Wednesday, August 5, 2015

Business Email Fraud

According to the FBI, companies worldwide have lost more than $1 billion from October 2013 through June 2015 due to business email fraud, an increasingly popular fraud tactic used by criminals to infiltrate a company’s email system and request large sums of money via wire transfer. A recent article in The Wall Street Journal discusses business email fraud in further detail. For this type of fraud, emails typically come from a vendor that the company does business with regularly, or sometimes they even come from the CEO of the company with instructions of how and where to wire the money. While it is sometimes possible to find errors in the email and identify the fraud, other times it can be impossible to detect without additional investigation. Because the fraud can be nearly impossible to detect, it is necessary to use extra precautions and sound security procedures whenever companies wire money.

The article gives an example of business email fraud that occurred at Infront Consulting Group Inc. The CFO for Infront Consulting Group Inc. received an email from the CEO of the company instructing her to “process a payment of $169,705.00 USD,” with attached instructions of where to wire the funds. Luckily for this company, by chance the CEO happened to call the CFO while she was working on the wire transfer. She asked what the funds were for, but the CEO had no idea what she was talking about. Upon further investigation, they realized that the email had come from an email address missing the letter “i” in “consulting.” Another example discussed in the article is about a company who received an email from a regular vendor requesting a wire transfer be made in the amount of $100,000.00, a normal amount for wires requested from this particular vendor. The email had in fact been sent from the vendor, but it appears that a hacker infiltrated the email system and changed the information in the email so that the money would be transferred to a different account.

While it may sometimes be possible to identify the fraud simply through close scrutiny of the email (i.e., a missing letter in the email address), other times it can be nearly impossible to identify business email fraud without further investigation. It is a smart practice to verify the information contained in any wire transfer request by calling the vendor, using a phone number from a source other than the email that was received. While there may still be instances of business email fraud, if companies work with their financial institutions to implement and execute secure business practices, the losses associated with this particular fraud will certainly decrease.

No comments:

Post a Comment