Recognizing the Full Cost of Fraud and How Improved Fraud Prevention Lowers These Costs While Reducing Fraud Risk (part 3 in a 4-part series)

What is the strategic business value and financial return on investing in improved fraud prevention? While this will be different for every financial institution (FI) based on business priorities and current operations, the key to evaluating the business case for investing in improved fraud prevention is to understand all of the business opportunities created by mitigating fraud risk plus the value of achieving the full potential of new and existing banking services.

There are four categories of value: improved competitiveness and growth, reduced fraud risk and losses, increased operational efficiency, and enhanced compliance. In this 4-part series, we’ll explore each of these topics. (Watch our video that introduces all 4.)

Part 3 of 4: Decrease Fraud Risk and Losses

The total cost of a fraud attempts and the complete set of risks facing an institution in the aftermath of a fraud attack go far beyond the fraud loss itself. Implementing a behavioral analytics solution for preventing fraud lowers costs in the following ways:

Nominal Fraud Loss – Calculating the full cost of a fraud attack starts with how much money was fraudulently transferred. Estimating this starts with tallying historical fraud losses. A more accurate estimate would include looking at how many accounts have already been compromised but haven’t suffered a loss (yet), what losses in offline channels – branches, call center, offline wire requests, etc. – originated with online account compromise, and estimating how losses will increase as you add features and clients increase use of online and mobile banking channels.

Lost Productivity / Investigation – When an FI suffers a fraud attack, even if there is not a fraudulent transaction, employees will drop what they’re doing to investigate the attack, including how the fraudster got “in,” what actually took place, if processes need to be reviewed and updated, and who, if anyone, is responsible for not catching the fraud and if roles need to be redefined. If there is a transaction involved, additional time is needed to try to get the money back. Our customers report spending 100-200 hours per fraud incident investigating the attack, communicating with impacted account holders, and reporting to management.

Remediation – As per Reg E, financial institutions must reimburse consumers who have funds stolen through fraudulent activity. While the same doesn’t hold true for commercial account holders, many FIs choose to reimburse all or part of fraud losses in the interest of client loyalty or to avoid legal repercussions.

Legal Costs – Even if a financial institution is not at fault, a victimized business might still choose to take legal action. In the worst case scenario (for the FI), they will be told to reimburse losses and pay damages, but even if the court doesn’t hold the FI accountable there is significant time and legal costs resulting from defending themselves in court.

Client Churn and Reputation Damage – When an FI is attacked by fraudsters, and even if there are no losses, customers loose trust and move their accounts. 30% of FIs suffer damage to their reputation following a fraud attack.* In addition, 20% of customers take their business elsewhere when fraud is reported by the customer (which is the case 59% of the time) vs. only 2.5% when fraud is discovered by the financial institution.* Consider the cost of a lost client – financial cost as well as the impact of having an unhappy client in the community – and the cost to acquire a new client.

Decreasing fraud risk and losses is only one contributor to high-level strategic value delivered by FraudMAP. We offer two options for learning about the full return that financial institutions will receive:

A short video (TRT: 4:22) introduces the four strategic business goals supported by improved fraud prevention. Watch it now.

An in-depth write up (PDF, 323KB) includes topics for internal discussion as you build your business case plus detailed proof points based on feedback from our customers. Download it now.

Watch for part 4 of this series next month.

* Source: 2015 iSMG Faces of Fraud Survey

 

Posted in Uncategorized | Leave a comment

It’s Time Again for Fraudulent Tax Refunds

It’s tax season again – especially for fraudsters who want to get a jump on submitting fraudulent tax returns. They submit them early before the legitimate tax payers do and they result in FIs receiving fraudulent funds in the form of an in-bound ACH payment. And despite increased efforts by the IRS to thwart them (see recent Krebs on Security article), this is just too lucrative of a scam for the fraudsters to go down easily and they have repeatedly demonstrated their creativity and perseverance in figuring out how to bypass security measures. Plus there’s last year’s hack of the IRS’ own system.

