There has been an increase in scams involving fake emails and wire transfers. Companies of all sizes have been affected, and these scams have cost victims more than $1 billion in the last few years.
Understanding emails scams and educating yourself and your employees is critical.
Many of these scams are perpetrated with spoofed emails. A spoofed email is one where the criminals change the email header to make the email look like it is from someone you know. The most common methods are:
- Spoofed email to employee allegedly from CEO asking for an emergency wire transfer
- Spoofed email to employee allegedly from CEO citing a "confidential deal" and instructing employee to contact an outside attorney for further instruction
- Spoofed email to employee allegedly from a vendor asking to change the vendor's address and payment information in the system
Other versions of this scan may use malware emailed to an employee, though this method is less common. Whatever the method, employees who have access to request or approve wire transfers need to be alert.
Why has this scam been so successful?
The criminals perpetrating these frauds do their research. They know which employees have banking responsibilities so they can target them, and will gather other information to make the wire transfer request as believable as possible. They may research the business owners schedule using public information, or try to schedule fake appointments with an assistant to figure out when they will be out of town.
Prevention is the key!
Once money has been wired, recovering stolen funds may be impossible. Controls for sending money are the best way to stop the scams:
- Do not accept email instructions from vendors with new or changing payment information
- Require multiple approvals for wire transfers
- Confirm the validity of wire transfer requests with phone calls
- Encourage your employees to have suspicious mindsets about emails they receive especially when the request involves money
If you suspect you have been targeted in an email scam, call the bank immediately.