Preventing Financial Losses: Be Pro-active and Recognize a Social Engineering SCAM
April 2, 2019
PREVENTING FINANCIAL LOSSES: BE PRO-ACTIVE & RECOGNIZE A SCAM.
Knowing the signs of fraud can prevent thousands or millions of dollars in losses: Social Engineering (deception fraud) is a serious crime and is becoming all too common. Impostors intentionally mislead or manipulate unsuspecting individuals and businesses into diverting payment or sending them money.
An Example: A criminal, posing as a company manager or outside vendor, sends an email request for payment by wire-transfer. These requests often seem legitimate, but upon closer scrutiny, may contain telltale signs that something is amiss:
Some Telltale signs to look out for:
1. Email requests from vendors to wire funds to a new or unfamiliar bank account.
2. Internal email from a manager, purportedly traveling on vacation, who requests an electronic payment to a vendor.
3. Misspellings, incorrect syntax, or unusual or add word usage in the transfer request. (Many of these schemes are perpetrated outside the U.S. by people whose primary language is not English)
4. Payment rejection by initial account with a new request to wire funds to a different account.
5. Requests to wire funds on a Friday, urging payment nearing the close of business when employees are anxious for workday to end.
6. Requestor instructs the employee to keep the wire transfer a secret from colleagues.
(Requestor may say the wire transfer is for a confidential purpose, like the acquisition of a new subsidiary that has not been made public, and disclosure could be in violation of SEC rules).
7. Requests for wire transfers to a foreign bank account.
8. Vendor email states “wire transfer only” policy for payments.
Tech Savvy criminals may be able to monitor, infiltrate, and intercept a company’s email accounts and service. This allows them to track and then mirror a vendor or employee’s communication style to appear legitimate.
BEFORE WIRING: BE VIGILANT:
1. Reach out to the requestor by telephone to verify all facets of the request and confirm the receiving account information
2. Do some research. If it’s an outside company or vendor, find out if anyone else in your company is familiar with the requestor
3. Remind company employees: “WHEN IN DOUBT, CHECK IT OUT.” It is very important to have a culture where employees feel comfortable asking for verification/clarification that a request is legitimate.