Wire Fraud

Posted by Mersad On August 28, 2022

Wire transfer fraud

is a terrible thing to have to happen. But if you're smart, it won't! There are many ways for businesses and leaders alike--too busy thinking about their day-tooth rush of existence in this fast-paced world we live in today without taking time out from work or play every once while just because life demands respect can do something as simple but impactful like investing into properly written control measures which will help them stay protected against these types criminals who want nothing more than steal money right off our shelves with no strings attached other then getting away clean.

Want to know about wire fraud and how to prevent it? Well-written controls called Written Information Security Policy, known in the industry as a “WISP” can help keep your business safe.

When the business owner or decision maker sends money to someone who claims they are from your bank, it is called wire transfer fraud. This happens; when a cybercriminal poses as another vendor and tricks you into sending them cash through an email exchange for some reason- maybe because of poor record keeping on behalf of company personnel? We must know these things happen so our staff members aren't left vulnerable during certain times in which scams tend to increase significantly such as around deadlines where there may not yet have been time put into verifying emails

A common example we've seen more than once: the CFO, the bookkeeper, or the company accountant gets an email that looks like it came from one of the company's established vendors. The email address looks real, and it asks them to change the account number information when they make their next wire transfer and payment for goods or services. This could be at the same bank or a new bank.

We've seen this scam where the scammer gives the bookkeeper the invoice number and amount due for their next wire payment. This makes the email seem even more real.

How does the scammer know all that information? They may have hacked into the company's or vendor's email system and watched the back-and-forth email traffic.

So they can use the exact invoice numbers and amounts due, which, as I said, only strengthens this scam. There are other scams, like the company president emailing the CFO to wire funds to him or her quickly so he or she can complete an M&A transaction before the deal falls through, even though the president hasn't asked for any money. There’s no deal on the table.

Unfortunately, the money was sent to a fake account and is no longer there.

What should your bank do in these kinds of situations?

Unfortunately, your bank isn't responsible for these scams because you or a member of your company gave the money willingly. Yes, it's a scam, but no one put a gun to their head and told them to give the money. They sent money to a third party without checking to see if that third party was real, so that's all on you and not your bank. Can fraudulent funds be recovered?

Most of the time, once the money is wired to the fraudulent account, the account is closed, and the money is gone for good.

So what should we do? How do you deal with this risk? Well, it's not that hard, but you do need controls. Control is a written procedure that can't be changed for any reason.

So, what do we suggest as a written control? Before exchanging or changing account numbers with any vendor, you should call that vendor or other party you're doing business with to make sure they are whom they say they are. First, ensure that the phone number is correct and belongs to the person you're doing business with. For extra safety, have someone else in your company cross-check the information and do the authentication process a second time.

Note that wire requests from foreign vendors carry higher risks than requests from domestic vendors. If someone within your company wants to send money quickly, you can control this risk by doing a few simple things. For example, you can check the sender's email address to ensure it's real.

The company's president needs money quickly. Carefully look at the email address. Hackers often copy a URL or email address by changing a letter or a number. For example, bankofamerica.com becomes bannkofamerica.com when a letter or a number is changed.

Step 2: Call the person who made the request, like the president, and doesn't send the wire until the sender's identity is confirmed by phone or in person. Check the account numbers while you're on the phone with the sender.

Hackers, con artists, and pretenders count on everyone being busy and wanting to do what an executive or company owner says. Don't fall for these tricks!

If you need to file an insurance claim, you will require written controls (WISP).

Most cyber insurance policies cover wire transfer fraud, but most policies only cover up to $250,000 for this type of fraud. As I just said, almost all insurers require a secondary authentication procedure. If you don't follow that procedure and fall victim to wire transfer fraud, your claim may be denied, so it's important to have control and always use it.

Need help implanting this type of protection for your company. Reach out to us at booking.a2zbusinessit.com. We are here to help.