The IRS continues to rank identity theft tax refund fraud as one of it’s top challenges – it is #3 on their 2015 “Dirty Dozen” list of tax scams. And while it’s the IRS that takes the loss, RDFIs are required to report any suspicious credit activity and notify the government of any misdirected tax funds and return the credit entry to the IRS.

We’re reprinting our fraud update on how fraudsters executed this scam previously (originally released at this time last year). And while they will likely evolve their strategy in light of new security measures, this hopefully provides a reminder to financial institutions of this threat. This summary provides a description of the scam, and offers recommendations for how to detect fraudulent tax refunds. Or you can download the PDF version: Fraud Update: Identity Theft Tax Fraud (PDF, 100kb).

Impact on Financial Institutions

Under Title 31 Code of Federal Regulations, Part 210, RDFIs are required to notify the government of any misdirected tax funds and return the credit entry to the IRS. In addition, the Bank Secrecy Act (BSA) requires financial institutions to detect and report any suspicious credit activity.

So, while financial institutions are not in the direct line of fire for financial loss, they have compliance requirements to watch for and report transactions that would result from fraudulent tax refunds.

Description of the Scheme – Here’s how the scheme has typically worked:

  1. The criminal obtains personally identifiable information (PII) on a taxpayer, such as their name, address, contact information, and Social Security Number, all of which has been exposed in the seemingly endless data breaches.
  2. The criminal uses obtained PII to file a fraudulent tax return and claim a refund. Often he uses the same return and supporting documentation to file many fraudulent returns at the same time, simply changing personal details about the taxpayer.
  3. As part of the filing, the criminal requests that the money be deposited directly into a bank account under his control or he has the funds loaded onto a prepaid debit card. The scheme does not require that the refund is deposited into the taxpayer’s own account, so the criminal does not need to have compromised an existing account, he only needs to create a new one.
  4. The criminal withdraws the funds as soon as the tax refund has been credited to his account.

How to Detect Fraudulent Tax Refunds

This scheme will result in multiple suspicious credits to deposit accounts or to debit cards ­– in some cases hundreds of deposits to the same account – as criminals file many fraudulent returns at once. Suspicious characteristics could include large refunds to new accounts, identical deposit amounts to multiple accounts, or multiple deposits from the U.S. Treasury to the same account.

Also, many times the name on the tax return, i.e. the name under which the refund is issued, does not match the name on the deposit account or the debit card.

Guardian Analytics FraudMAP monitors ACH receiving files to detect unusual or suspicious patterns between originators and recipients, high-velocity deposits to the same account, or mismatches between the name in the ACH credit and the name on the account. FraudMAP detects unusual behavior by comparing activity not only to the account holder’s own historic behavior, but also to the behavior of the population as a whole, and to known fraudulent activity. It can detect suspicious credits without time consuming manual reviews and without writing and maintaining rules that result in a high volume of false positives.

Is this the year you’re going to step up to detecting these fraudulent deposits? We can help.

 

Leave a comment

How Enhanced Fraud Prevention Improves Competitiveness and Growth (part 2 in a 4-part series)

What is the strategic business value and financial return on investing in improved fraud prevention? While this will be different for every financial institution (FI) based on business priorities and current operations, the key to evaluating the business case for investing in improved fraud prevention is to understand all of the business opportunities created by mitigating fraud risk plus the value of achieving the full potential of new and existing banking services.

There are four categories of value: enhanced compliance, improved competitiveness and growth, reduced fraud risk and losses, and increased operational efficiency. In this 4-part series, we’ll explore each of these topics. (Watch our video that introduces all 4.)

Part 2 of 4: Improved Competitiveness and Growth

Mitigating fraud risk enables FIs to innovate in order to grow market share, increase profitability, attract new customers and retain existing ones.

Expand Products and Service Levels – Consider the products and services you have held off on deploying due to concerns over increasing risk. What are the competitive opportunities associated with those new products?

