Two ways criminals commit wire transfer fraud
Wire transfer scams have led to billions of dollars in losses for companies around the world. In many cases, a business’s biggest vulnerability – and its most important line of defense – is its staff. That’s because criminals often attempt to gain the trust of an employee to trick them into initiating a wire transfer to a bank account controlled by the scammer.
These payments are often irreversible and hard to trace. Once the wire is sent, there is little chance of getting the money back. Here are two common methods criminals may use to commit wire transfer fraud:
Business Email Compromise (BEC) Schemes
As the name implies, this scam relies on a criminal’s ability to take over an employee’s email account. In one scenario, the fraudster will impersonate a company’s CEO. The scammer will send an urgent email from the CEO’s account (or a lookalike account) to an employee in the finance department, telling the employee to send an immediate wire transfer and providing wiring instructions.
This sense of urgency, and the authority of the individual supposedly making the request, may cause a well-meaning employee to bypass established protocols and go ahead with the wire transfer – potentially costing the company tens of thousands of dollars in losses. Learn more about BEC schemes.
For criminals, another common plan of attack is to send a phishing email to an employee in a business’s payroll department. The fraudster may attempt to impersonate the business’s payroll system and instruct the worker to provide their login credentials to “update” it. Often, the phishing email will include a link to a phony website designed to capture this sensitive information.
The criminal’s goal is to gain access to the company’s payroll system in order to initiate wire transfers to their own bank account. Remember: Your financial institution and/or your payroll provider will never contact you by email to request or ask you to change your login credentials.
For businesses, detecting and preventing wire transfer fraud requires strong fraud-prevention protocols, clear policies and a culture that encourages communication. Empower your employees to raise concerns about suspicious payment requests and seek additional approval when needed. If it prevents a major financial loss, a slight inconvenience is a small price to pay.
If you believe your business has been the victim of wire fraud, contact the police and your bank immediately.
- Implement dual control procedures for the initiation of payments.
- Educate employees on how to identify phishing emails.
- Set up dual-factor authentication to provide an extra layer of protection for your business’s online banking.
- Review account transactions and reconcile daily.
- Verify wire transfer requests from within your company by phone or face-to-face.
- Perform annual validations with your financial institution on daily limits to make sure they are sufficient for your needs.