Since the days of the creation of the internet there have been instances of hackers and others trying to use it to their advantage and for personal gain. Currently, there is a new pervasive scheme that has continued to grow in recent years and resulted in attempted theft of more than $3 billion since October 2013. The FBI said it has seen a 1,300 percent increase in these type of cases since January 2015 and in about one in four instances funds are actually wired to the hackers perpetrating the fraud. This scheme involves a hacker, or imposter, sending emails to Company personnel, typically a mid-level accountant or someone in the treasury department, pretending to be a high ranking official such as a CEO or CFO or pretending to be a vendor that is owed funds. In the email, they will request an immediate transfer of funds, say that it is urgent and that the funds need to be transferred. Typically, these requests are for round amounts such as $10,000.
As a result of this, proper controls over the treasury and cash disbursements process are more imperative now than ever to prevent the theft of money through wire transfer fraud. Prior to even ensuring proper segregation of duties over cash disbursements, Company personnel should be notified to stay aware of schemes like this. Typical signs that an email could be fraudulent or involving fraudulent activity include: vague language, missing email signatures and email addresses with a slight spelling variation among others. Employees with access to cash need to always be aware of schemes such as this and stay on their guard. It is also recommended that there be multiple forms of approval on every wire transfer. At the very minimum this should involve an additional signature/approval other than the individuals requesting the transfer and processing the wire. Another preventative control is to have the bank be required to call back someone other than the person initiating the wire transfer to approve the transfer.
In addition, other good practices to implement are for all employees handling payments for your business always:
- Validate new payment instructions received via email – even if the email is internal.
- Pick up the phone, whenever possible, and speak directly with the individual requesting a funds transfer.
- Contact the vendor or client directly to confirm any requests for payment method changes, validating the changes are legitimate before processing.
- Carefully review all payments before they are sent and ensure all correspondence is validated and documented in a unified way across your business.
Article written by:
Tobin Perrill, Assurance Senior