phoenix financial crimes detectives was direct: your time equals your money.

The businesses that avoid major losses are not necessarily more sophisticated — they are more disciplined. They:

  • Verify before they trust.
  • Require multiple approvals for financial decisions.
  • Regularly review internal activity.
  • Treat security as an operational priority, not an afterthought.

Criminals are constantly refining their methods. Your best defense is to make your systems predictable, controlled, and difficult to exploit.

Quick Action Checklist

  • Confirm banking changes by phone — not email alone.
  • Enable MFA on all business accounts.
  • Review user access permissions quarterly.
  • Document approval steps for invoices and refunds.
  • Train staff to flag urgency, impersonation, and domain lookalikes.
  • If hit: freeze accounts, change passwords, notify bank & law enforcement, file with FTC and IC3.

About This Event

The May 28, 2026 BAP Luncheon featured Detectives Kelly McGee and Sydney Price from the Phoenix Police Department’s Financial Crimes Detail on fraud prevention for local businesses.

Embassy Suites Biltmore
2630 E. Camelback Rd., Phoenix
11:30 AM · Networking
12:00 PM · Program

Register for Next Luncheon

Report Financial Fraud

Phoenix Police Department
Non-emergency: 602-262-6151

FTC: ReportFraud.ftc.gov
Federal Trade Commission

IC3: ic3.gov
FBI Internet Crime Complaint Center

Join Us Next Month

Don’t Miss the Next BAP Luncheon

The Biltmore Area Partnership hosts monthly luncheons bringing together the area’s leading professionals for timely speakers, real connections, and the kind of insight that moves business forward. Seats fill fast — secure yours for our next event.

Register for the Next Luncheon Become a BAP Member

Similar Posts