Improve Competitiveness – Investing in improved fraud prevention mitigates the new risks associated with expanded offerings so an FI will not only avoid falling behind its competitors but can leap ahead with the products and services levels prospective account holders are looking for, attracting new clients and decreasing churn.

Here’s how it impacted one of our customers: “We’ve definitely held back on offering new features based on the associated risk. With FraudMAP in place, we have greater confidence in rolling out Pop Money and External Transfers.”

Increase Revenue – The FIs we talk to often comment about how they’re holding back on expanded mobile banking services due to risk, leaving money on the table. Expanding banking channels and offering a full complement of revenue-generating services both online and through mobile devices is made possible by mitigating associated fraud risk.

Improve Customer Service – The more you know about your clients, the better you will be able to provide them with excellent service. Behavioral analytics implemented to mitigate fraud risk also provides visibility into activities that help you to streamline service and anticipate needs. For example, seeing the activity that took place immediately prior to a call will provide customer service agents with context and help them understand the purpose of the call, and quickly address the client’s request.

Build Client Trust and Loyalty – Account holders want their FI to take responsibility for the security of their assets. In our own survey of business banking clients, 75% reported that it is their institution’s responsibility to secure their accounts. When one of our customers gets an alert about one of their account holders and proactively reaches out to the client to investigate the alert, the account holder typically is ecstatic that their FI is proactively monitoring their account and looking out for them. One response we received is typical: “I didn’t even know you were doing this. Thank you for investing in my security!”

Improving competitiveness and growth is only one contributor to high-level strategic value delivered by FraudMAP. We offer two options for learning about the full return that financial institutions will receive:

A short video (TRT: 4:22) Introduces the four strategic business goals supported by improved fraud prevention. Watch it now.

An in-depth write-up (PDF, 323KB) includes topics for internal discussion as you build your business case plus detailed proof points based on feedback from our customers. Download it now.

Watch for part 3 of this series next month.

 

Posted in Uncategorized | Leave a comment

Fraud Factor – January 2016

We regularly hear from financial institutions how much they appreciate information we share about the latest banking fraud activities. Towards that end, this post pulls together recent news stories across the spectrum of banking fraud developments.

We also distribute this as a monthly Fraud Factor email. If you’d like to be added to the distribution list, please go to our Contact Us page.

Time Again for Annual Predictions – A Look Ahead to 2016

How Online Fraud Will Evolve in 2016

In 2016 consumer-facing web and mobile apps are up against a much more sophisticated and prolific enemy as bad actors continue to evade traditional security defenses, leverage the latest mobile hacker tools to impersonate legitimate users and take control of consumer accounts en masse. Predictions for 2016 feature social media, ATO, and cloud-based attacks.

Attacks on Android and Large-scale Infections Are Among the Main Security Threats in 2016

The creation and spreading of new malware samples will continue growing at an exponential rate, just as was seen in 2015 where the number of new samples registered daily reached 230,000. Fraudsters will continue to use Exploit Kits as many current solutions aren’t capable of combatting this type of attack, which means its rate of infection is very high. For the same reason, malware on mobiles will also increase, especially for Android. Cybercriminals will look to take advantage of payment platforms on mobile devices as they could be easy ways for criminals to steal money directly.

Thar She Blows: Whaling Attacks (aka BEC) Likely to Rise in 2016

A recent study of IT execs found that fifty-five percent of the organizations surveyed showed an increase in whaling attacks in only the last three months (see our Business Email Compromise Scam write-up). The overwhelming majority of attacks come in the guise of the CEO (72 percent) or the CFO. The report notes, “the barriers to entry for this type of cybercrime are painfully low.”

Video Shows Business Value Delivered by Stopping Fraud

Considering the predictions above, your 2016 plans might include improving fraud detection. If so, we invite you to watch our new video that describes the higher-level strategic benefits to be realized from investing in preventing fraud.

