In our fast-paced, interconnected business world, the ability to quickly, easily and safely wire money is essential. Companies rely on wire transfers to complete transactions and keep supply chains moving. But with this convenience comes risks.
There are dangers in wiring money, and criminals are becoming more sophisticated in exploiting lapses and vulnerabilities in companies’ wire transfer policies and procedures - or exploiting the fact that no policies, procedures or safeguards exist in the first place.
Because of the speed with which funds exchange hands, wire transfer fraud is an increasingly popular tactic of cyber criminals. By the time that a company realizes that it has fallen victim to a scam, the money has been moved and the criminals - who are often overseas - are long gone.
Wire transfer fraud is a problem for companies of all sizes. In 2015, Ubiquiti Networks disclosed that it had fallen victim to a scheme commonly called “CEO Fraud,” in which a perpetrator creates a fake email mimicking that of a senior executive within the company, and sends an email to an employee requesting that a wire transfer be initiated to a bank account controlled by the perpetrator. This scam - which is frequently used by cyber criminals - resulted in an almost $47 million loss for Ubiquiti.
The Federal Bureau of Investigation warned that such attacks are on the rise. According to the FBI’s data, victims in the U.S. and abroad totaled 2,126 between Oct. 2013 and Dec. 2014, resulting in a combined loss of $215 million.
Companies that use wire transfers need to be aware of “CEO Fraud” and other old-fashioned “phishing” attacks used by scammers that rely on social-engineering through impersonation of a company’s employees or suppliers. Other attacks are more technologically sophisticated, using things like malware to gain access to a company’s accounts. Every company is at risk of these types of attacks, but those without policies and procedures in place to identify and ward them off are at greatest risk of falling victim to them.
Ways to Safeguard Against Wire Transfer Attacks
By implementing a wire transfer policy and focusing on internal communication and education, organizations can dramatically reduce the likelihood of falling victim to a wire transfer attack.
The first step in stopping wire transfer fraud is to increase organizational awareness - especially among those who authorize wire transfers - about the existence and type of attacks they should be on the lookout for. In particular, everyone involved in a company’s wire transfer procedures should be educated about: (i) the potential dangers stemming from a communication from any source that directs payment to a bank account that has not been used to receive legitimate transfers in the past, and (ii) the fact that fraudsters commonly attempt to communicate using email addresses that are deceptively similar to those used by the company or its suppliers.
In addition to education, it’s important to have policies in place to detect and stop fraud. We can help implement policies and safeguards that require employees to, among other things:
- Confirm and validate payment instructions received via email.
- Use a two-method verification for all funds transfers by requiring an employee to speak directly - via phone or in person - with an individual requesting a funds transfer via email.
- Carefully review all payments before they are sent and ensure all correspondence is validated and documented in a unified way across the business.
- Establish a two-part authorization process with banking partners, where a high-ranking executive (CFO, for example) within the company must be contacted to authorize transfers over a threshold dollar amount.
Finally, companies should implement technology solutions to scan for and identify suspicious emails that may be part of a phishing or malware attack.
If a company believes that it has been the subject of a wire transfer attack, it should contact us immediately.
These types of scams can affect any company. While there is little that can be done to stop an attempted attack, thorough training, education and the implementation of policies and procedures can help prevent an attempted attack from becoming a successful one.