I received a first email this week from our CEO advising of intention to send a wire that day. Then got a second email an hour later with wire details. Bank of Philippines. I asked him - in person - why we needed to send $75,400 to an individual in the Philippines! “WHAT?” he said. Needless to say, no payment was made! Sender was counting on no questions asked. Closer look showed that the sender's email had been spoofed to look like the CEO's. I shared the story with two bankers. Both said that they have had customers taken for this scheme in the last couple of weeks. One bank said they've stopped over $1mm, but some actually cleared. Another banker said they had a customer authorize ~$15,000 just last week; but the Bank stopped it before the wire was released. Be careful out there! The bad guys are lurking.
Fraudulent Wire Request
Answers
Always voice verify unusual requests for wires, especially if no paperwork exists!!!
I get these messages every few months and they look very realistic. One of them, purportedly from the CEO, said I am very busy today and do not have time to discuss this so please wire as soon as possible. It just all gets back to the importance of controls.
1
Lyle exactly - controls.
If I got one of these out of the blue, I wouldn't care if the CEO was in the middle of a tryst... no voice verification, no wire.
It should be standard SOP, especially if a) it is not a normal occurrence with a normal wire value, b) there is no pre-existing paperwork and c) it is going somewhere you never wire money.
I worked in a business where real odd-ball requests came in every day. They came from some of our "vendors" and some of our "clients" as well as a CEO who didn't believe in business rules, except if they suited him.
I refused to wire many a bank transfer because I wasn't satisfied or the person wanted the money to go to a country on the US Watch List (we dealt with mostly foreigners who were not bound by US Laws).
It is amazing at the lengths people will go to in order to scam a company. We had something like this happen a few months ago also.
The email came from someone who combined an r and an n to look like our m in Empire.
Our
I don't know about your company CEO, but ours never sends anything internally more than a couple of sentences. If it's longer than that he'll call.
Needless to say, more caution is given each time something is received about money going out.
I get those emails all the time. Always take the time to verify requests.
You should be on the banking side of these transactions! It seems we as bankers are supposed to be able to detect and stop these fake wires from happening and it is our responsibility to stop them. We are a small community bank and have been able to stop a number of fraudulent wires and ACH transactions, which are actually even tougher to detect. The frustration from the bankers perspective it is seems like we are more and more held responsible even if the breakdown is in the internal controls of the entity issuing the wire (including fraudulent transactions when our customers computer system is hacked). With that said, there are times bankers don't exercise good judgment and we should be correctly held responsible.
There have been a number of court cases regarding these issues, with some won by the bankers and some lost by the bankers. Unfortunately, even if the bank "wins" the case, they generally end up losing a customer because the customer is angry that the bank didn't stop the fraud. It truly is a no win situation.
Controls are very important and closely work with your bank. We have experienced several attempts which appear to be real. A step I do to verify if it is a scam is to click reply to view the return email address. While the original email request will look like your company email address, the return address is usually an unknown address, Our bank mentioned that these scams peak prior to the holidays. My first experience was before July 4th and I was out of the office on vacation. Fortunately, our controls caught the fraudulent attempt prior to processing the wire request. We submitted the attempt to the FBI, but did not receive a response.
More than specific controls, AWARENESS that these things exist is critical. Make sure the WHOLE ORGANIZATION (not just the Finance Division) is aware of scams like this that are increasingly getting sophisticated.
I say whole organization because the "in thing" now is SOCIAL ENGINEERING where hackers can get in or get company info via seemingly innocent emails/links. A staffer may innocently click on one.
Here is an example....A staffer has indicated her company email address in her Facebook page. Now, the format of your company email addresses (ex. Firstname.Surname @companyA.com) is out there. From there, a hacker can broadcast an email to ALL your staff and hoping ONE (that is all they need) can be tricked to clicking on a link.
Hopefully, these kinds of scams will not even have the chance of being processed and for the Controller, CFO or even CEO to catch.
1
Agreed!
I know of a company that lost $500k on a fraudulent wire, sent to a bank account that was apparently changed by their major Asian supplier (via a bogus email). Also, a similar case to the original poster's situation: CEO is travelling overseas and supposedly sends CFO an email to wire money. CFO had no warning from CEO that a wire transfer may be needed.
Execs should all discuss what they need to do:
1. Make sure that new vendor accounts are opened with care. Verify vendor bank accounts at this time
2. Verify any request by a vendor to change bank accounts
3. If an Exec is travelling overseas, establish a policy that the traveler will not email a request to transfer money without verbal communication, even Skype.
4. Examine who can open new vendor accounts in your company-are your duties divided reasonably?
Yes, also be aware of hackers sending e-mails pretending to be upper level
As a responsible ceo, no payments get requested without prior discussions. That has to be the ceo's rule.
We had this exact thing happen two weeks ago. My CEO was sitting in his office within my line of site, when I received the request. We have dual controls, the language was awful, and sent from an ipad (he doesn't own).
