While wire fraud is not a new concept, we have recently heard from a few clients that they have been targeted or fallen victim to a specific type of wire fraud. In these instances, email correspondence between the accounting department and a vendor was intercepted by a fraudster. The fraudster spoofed the vendor’s email address and asked the accounting department to wire or ACH an expected payment and provided the account details for payment. The emails were well written, and it is understandable why the accountant was deceived.
In situations like this, we recommend calling your contact using a known telephone number to verify the request is legitimate before making the payment.
Tips to protect your organization from ACH Fraud:
1.Verify all payment requests
As mentioned above, the simplest way to protect your organization from ACH Fraud is by calling a known and trusted contact number before processing any new requests for wire or ACH transfers or changes to the established account. By verifying all payment requests, included expected payments, you eliminate a scammer’s ability to “slip through the cracks.”
2. Educate employees on cybersecurity best practices
Implement regular cybersecurity training for all employees so they are able to quickly and easily identify phishing attempts and fraud schemes. Educate your employees on how to check for red flags that may identify a bad actor such as poor grammar, spoofed email addresses, and fishy links. Download the FBI’s Cyber Awareness Guide for more tips.
3. Slow down
Fraudsters commonly use urgency in their requests as a way to slip through the cracks. Any request insisting a payment needs to be made immediately is a red flag. Slow down, verify, and don’t let that stop you from doing your due diligence to protect your organization from fraud.
If you are a victim of ACH Fraud, file a compliant with the FBI’s Internet Crime Compliant Center.