24 B Dick St, Cambridge

Mon- Fri: 08:30–17:00
07 827 7119

24 B Dick St, Cambridge

Online Banking Imposter Scams

The following is extracted from an article from the U.S. Federal Trade Commission website and thought it might be of interest given we have had a few of these occur in the last week.

CEO imposter scams: Is the boss for real?

By: Seena Gressin | May 16, 2016 10:06AM

If your business regularly makes wire transfer payments, it could be the next target of a fast-growing scam in which cybercriminals trick employees into transferring large sums of money to them by impersonating CEOs and other company executives in spoofed emails.

According to the FBI, the scheme has caused $2.3 billion in losses to 17,642 business and non-profit organizations in the U.S. and other countries since October 2013, with the number of victims nearly tripling since January 2015.

How does it work? The schemers first study their intended victims. Social media websites, a company’s own website, and news reports can give employees’ names, job titles, email addresses, and telephone numbers, as well as information about the company’s business dealings. Fraudsters also pose as third parties – perhaps the company’s bank, a vendor, or someone legitimately seeking information – in phishing emails and pretexting calls designed to trick employees into disclosing confidential information.

With a company’s information, scammers can spoof, or fake, an email to an employee who they know can transfer money or pay invoices for the company, making the email look like it’s coming from an executive officer, regular vendor or other trusted source. In some cases, hackers break into a company’s email system and send urgent requests for money transfers. Once the money is wired, it can be nearly impossible to recover.

These tips can help you guard your company against CEO imposter scams:

· Establish a multi-person approval process for transactions above a certain amount.

· Set up a system that requires a valid purchase order and approvals from a manager and a finance officer to spend money.

· Verify by phone any changes in vendor payment information and fund transfer requests.

· Remember – email never is a secure way to send financial information. Don’t transmit account information by email and question any emailed payment requests that include account information.

· Slow down. Take time to verify any request, even an urgent one. And be suspicious of any request for secrecy.

—————————————————————————————————————————————

One thing I would add to this whole ‘payments on line’ scenario is to reinforce point 3 above – always verify a supplier’s payment details before paying them. A number of clients were hurt in NZ last year for tens of thousands of dollars when scammers were able to access invoices that suppliers were emailing to their clients and changing the suppliers bank account number on the actual invoice, in the email, to their own.

The client made the payment to the account specified on the invoice and guess what – the supplier ended up severely out of pocket.

When setting up a new supplier in your accounts system or direct in your online banking I would be asking that supplier to scan and email me a bank deposit slip or some other form of independent verification of the bank account number. I would not be relying on just getting an invoice with it on.

Similarly, if I was asked to change a bank account number for an existing supplier I would want some similar sort of proof before I did so.

Gina Whyte