Mobile Treats Cracks the Top 10 While Android Remains Prime Target

Mobile Banking Trojans: A Top-10 Threat for the First Time

In 2015, for the first time ever, mobile financial threats ranked among the top ten malicious programs designed to steal money. That finding, from Kaspersky Lab’s year-end summary, is perhaps somewhat expected given the ubiquity of mobile devices. Two families of mobile banking Trojans, Faketoken and Marcher, cracked the list.

Updated Mobile Malware Targets Android

The latest strain of dangerous Android malware called SlemBunk targets mobile banking application users by trying to trick users into sharing credentials. The app uses a fake screen to harvest authentication credentials when specified banking apps are launched.

New Attacks Defeat EMV Cards, Target PCs, and Feature New Exploit Kits

Hackers Can Disable EMV Transactions to Force a Swipe

Hackers have figured out how to get around chip card transactions at the point of sale. The video included in this article shows a device that can force a POS to accept a magstripe transaction in lieu of dipping.

Dell, Toshiba, and Lenovo PCs At Risk of Security Flaws

A trifecta of vulnerabilities has been found in software preinstalled on a number of Dell, Toshiba, and Lenovo consumer and enterprise PCs and tablets, affecting millions of users. The flaws could allow an attacker to run malware at the system level, regardless of what kind of user is logged in.

Neutrino, RIG Exploit Kits Kick Off 2016 with Shiny New Attacks and Payloads

The holidays are over and the world has gone back to work—and so have the cyber-criminals. Two exploit kit campaigns have been spotted in the wild sporting new tactics and significant improvements. Neutrino’s latest mutations include serving Kovter and Cryptolocker2, while the RIG exploit kit is now poisoning Google search results with malicious links.

Latentbot: A Ghost in the Internet

Threat actors have been using malware called Latentbot since mid-2013, and its multiple layers of obfuscation make it almost invisible. The malware is capable of taking complete control of systems, stealing data and surreptitiously watching its victims.

Breaches Continue to Expose Millions of Data Records

Database Configuration Issues Expose 191 Million Voter Records

A misconfigured database has led to the disclosure of 191 million voter records, believed to be data on every registered voter in the US. The database is just sitting in the public – waiting to be discovered by anyone who happens to be looking. Data includes a voter’s full name (first, middle, last), home address, mailing address, gender, date of birth, date of registration, phone number, and political affiliation.

13 Million Customers of a Mac App Exposed to Potential Data Breach

Records for more than 13 million MacKeeper users have been exposed by a security researcher without any difficulty, and without him even looking specifically for this information. The exposed data included usernames, passwords and other information.

Landry’s Restaurant Chain Suffers Data Breach

The Houston company acknowledged reports of unauthorized charges on cards used legitimately at some of its more than 500 properties. Magnetic stripe data from payment cards was exposed, including names, card numbers, expiration dates and verification codes. The company commented that it could take “weeks or even months” to determine the scope of a data breach.

 

Leave a comment

How Improved Fraud Prevention Enhances FFIEC and BSA/AML Compliance

What is the business value and financial return on investing in improved fraud prevention? While this will be different for every financial institution (FI) based on business priorities and current operations, the key to evaluating the business case for investing in improved fraud prevention is to understand all of the strategic business opportunities plus the value of achieving the full potential of new and existing banking services.

There are four categories of value created by mitigating fraud risk: enhanced compliance, improved competitiveness and growth, reduced fraud risk and losses, and increased operational efficiency. In this 4-part series, we’ll explore each of these topics. (watch our video that introduces all 4.)

Part 1 of 4: Enhanced Compliance

There are two aspects of compliance that are supported by improved fraud prevention: conforming to the FFIEC’s expectation that FIs use anomaly detection, and complying with BSA/AML requirements.

FFIEC Guidance

The FFIEC’s 2011 Supplement explicitly sets the expectation that institutions have a layered security strategy that, at a minimum, contains the ability to “detect anomalies and effectively respond to suspicious or anomalous activity” and “improve control of administrative functions.”

