Do you do wire transfers? If yes, you may be a target.
Now is the time to look at the financial controls in your business! Why? There’s a new breed of cyber crime that targets small to midsized businesses. Are you ready for this type of attack? Financial policies are usually the last thing to catch up with a fast paced growing company. Now is the time to change that.
According to the Wall Street Journal, wire fraud cases are up dramatically because of the high amounts and relative ease of doing a wire transfer. This may be a problem for small to midsized businesses that have little or no risk assessment policies in place.
Here’s how the scam works.
Your finance person will get an email that looks like its coming from a legitimate source – the owner, a major client, a big bank. The email requests a relatively high number – in the $140-$170k area – but not so high that is raises alarm bells. They usually work quickly, and request that you attend to the matter promptly. And as soon as it’s gone, it can’t be recalled.
Here are some examples of how the fraud looks.
Let’s just say your finance wire person is Sara, and your name is “Bill Smith”. Her email is Sara@controllers.com and she receives an email from you at Bill@controllers.com. And “Bill” is requesting a wire transfer.
Here are some variations of the email address that can trick your eye into believing the email in front of you:
Bill@C0NTROLLERS.COM (Note the Zero instead of an “O”)
bill@controlIers.com (note the capital “i” instead of the lowercase “L”)
bill@CONTROLLER5.COM (Note the number 5 instead of the letter “s”)
firstname.lastname@example.org (Note the letter “m” instead of the letter “n”)
This can be incredibly deceiving when it’s thrown into the very busy day of someone trying to get his or her work done. NOTE: If you are using Outlook – the fraud is even worse because the email addresses are not shown by default, but only the display name. So you will not see Bill@controllers.com, but rather an email from “Bill Smith”.
Prevent this through double-verification.
By creating a double-verification policy, you can prevent this crime from happening to you. Here are some ways to verify a wire transfer:
- Verify the transfer by phone by directly speaking to the person requesting the wire transfer
- Verify the transfer by Fax
- Verify the transfer by text message
- Verify verbally if the person requesting it is in the same room
- Create a wire transfer protocol form and require everyone to use it. Avoid displaying the form with employees who don’t need to see the form.
Put these procedures into place as soon as possible. Trust, but verify.