1
Same exact scenario happened to us at the same time. My CEO is walking by my office when I receive the request. The email ended with "Sent from my iPhone" and he uses a Blackberry. Since it has happened several times over the past year, I called him over and we had a laugh about it. We have controls in place to verify requests whether we are in the office or not. Continue to spread the word about these fraudulent requests because it is increasing over time.
We also got one of those and they had used an url that substituted a q for g which is really hard to see. I am sorry I didn't sound the alarm as our colleague here did because we need to get the word out.
Our AR person received the same email. The email even had a picture of our CEO. His signature was different, so we confirmed in person as well and of course it was spam. I wonder how many people don't notice right away and send money...
I have received these as well. Always a good idea to get a face to face confirmation.
I've experience fraudulent wire requests several times. After I get the wire info (routing and account number) I have repeatedly submitted this info to the bank's security department but I never receive a response. The fraudsters are identifying themselves. CASE SOLVED!!! This is not a problem searching for a solution. Why can't the banks or Fed shutdown these accounts? I suspect the reasons are political related to each country.
It is wholly unfair that unsuspecting AP departments at US company's are victimized whilst the politicians and regulators in Washington let this go on unpunished. This is an outrageous lapse in government accountability. Someone or some organization (Proformative?) needs to step up and demand that the US government do something about international wire fraud. Just my humble opinion of course.
We are a small company and I got one of these requests that sounded just like the CEO. I requested the wire instructions and received them. Then I caught the sender's email address was not the CEO's and just in case I did ask the CEO verbally about the wire and of course it was not valid. The interesting thing was that the bank, account # and beneficiaries name was on the wire instructions.
I looked up the bank, it was in New York State, and sent an email and I was contacted by the fraud department and sent them the information. Of course, do to confidentially laws, one does not know what happened. But I believe most banks would like to know that a costumer is using their bank in a fraudulent scheme. I had an new request from a fraudster using a Washington DC credit union; but the credit union made it difficult to contact them.
1
That's a good idea to contact the fraudster's bank directly if its a domestic bank.
You were a victim of one of the fastest growing fraud scams, the Business Email Compromise (BEC). Guardian Analytics has put together a free BEC kit that has tools for businesses to educate employees on the scam and Best Practices for businesses. Their website is: http://www.guardiananalytics.com/index.php.
Businesses that have been victimized by the BEC scam (regardless of dollar amount), are encouraged to file a report with the FBI's Internet Crime Complaint Center (IC3) at www.IC3.gov or contact their local FBI office.
I agree with Len. Know your vendor or KYC. Segregation of duties is a first line of defense.
A common fraud tactic doing the rounds (before the days of ACH) was when an existing customer, maintaining a credit account history for some months and behaving normally, would unexpectedly deposit a large overpayment against their account, with a stolen check. The customer, having built a relationship with one person in AR, would call to plead for the mistake to be corrected with a reversing wire transfer ("or I'll lose my job"). The SA banks held the account holder liable for the loss, naturally.
We've had this attempted here as well.
CEO was traveling with our COO to visit some vendors and others in another state. I received an email supposedly from her with direction to wire funds to a business for a purchase they had made. It looked very legitimate, even though my gut was saying, "What the hell are they doing?". Luckily, I noticed that it said "Sent from my iPad" at the bottom. That jolted me out of my anger/stupor over the request. She doesn't use an iPad.
I've participated in a scam one a step above the BEC. They didn't request that I set up a wire transfer to them. They set one up on their own with our bank account number and my signature and submitted it to our bank via email that spoofed my email.
Luckily, because the transfer was to eastern Europe, the bank called me to let me know rather than complying. And then shared a copy of the request so I could see how real it looked. They told me they get these all the time for many of their larger, business customers.
I was shocked to see a copy of my actual signature and our bank account number on the wire transfer instructions on our letterhead. But, then I realized how easy it is to get bank account numbers; they are on every check we issue.
Later, one of my staff pointed out how they got both. And I had egg all over my face.
I had received an official request for and "annual report of bank activity/information by a public agency" signed by an officer from one of the federal agencies that funds us. It was on their letter head. It threatened to withhold further funding if we did not file the form annually.
I had set it aside for later consideration. I didn't remember ever having to do that before, although it wouldn't have surprised me if a federal transportation agency required it.
I ignored it for a while. Then, one day as the deadline approached and, fearful of the wrath of the agency I regularly deal with, I picked up the request, filled it out and had one of my staff fax it off to them. Only, it wasn't to them. It was to these scammers. The document I had filled out and signed provided our bank account number and my signature for these scammers.
And her I sit and say, every time I read about the success of one of these scams, "What idiots!". Anyone could have seen that coming. :-(
We all get conditioned to routines and route responses in our day to day work lives. Enough so, that we sometimes respond to things without really reviewing them.
Scammers prey on that. That is how "these things happen"!