A business email compromise scheme targets a financial institution’s commercial customers. A fraudster may gain access to (compromise) the email account of a commercial customer’s employee and send fraudulent wire transfer instructions directly to the financial institution. Or, the fraudster may compromise or “spoof” the email of the commercial customer’s CEO, CFO or a long-time vendor and send an email to the commercial customer’s accounting personnel instructing them to institute a wire transfer to a new partner or vendor or to a new bank account for an existing partner or vendor. The email seems perfectly normal in format and the language is similar, if not identical, to previous emails of the same type. So, the financial institution sends the wire or the corporate accounting employee instructs the financial institution to send the wire. The problem is, the email came from an outsider, a fraudster.
One of my clients was recently victimized in this manner. It resulted in the organization paying nearly $600,000 of funds owed a legitimate vendor for legitimate services to a fraudulent bank account. The fraudster pretended to be the CEO of a large vendor and emailed my client’s accounts payable employee requesting a change to the vendor’s banking information. My client had no required verification procedures in place, so the change was implemented. A few days later, the legitimate vendor requested a large payment for actual services provided. My client paid the invoice, but the payment went to the fraudulent bank account. In hindsight, there were telling red flags, but unfortunately my client hadn’t trained their employees to look for them.
These types of fraud schemes, which rely on online ploys such as spear phishing, social engineering, identity theft, email spoofing and the use of malware, appear to be on the rise. The FBI indicated that this type of fraud has cost global businesses over $3 billion since 2013.
This fraud can be difficult to defend against, but financial institution personnel can help. Financial Crimes Enforcement Network (FinCEN) Advisory FIN-2016-A003 recommends to be on the lookout for:
- Emailed transaction instructions containing different vernacular or terminology, timing and amounts than previously verified and authenticated transaction instructions.
- Transaction instructions originating from an email account closely resembling a known customer’s email account. Pay attention to small variances like @abc.com versus @abc.net.
- Emailed transaction instructions direct payment to a previous beneficiary, but the account information has changed.
- Emailed transaction instructions direct the wire transfer to a foreign bank account.
- Emailed transaction instructions for significant wire amounts to beneficiaries that have not previously received a wire payment from that commercial customer.
- Emailed transaction instructions that signify the transaction is “secret,” “confidential” or “urgent.”
- Emailed transaction instructions that leave the financial institution limited time or opportunity to confirm the authenticity of the request.
If you notice potential red flags, multifaceted transaction verification processes can help. Consider verifying the authenticity of the suspicious emailed transaction payment through multiple means of communication or by contacting others authorized to conduct transactions for the commercial customer. Always rely on your existing contact information for the commercial customer. Never reply to the email address or phone number accompanying the suspicious request. It may take a little extra time to verify suspicious transactions, but it will be time well spent.