Solution to Funds Transfer Scams
When email is used to request funds transfer by wire, your organization must:
1) require a live phone conversation between the person receiving an email to initiate the wire (e.g. CFO, Controller, etc) and the person the email is (allegedly) coming from (person requesting the wire)
2) require documentation showing a business expense (invoice) that makes sense for that organizaiton, with a second approval of the documentation before wiring funds
3) consider having the bank call someone else in the company besides the wire initiator – even for relatively small dollar amounts ($2,000; $5,000 etc)
Haven’t these types of controls been in place a long time? Well, yes. They were in place when I was an accounting professional at a public company in the infancy of email.
The difference is that hackers are much more sophisticated. Here’s how they’ve changed and why you this is an important area of control you must revisit.
In the early days of scams, you could spot hackers in the first five words of the email. Everyone has seen this email: “I’m your aunt’s cousin from Nigeria. Kindly send us your bank info so that we can deposit your inheritance.” Or, “Hi, I’ve lost my passport and wallet…..” Those you hit duh-lete right away.
Today these frauds are much more sophisticated yet we consider ourselves immune to these threats. We’re too smart for this to happen to us…right?
Someone in my network recently described how it happened at his company:
- The company email was hacked
- Once the email was hacked, the fraudster had access to the email of the person who would likely be in charge of sending wires and information (CEO or other executive)
- Fraudster can determine through emails, etc. when the CEO/executive is not in the office that day so not as easily reached — i.e. holiday vacations
The fraudster sends an email from the CEO or executive’s actual email to someone in accounting that looks legit. Viola, the person authorized to wire funds does so.
A simple phone call to the person sending the wire transfer would have prevented this fraud. Don’t forget your friend the phone and good old live conversation in today’s world of 10,000 texts; 10,000 email; and declining phone and personal interaction.