All About the Wire Transfer Scam
If you have not heard of the Wire Transfer Scam, consider yourself lucky. In our world, we hear about these scams weekly. Unfortunately, once the scammer has succeeded, there is not much that our company can do except for work with the FBI on the investigation. While this is troubling to think about, there are many things you can do TODAY to prevent the success of this scam.
What is the Wire Transfer Scam:
At its basic level, a Wire Transfer Scammer will spoof an email from inside your organization. Generally, they will target C-Level employees or the equivalent, that are usually on the website. They use this spoofed email to contact someone else in the organization, or outside the organization, who has access to the checking account. The email will request a wire transfer of a certain amount of funds.
This scam is remarkably similar to the Gift Card Scam that originated many years ago. Instead of a wire transfer of funds, they requested online purchase of gift cards and sending the codes to them, via email.
An important thing to note, is that these scammers are real people, that have access to watch behaviors within the organization. They do this to speak the same jargon that is used within the organization. They will also correspond with you via email if you ask them a question.
Ways to Prevent:
Internal Policies –
We’d first suggest creating policies, documenting those policies, training those with access, and getting signatures confirming those with access to accounts are on the same page with how money is handled within the organization. Money requests, such as wire transfers, should have a secondary “real conversation” authentication. For instance, a phone call from the wire transferer to the person requesting the wire transfer, confirming the amount and where they money is going. We do not advise any email or faxing to be used as the secondary authentication. These are real people on the other side and they can easily complete these types of requests. Also, double check with your bank about how they handle wire transfer requests. The policy should include a secondary “real conversation” authentication so that these scammers cannot successfully complete the authentication.
Review Permissions –
Companies tend to have more people than is necessary with permissions in their accounting platform. Review who has access to see if there is a possibility to reduce these numbers. The larger the number of people with access, the larger your vulnerability. In addition, review those who have credit cards and look for how you can reduce those numbers. Speak to your credit card company about setting limits on the cards. If there is a vulnerability present, the amount at risk will be lower. All of this is really about reducing the liabilities for the scammer to use.
Phishing Training –
Phishing training platforms today are a necessity in any organization. Today, the biggest scam is this wire transfer scam. Tomorrow there will be a new one. Phishing training uses the information the end users are reporting back to create new phishing education and training to ensure that their clients are getting the most up-to-date threat training. The internet and dark web have joined hacker intelligence, and therefore we must join our intelligence to combat their attempts. Phishing training allows for that to happen.
All in all, there is no true way to fully prevent phishing emails and being a target of the wire transfer scams. However, if you implement internal policies, review permissions, and perform phishing training you can keep your company and employees the most prepared to combat these scams.
For information regarding phishing training, reach out to us today.