Most of us are aware of phishing emails. It is a scam that uses emails made to look like they are being sent by trusted individuals or companies in order to trick recipients into clicking links or opening attachments. Criminals are now taking this approach a step further with potential for severe financial consequences to businesses.
Have you ever received payment instructions from a boss or vendor via email? Then you are at risk for the latest fraud scheme. Fraudsters have been very successful in impersonating superiors, peers, and vendors in an effort to get businesses to send them fraudulent wire and ACH transfers. They have stolen hundreds of thousands of dollars at a time. The bad guys either compromise known parties’ emails or create similar looking emails (e.g. email@example.com vs. firstname.lastname@example.org).
Email compromise or masquerade fraud usually can involve the impersonation or the takeover of a legitimate email addresses too, as very sophisticated criminals will target a corporate executive and try to take over their email.
The bad guys will request payments be made or give new account numbers for future payments. The email requests may look like regular correspondence between you and another party or even be inserted into an on-going conversation. The email requests will often have a sense of urgency, playing on your desire to help your boss or long-time trading partner.
To protect your company’s money please do the following:
- „ Always verify requests for wire or ACH transfers received via email. Perform call backs to other parties on known numbers to validate all requests received via email.
- „ Match up requests with known invoices.
- „ Use dual approval for payments.
- „ Don’t be afraid to question. A one minute phone call is all it takes to protect your company’s money.
Fraudsters are relying on social engineering, because they know that a person at a company is usually going to open an email that came from an executive or senior manager. They will probably click on any links or open any attachments that are in that email.
Fraudsters also target other people at a company to try and gain information directly from the messages. There may be sensitive or confidential business information going out by that company so tapping into that information is a treasure trove for criminals.
Employees can now get exploited by emails that appear to come from their trading partners due to this tapping into this sensitive or confidential business information. Criminals are able to determine with whom your company does business. Employees are going to trust emails from those valued businesses and make sure that no invoices are missed.
Overall, criminals have found it is much easier to exploit trusted relationships than trying to hack their way into a company. Exploiting that trusted relationship whether it is a senior manager, executive or trusted trading partner is always easier by pretending that they are somebody that you trust.
Share this information with anyone in your organization that has access to make wire or ACH transfers. As your employees open email messages in their inbox, beware of fraud attempts!
Direct: (703) 549-1170 JFerrara@bbandt.com