Some fraud cases feel high-tech. Fake emails. Spoofed websites. AI voices. Cryptocurrency wallets.
And then there are the old-school ones.
A business writes a check. The check goes into the outgoing mailbox. Someone steals it, creates a fake company with a name that looks almost exactly like the real vendor, deposits the check, and drains the money.
That is not a movie plot. That is a real fraud case out of Florida.
According to federal prosecutors, an Ocala man was sentenced to more than six years in prison for a bank fraud scheme involving stolen business checks. The fraudsters allegedly took checks from outgoing mailboxes, created fake businesses with names nearly identical to the intended recipients, opened bank accounts under those fake names, deposited the stolen checks, then pulled the money out through ATM withdrawals.
The total face value of the stolen checks was more than $860,000.
Let that sink in for a second.
This was not some complicated corporate accounting scheme buried deep in financial statements. This started with checks sitting in mailboxes.
And that is exactly why small businesses need to pay attention.
The Fraud Was Simple. That Is What Makes It Dangerous.
Small business owners love to think, “That would never happen to us.”
But why not?
Do you mail checks?
Do you leave outgoing mail in an unlocked mailbox?
Do you assume that once a check is mailed, the process is done?
Do you reconcile your bank account once a month and hope nothing looks weird?
That is where fraud gets room to breathe.
In this case, the scheme worked because the fraudsters did not need to hack the business. They did not need passwords. They did not need access to accounting software. They needed one weak spot in the payment process.
The mailbox.
Once they had the check, they created fake businesses with names close enough to the real payees that the bank deposits could slip through. That is a big red flag for banks, yes, but small businesses cannot build their fraud prevention plan around hoping someone else catches the problem.
Hope is not an internal control.
Why Small Businesses Are Especially Vulnerable
Big companies usually have layers. Separate people approve bills, print checks, mail payments, reconcile bank accounts, and review exceptions.
Small businesses? Not always.
In a lot of small businesses, the same person may enter the bill, print the check, get the signature, drop it in the mail, and reconcile the bank account later.
That may feel efficient, but it also creates blind spots.
Fraud prevention is not about assuming your team is dishonest. It is about building a process that does not fall apart when a criminal finds one loose thread.
And yes, even a mailbox can be that loose thread.
What Small Businesses Should Do Right Now
1. Stop leaving outgoing checks in an unsecured mailbox
This is the first clue in the case file.
If your business still mails checks, do not leave them in an unlocked outgoing mailbox, outside drop box, or office lobby mail tray where anyone can grab them.
Use secure mail options. Take checks directly to the post office. Use locked collection points. Better yet, reduce how many checks you mail in the first place.
It may feel like a small inconvenience, but compare that to chasing down a stolen check, filing fraud claims, calling vendors, freezing accounts, and wondering how much money is really gone.
That is not an errand. That is a business interruption.
2. Use positive pay with your bank
Positive pay is one of the best tools small businesses ignore.
Here is how it works in plain English: when you issue checks, you send your bank a list of approved check numbers, payees, and dollar amounts. If someone tries to deposit or cash a check that does not match, the bank flags it before the money leaves your account.
Think of it like a bouncer at the door.
If the check is not on the list, it does not get in without review.
Many banks offer positive pay, but business owners often do not ask for it because they assume fraud tools are only for large companies. Wrong. If you write checks, you need to ask your bank about it.
3. Reconcile more often than once a month
Monthly reconciliations are better than nothing, but fraud moves faster than that.
If a stolen check clears your account, waiting until month-end gives the fraudster a head start. By then, the money may already be withdrawn, transferred, or gone.
Small businesses should review bank activity at least weekly. High-risk accounts should be reviewed daily.
This does not mean you need to spend hours staring at transactions. It means someone should be looking for unusual checks, duplicate payments, unfamiliar payees, unexpected withdrawals, and checks clearing out of sequence.
You cannot catch what nobody is looking at.
4. Separate payment duties wherever possible
One person should not control the entire payment process from start to finish.
At minimum, separate these steps:
Bill entry
Payment approval
Check signing or payment release
Bank reconciliation
Vendor setup or vendor changes
If your business is too small for perfect separation, add owner review. The point is not perfection. The point is friction.
Fraud loves a smooth road. Controls add speed bumps.
5. Review vendor names carefully
This case involved fake businesses with names that were nearly identical to the real payees.
That is a big lesson.
A fraudster does not always need to create a completely fake vendor. Sometimes they create a name that is just close enough to pass a quick glance.
For example:
ABC Construction LLC
ABC Construction Services LLC
Smith Legal Support
Smith Legal Support Group
Premier Office Supply
Premier Office Supplies Inc.
Would your payment process catch that?
Before issuing payments, review vendor names against approved records. Be especially careful with first-time vendors, large payments, and any payee name that looks slightly different from what you expected.
“Close enough” is not good enough when money is leaving the business.
6. Move recurring vendors to safer electronic payment methods
Checks are familiar, but familiar does not mean safe.
For recurring vendors, consider ACH, bank bill pay, or other controlled electronic payment methods with approval workflows. But do not trade one risk for another. Electronic payments need controls too.
That means verified vendor banking information, dual approval for changes, and callback procedures before updating payment details.
The goal is not just “go digital.” The goal is “make payments harder to hijack.”
7. Create a vendor payment change policy
Every small business needs a rule for payment changes.
Here is a simple one:
No vendor banking information, mailing address, or payee name gets changed unless it is verified through a known phone number already on file.
Not the phone number in the email. Not the phone number on the new invoice. Not the phone number in the suspicious attachment.
Use the contact information you already know is legitimate.
This one step can stop a lot of fraud.
8. Watch for checks that clear but vendors still say they were not paid
This is one of the biggest clues.
If a vendor says, “We never received your payment,” do not assume they misplaced it.
Pull the cleared check image from the bank. Review the endorsement. Confirm the payee. Look for anything that seems off.
A cleared check does not automatically mean the right person got paid. It only means the money left your account.
That distinction matters.
The Real Lesson: Fraud Prevention Lives in the Boring Places
Fraud does not always start with a dramatic breach.
Sometimes it starts with a mailbox.
A check.
A vendor name that looks almost right.
A bank account nobody reviewed until three weeks later.
That is why small businesses need simple, repeatable controls. Not complicated systems. Not fear-based panic. Just practical habits that make fraud harder to pull off.
Because here is the truth: criminals are looking for easy money. If your business has no review process, no positive pay, no vendor verification, and no timely bank review, you are making their job easier.
And no business owner wants to fund someone else’s fraud scheme.
Case Closed: Your Next Step
This week, look at how your business pays bills.
Ask yourself:
Are we still mailing checks?
Who has access to outgoing mail?
Do we use positive pay?
How often are bank accounts reviewed?
Who can change vendor information?
Would we catch a fake vendor name that looks almost right?
You do not need a massive fraud department to protect your business. You need clear steps, consistent review, and a healthy suspicion when money moves.
Fraud prevention is not about being paranoid.
It is about paying attention before the money walks out the door.