How Fraud is Occurring
Scammers may use a fraudulent email address with slight variations that are nearly undetectable to gain confidential information that gives them access to company calendars, accounts, and employee information. By gaining access and learning company details, the scammers can interfere at the most opportune time and attempt to divert funds into their account. Oftentimes, this fraudulent activity isn’t discovered until days or months later and the transactions cannot be reversed.
- A scammer may impersonate an employee or vendor and call, send an invoice or use a fraudulent email address.
- Requests appear legitimate asking to change an account, payment method or requesting payment of a recent purchase or service.
- There is often a sense of urgency to the request.
Pause, Verify, Protect. Many fraudulent requests have a sense of urgency resulting in businesses making a quick reaction and falling victim to ACH and wire fraud. These scams may result in significant losses for you and your business if not prevented or reported promptly.
- Be alert and use verified contact information of a known contact to verbally confirm such requests before proceeding.
- Avoid using the contact information in the email as it could be for the potential fraudster.
- Don’t click, open, or download email content from an unknown source.
- Set up multi-factor authentication on accounts when available.
- Share these tips with every employee.
Real Life Examples
Human Resources receives an email from what appears to be an employee requesting bank account changes to their direct deposit. Human Resources updates employee’s direct deposit with new account information. Two weeks later, the employee reports they didn’t receive their direct deposit and fraudulent activity is discovered. The receiving bank is notified of business email compromise and ACH fraud, however the fraudulent account is closed, and your company has suffered a loss.
Accounting receives an email from what appears to be the CEO of the company requesting to wire funds to a well-known vendor as soon as possible since they are on vacation. Accounting personnel follow through with wire instructions and transfer the funds. 30 days later, accounting is notified of a past due invoice and the vendor claims they never received payment. Sending and receiving financial institutions are notified of business email compromise and wire fraud, however the funds are no longer available as the receiving person wired them overseas, thus creating a loss for the business.
Check out this article to see how a local school fell victim to business email compromise and wire fraud.