It further defines the first expectation as processes designed to detect and effectively respond to suspicious or anomalous activity related to initial log-in and the initiation of electronic transactions involving the transfer of funds to other parties.

So support coming out so strongly in favor of anomaly detection, the Guidance goes on to state that, “Based upon the incidents the Agencies have reviewed, manual or automated transaction monitoring or anomaly detection and response could have prevented many of the frauds since the ACH/wire transfers being originated by the fraudsters were anomalous when compared with the customer’s established patterns of behavior.”

Guardian Analytics was founded on the idea that the best way to prevent banking fraud is to look for anomalous activity when compared to normal patterns of individual behavior. Rather than looking for specific malware, fraud indicators or fraud patterns, all of which are changing rapidly, behavioral analytics determines if exhibited behavior is expected and legitimate, or suspicious. Somewhere between login and logout a criminal will do something unexpected or abnormal, at which point FraudMAP will issue an alert and the institution can intervene before the money is gone.

Our solution also addresses the second FFIEC expectation, detecting when administrative roles are being tampered with, such as creating new users, changing passwords, or revising payment authorization roles or limits.

Our customers report that the fraud prevention portion of their audits go very smoothly when the examiner learns that they have FraudMAP in place. One of our customers offered, “FraudMAP is paramount in providing required security measures and fulfilling compliance requirements.”

BSA/AML

BSA/AML legislation includes requirements to monitor for and report suspicious payments. This includes outgoing payments, but also in-bound payments, such as ACH receiving files. A specific example that likely is just around the corner is fraudulent tax refunds that show up as in-bound credits. Financial institutions are required to be on the lookout for and report these and any other suspicious payments. (see our write-up of Fraudulent Tax Refunds.)

FraudMAP models payment activity to detect unusual or unexpected credits and debits in both origination and receiving files. We model the behavior of both the originator and the receiver, plus the historical relationship between the two, such as if an account holder has only received ACH payments from local originators, and then one shows up from across the country or overseas.

Enhancing compliance is only one contributor to high-level strategic value delivered by FraudMAP. We offer two options for learning about the full return that financial institutions will receive:

A short video (TRT: 4:22) Introduces the four strategic business goals supported by improved fraud prevention. Watch it now.

An in-depth write up (PDF, 323KB) that includes topics for internal discussion as you build your business case plus detailed proof points based on feedback from our customers. Download it now.

Watch for part 2 of this series next month: Improving Competitiveness and Growth.

 

1 Comment

BEC – Video Supports FIs’ Training Programs for Commercial Clients

The Business Email Compromise (BEC) scam targets businesses, not financial institutions. Accordingly, businesses need to be educated on what it is, how it works, and how to protect themselves.

We’re supporting this effort not only with the best practices materials for FIs and for businesses (see our earlier post on BEC), but now also with a video.

The new video explains to an FI’s business accounts what BEC is and best practices for how the business can detect it and protect itself from this scam. Watch the video now (TRT: 10:11).

We also are making the PowerPoint slides used in the video available should FIs prefer to deliver the content live and in person. The slides include detailed talking points in the Notes.

FIs can download the entire kit here (including best practices and PPT slides, but not the video; Zip, 4.8MB), or go to the BEC Scam Detection Kit landing page to play the video, see all that is included in the Kit, and download select components.

We invite financial institutions to actively use and distribute this video and our other materials to help their commercial clients improve their ability to detect this scam.

 

Leave a comment

Video – Strategic Value Created by Mitigating Fraud Risk

We have found that an effective way for making fraud attacks and schemes real and believable is to tell specific stories about real attacks, real losses.

An earlier blog post summarized four categories of strategic business benefits that financial institutions receive from investing in mitigating fraud risk, and linked to a full written explanation. We’re now pleased to share a new video we’ve just produced on this same topic.

Titled, “New Insights into the Full Value of Mitigating Fraud Risk” (TRT: 4:22), it explains how improved risk management can positively impact financial institutions business performance in four ways: 1) improved competitiveness and growth, 2) reduced risk, 3) enhanced compliance and 4) increased operational efficiency.

