You probably received over the past few years an email claiming you’d won the Nigerian lottery or perhaps one from some unknown person who miraculously chose you to receive their fortune of millions of dollars because you are a good person. The emails typically have tons of misspellings, bad grammar, and always requested your bank account information so funds could be wired to you. Because there is such awareness, these types of emails are slowly fading away. Hackers are savvy and adapt quickly. A new, rapidly growing and sophisticated threat is targeting businesses – THOUSANDS of companies have been affected in the U.S. losing over $5.3 billion since 2013. Analysts predict the trend will continue to grow vs. subside.
Business E-mail Compromise (BEC) as it’s formally known, although often referred to as “CEO fraud,” is a financial scam that targets companies both large and small who use wire transfers to pay foreign suppliers or vendors. “CEO fraud” typically occurs when your business e-mail accounts are compromised or hacked using social engineering or computer intrusion techniques. According to the FBI’s Internet Crime Complain Center (IC3), there has been a 270% increase in BEC victims since the beginning of 2015. A majority of the reported fraudulent transfers have gone to Asian banks in China and Hong Kong.
It may not be easy to spot these fraudulent emails either since they are coming directly from your company’s email system.
Here’s an example of CEO fraud: The accountant of a U.S. company received an e-mail from her CEO, who was travelling abroad on vacation, asking her to transfer funds for an important acquisition by the end of the day. This wasn’t an unusual request and the e-mail said the accountant would hear from a lawyer with further details. The lawyer got in touch via e-mail and sent what appeared to be a legitimate letter of authorization with the CEO’s signature and the company logo, with instructions to wire more than $737,000 to a bank in China. The accountant wired the money but was shocked when she talked to her CEO on another matter the next day and mentioned everything had gone through, as the CEO knew nothing about the request.
Scary, right?! So how can you train your employees to ensure your company doesn’t become a victim of “CEO fraud?”
- Don’t rely on only one form of communication to verify transfer requests. If a request came by e-mail, phone the person who sent it to verbally validate it. And be sure to use known phone numbers associated with that person versus whatever is included in the e-mail.
- Implement an approval process for high dollar payments – require two executives to sign off instead of one.
- Be wary of any requests that ask for payment immediately or ask for secrecy. Have a process in place for international wires transfers that allows for an additional time period to validate their legitimacy.
- Carefully look at all email addresses requesting wire transfers. Some red flags of potential fraud may include a slightly different configuration of an e-mail extension; i.e., an e-mail ending in .co instead of .com or an e-mail address that utilizes a hyphen instead of an underscore, like legit-company.com versus legit_company.com.
- This may seem common sense, but be careful about posting financial and personnel information to your company’s website and social media. For instance, listing international conferences your senior leaders will be attending could present an opportune time to conduct the scam.
With the right knowledge, checks and balances and scrutiny, you are less likely to fall victim to a BEC or “CEO Fraud” scam. If you think your company has been impacted or fallen victim to a scam – ACT QUICKLY! Immediately work with your financial institution to contact the financial institution where the fraudulent transfer was sent and then contact the FBI and file a complaint with the Internet Crime Complain Center (IC3).
As a Litchfield Bancorp customer, you can rest assure that we do our best to help you protect yourself from wire fraud, you can read more about it here: CLICK HERE. You can always call or stop into one of our branches if you have any questions.
Litchfield Branch Manager, Vice President
NMLS MLO ID: 698742