Every day, criminals use deception and manipulation to lure employees into providing confidential information so that they can conduct a wire transfer scam. They often pretend to have authority to request a payment to a senior-level executive or to an outside vendor. Examples of wire transfer frauds include counterfeit check scams, online purchase scams, fake vendor invoice and real estate rental scams, to name a few.
One major fraud attempt that employees must be trained for is “social engineering.” This type of attack often involves tricking people into breaking normal security procedures by using a sudden sense of urgency. They might, for example, call the authorized employee with some kind of urgent problem that requires immediate network access. To prevent this from happening, employees must remember to never feel rushed to give out confidential information. Many scam artists will rush the process so that they can get what they need quickly without any background check.
A second type of scam is “spear phishing.” This is an email spoofing fraud attempt that targets a specific person or organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by random scammers, but are more likely to be conducted by perpetrators looking for financial gain. In these cases, the suspect will target a business using what appears to be an email address that the victim would recognize. They will then ask for a PIN number, bank account number or for money to be sent directly to them. To avoid this kind of scam, it is best to ask for as many forms of identification as possible before handing over confidential information.
Last year alone, 62 percent of organizations in the U.S. were exposed to actual or attempted payments fraud, according to a report from the Association for Financial Professionals. So, any business owner must wonder, is my company ready for a wire transfer scam? To prepare your company, your employees must take these five precautions:
1. Install proper technology: Implement robust information security programs and security awareness programs to aid in the education of all employees for the protection of a variety of information types.
2. Ensure your accounts payable function is well controlled: Require two or even three approvals before a wire transfer can be initiated.
3. Don’t be too public: Be careful about what is posted to social media and company websites, especially job duties/descriptions, hierarchical information and out-of-office details.
4. Educate your employees: Communicate warning signs of wire transfer scams to your employees. Do this by posting them on flyers around the office or on the company’s intranet page.
5. Implement new procedures: All employees should confirm wire transfer requests by phone using the executive’s phone number in the corporate directory rather than one from the signature in a suspicious email. Scammers may include phone numbers in a signature and will staff that phone number in hopes that an employee will call to confirm the request by phone.
When it comes to your employees’ cyber protection, it’s always better to be safe than sorry. For more tips on what steps your company should take to prevent and protect against a cyber attack, check out this post,which details what to do right after a website hack.
Kristen Peed is Director of Corporate Risk Management at CBIZ. Kristen can be reached at firstname.lastname@example.org.