Watch it here: http://guardiananalytics.com/ValueVideo

 

Leave a comment

Fraud Factor – December, 2015

We regularly hear from financial institutions how much they appreciate information we share about the latest banking fraud activities. Towards that end, this post pulls together recent news stories across the spectrum of banking fraud developments.

We also distribute this as a monthly Fraud Factor email. If you’d like to be added to the distribution list, please go to our Contact Us page.

Stories That Highlight the Range of Challenges Financial Institutions Face

Stealthy ModPOS Is ‘Most Sophisticated PoS Malware’ Ever

Just in time for the holidays, researchers are warning retailers about ModPOS – malware in their point-of-sale systems that is nearly impossible to detect, can do a whole lot more than just scrape customers’ credit card data, and has already successfully breached U.S. retailers.

Online Dating Made This Woman a Pawn in a Global Crime Plot

This story details the activity of a woman who, after falling victim to the sweetheart scam (see our earlier write-up), became an active money mule and was eventually arrested for fraud. It demonstrates how criminals manipulate emotions to get otherwise rational people to launder large sums of money.

Russian Cyber Gangs Are Growing Despite Arrests

While this story leads with how much they’ve stolen, the real story is that despite numerous arrests, the Russian cyber underground has become even more crowded.  Russian cyber gangs have recruited about 1,000 people over the last three years, many of whom are involved in creating the infrastructure and writing and distributing the malware code used to steal money from targets.

New Breaches Add to Vast Troves of Data

FBI Probes 1.2B Stolen Credentials

The FBI is pursuing a suspected Russian hacker who amassed stolen credentials at least in part by scanning websites for known flaws, such as SQL injection vulnerabilities. The gang claims to have amassed a trove of 1.2 billion username and password combinations, more than 500,000 email addresses, and 4.5 billion records in total.

VTech Data Breach Exposes Data on Parents and Children

The amount of data exposed is much higher than originally reported, with 4.9 million parent accounts and about 6.7 million kid profiles jeopardized as part of the breach. Parent information includes names, email addresses, passwords, IP addresses, download histories, as well as their secret questions and answers used for password retrieval. In theory, criminals could use this data to piece together detailed family profiles for use in social engineering attacks.

Data Breach Hits Hilton Hotels

Hilton Worldwide has become the latest hotel chain to suffer a breach of guests’ credit card information. Stolen information includes cardholder names, card numbers, security codes and expiry dates. Although the information does not include addresses and PINs, the exposed data could enable attackers to create fake cards and make purchases online, by phone or mail order.

 

Leave a comment

Business Email Compromise Scam: Stories From Victimized Businesses

We have found that an effective way for making fraud attacks and schemes real and believable is to tell specific stories about real attacks, real losses.

Nearly every financial institution we talk to has a story about a business client that has been victimized by the Business Email Compromise (BEC) scam. Here are six to highlight the variations and similarities across the attacks, and the effort criminals will put into these attacks to make sure that the fraudulent requests look legitimate, which is what makes this scheme so hard to detect.

While not all attacks share all of these, some of the more common characteristics of this scam captured in these stories are:

  • Compromised or spoofed email address
  • Credible story, consistent with company plans
  • Request for urgency and secrecy
  • Request to only use phone number and email address in the initial email
  • Timed for when the requester (CEO or CFO) is traveling
  • New payment instructions from a vendor

Behavioral analytics would have detected every one of these attacks because in every case there is something inconsistent with prior behavior. Often it’s well hidden or disguised, but it’s always there.

Story 1: Auditor Asks for Payment for Acquired Business  

The corporate controller received emails that appeared to be from the company’s outside auditing firm with requests to transfer millions of dollars to a Chinese bank. Three wire transfers were requested and sent for a total of $17.2 million.

The initial emails included language focusing on secrecy, urgency and sensitivity, including: “I need you to take care of this. For the last months we have been working, in coordination and under the supervision of the SEC, on acquiring a Chinese company. … This is very sensitive, so please only communicate with me through this email, in order for us not to infringe SEC regulations.”

