Scammers are successfully targeting companies with an email scam that leads to wire transfer fraud. An increasing number of companies are falling victim to these wire transfer scams. Scams are being perpetrated through fake emails from senior executives of the company or phony vendor emails.
Understanding this email scam and educating key employees is critical.
The scam is done by "Email Spoofing" which is changing the email header to disguise the true source, making it look like the email is from someone you know.
Spoofed email to employee allegedly from CEO or CFO asking for an emergency wire transfer.
Spoofed email to employee allegedly from CEO or CFO citing a "confidential deal" and asking employee to contact an outside "attorney" for further instruction.
Spoofed email to employee (often in AP) allegedly from a vendor asking to change the vendor's address and payment information in the system.
This scam is successful because the scammers make it believable.
Scammers frequently research employees’ responsibilities so they know who to target.
For example, they may research the executive’s schedule using public information or by making inquiries of the executive’s assistant with the goal of sending the fraudulent emails when the executive is out of town and cannot be easily reached for verification.
Since many companies have stricter controls (like dual approvals) for transactions over a certain dollar amount, the scammers often send requests for lower amounts hoping the looser controls will raise their success rate. If the scammer is successful in their first request, they may continue to submit additional requests until the scam is detected.
Prevention is key, controls can help stop these scams in their tracks.
Once funds have been wired, recovering the stolen funds may be possible if the scam is detected within the first 24 to 48 hours, and often only with the help of law enforcement.
IT controls that keep the scammer out of the system.
Purchasing controls that validate changes in vendor payment information or the setup of new vendors.
Treasury controls that require multiple approvals of wire transfers.
A culture that encourages a questioning mindset is also important, especially when it comes to investigating requests from executives that are unusual or unexpected.
Encouraging (or requiring) the receiver of a wire transfer request to confirm its validity via phone (using a number they know to be valid, not one that was included in the email) can go a long way toward protecting the company’s assets.
What to do if you suspect your company has been scammed
Contact your local FBI or U.S. Secret Service office immediately to report a “business email compromise” scheme.
Also contact both your financial institution and the receiving financial institution to request that they halt or unwind the transfer.
Seek advice from counsel about any legal obligations or protections you may have related to this situation, such as potential insurance coverage for any loss.
Finally, change your controls to minimize the risk of something similar happening again, and don’t think you need to sweep it under the rug.
Making sure that employees know about the scam, how it was perpetrated, and that they can be a gateway for the scammer is important in motivating employees to remain vigilant.
Strong IT, treasury, and purchasing controls can help protect company assets along with training employees to identify spoofing, phishing, and similar techniques can protect against these schemes.
Email Examples:
