Did you know that business losses from bank wire fraud is greater than ransomware and most other types of electronic fraud combined?
The attacker’s modus operandi is to leverage BEC (business email compromise) and gain access to credentials of high value individual’s email account (CEOs, CFOs or business owners) then send email to vendors advising of account changes or to financial staff requesting funds to bank accounts controlled by the criminals.
To protect against BEC, take our quarterly cybersecurity prevention course and learn about spear pfishing and whaling, two tactics applied in BEC attacks.
To prevent wire transfer fraud, have a conversation with your financial team and observe these guidelines.
- Build a relationship with your banker, this way they are more alert about the types of transfers your business sends out and can catch and alert you if anything appears anomalous.
- Any time you receive new wire transfer instruction, have a verbal conversation with the vendor to confirm authenticity.
- Do not use e-mail, voice mail or chat to accept changes in wire transfer instructions or conduct out of the ordinary transfers.
- Require that transfers over a certain amount need to be researched and approved by committee or quorum of stakeholders and subject to dual controls (one person approves while another one sends)
- Rather than replying to financial emails, forward them to the sender’s address you have on file.
- Disable wire transfers from on-line banking if you do not use the feature.
- Require an access token or MFA to log in to your on-line banking account and initiate a wire transfer.