Fraud Alert: Wire Transfer Frauds – a Growing Concern
There has been a recent global surge in schemes to trick companies into sending wire transfers to bank accounts set up for this fraudulent purpose-often in a foreign country. These schemes usually involve someone masquerading as the CEO or CFO of a company who emails an employee with an urgent request to wire funds to a special account. Most often, these emails appear to be from within the company, but there might be a slight variation in the email address (e.g., an extra space or a dash). Sometimes the email is even followed up with the phone call, particularly if the recipient is in another country and unlikely to recognize the voice or phone number of the person the fraudster is purporting to be. The fraudster often tells the employee to treat the request as highly confidential under the pretense that it relates to a ’secret deal’, such as a purchase of another company.
In carrying out these schemes, the fraudsters are relying on the human fallibility of the employees they contact, which is often referred to as ’social engineering’. These schemes are fostered by the prevalence of email as the usual means of communication in all facets of business; a lack of skepticism by the employee; and the sense of intimidation that the employees feel when receiving an urgent request from a CEO or other high level executive, causing them to rationalize their bypassing of existing prescribed procedures and controls.
A variation of this type of fraud is where someone masquerades as a company’s vendor, asking for an authorized person at the company to change the vendor payment information prior to payment of an invoice.
The fraudsters in these schemes are able to find out which company employees are authorized to implement a wire transfer simply by making a few phone calls to the company and pretending that they are from a vendor or the company’s bank. They also may try to determine whether the executive is on vacation or otherwise difficult to contact by researching publicly available information or simply by calling the executive’s assistant to ask.
It is critical that companies have controls to prevent these schemes since recovery of stolen funds may not be possible. Steps that can be taken to reduce the risk of loss from these schemes include:
• Requiring multiple approvals of wire transfers in excess of specified amounts.
• Implementing controls to validate changes to vendor information, including a requirement for such changes to be in writing (i.e. hard copy).
• Requiring those receiving wire transfer requests to confirm the authenticity of the requestor by phone, using a company phone number they know to be valid based on their experience.
• Obtaining insurance coverage at appropriate levels.
In addition to these and other actions, it is important that companies publicize any such schemes that have actually been perpetrated against it and otherwise sensitize employees about the nature of these schemes, embedding in them a sharp sense of skepticism, particularly involving something out of the ordinary.
According to BDO Global Forensic leader Glenn Pomerantz, “our teams have investigated these schemes on several occasions and the most common culprit is an employee not following protocol in the wire transfer and or the vendor master file change process. These schemes often involve multi-million dollar wires and the opportunity for recovery is very limited. Crime insurance policies can be a last resort. Enhanced training of employees with wire and vendor master file responsibilities is usually a more effective risk mitigation strategy.”
You are encouraged to discuss this growing risk with your clients.
If you have any questions about this alert, please contact your White Nelson Diehl Evans professional.