The Controller called the auditor to confirm, using the phone number provided in the email. The criminal was ready with a person in place posing as an employee of the auditing firm to confirm the requests. There also was an element of consistency between the wire requests and the company’s business plans as the company had been discussing the expansion into China and they were in the middle of an audit.

Story 2: Wire Transfer with Immediate Money Mule Action

The Controller received email that appeared to be from CEO requesting a wire transaction to an individual in Pennsylvania. The $38,000 wire was processed on a Friday morning to bank A. Shortly after, the beneficiary went into bank A to request a wire transfer to bank B for $31,400, a second wire for $6,000 through Western Union, and then withdrew $600 in cash.

On Tuesday morning, the Controller received and submitted a second wire request from the CEO, this time for $78,000 payable to a business in Kansas. The bank flagged the request only because of an invalid routing number. The bank contacted the requestor who, only when they went to look up the correct routing number realized that the request was fraudulent. If not for a typo on the part of the criminal, the business surely would have been victimized for an additional $78,000 instead of only being scammed for $38,000.

Story 3: Fraudsters Mined Email for How to Submit Wire Request

This attack started with the criminal compromising the business’ email system to look for details of how to submit a legitimate-looking wire request. They also learned that the bookkeeper had just received approval via email from CEO to submit and approve wires.

The next day the bookkeeper received a request from the CEO to submit a wire transfer request, which was consistent with how previous wire requests had been submitted. After receiving the transfer order, the bank called the company because the wire request seemed out of character, but the bookkeeper was insistent that it was a legitimate request and that it came from the CEO. The bank processed the payment before the business realized that it was a fraudulent request.

Story 4: Fraudster Poses as Vendor and Gets Paid Twice

This attack started when the business received an email from a vendor explaining that they have changed payment instructions. New payments were to be sent to an account in China. The financial institution thought it looked suspicious and called to confirm, but the business insisted it was OK.

When the wire request came back “unable to apply” the business checked the wire instructions and submitted the wire request again, and this time the receiving bank did not reject it. Then the fraudster, posing as the vendor, called to say that they had not received payment yet, and the businesses submitted the wire request a third time, resulting in total payments exceeding $200,000.

Story 5: “Attorney” Calls with Wire Instructions

The finance department received an email from their CEO regarding a company acquisition that was top secret. The email explained that an attorney working on the acquisition would send payment instructions. They subsequently did receive an email (from the fraudster), and it was from a compromised email address at a real law firm, adding legitimacy to the request. The “attorney” then called to provide wire instructions over the phone. The loss was averted only when the FI called the CEO to confirm.

Story 6: Request Timed with CEO Travel

A company’s accountant received an email from the CEO instructing him to send out wire transfers totaling over $100,000. The accountant tried to confirm by phone but was unable to reach the CEO who was traveling overseas. When the accountant responded to the email instructions with a follow-up question, he received an abrupt reply reprimanding him to get it done. Although there were internal checks in place and a controller raised questions, the air of business urgency won out and the wires were ultimately sent out.

The wire transfers were directed at legitimate businesses in a different state. These businesses promptly received calls from the fraudsters claiming to be from the Minnesota company, indicating that they had accidentally sent the funds and instructing that the funds be “returned” this time being directed to a third account controlled by the thieves. (Thanks to http://www.fredlaw.com/updates__events/legal_blogs for this one.)

Additional Resources

Financial institutions are invited to download our BEC Scam Detection Kit that includes resources for you and your business customers. It includes best practices for businesses (including a version you can brand as your own), best practices for FIs, and our Fraud Update describing this scam.

Our recent webinar goes into much more detail about how fraudsters prepare for and execute this attack, highlighting why it’s so hard for businesses and FIs to detect. Learn more and watch the recording here.

 

Posted in Criminal Attack Strategies, New Threats, Payments, Small Business Fraud | Tagged , , , | Leave a comment