Wire fraud is a daily danger. Cyber-security filters may stop 90%+ of attempts, but some still get through. You should be especially alert around bank holidays. For international clients, attempts are especially focused when US/European/Asian holidays are not in sync. Scammers want to prevent you from verbally verifying the authenticity of a wire request, since the requester’s office is closed for the holiday.
Here are more tips for preventing wire fraud at foundations and family offices:
Check the email source thoroughly
It’s easy for a scammer to slightly change an email so that it looks close to the authentic source. E.g. George.Jones@Acmbank.com versus the authentic George.Jones@Acmebank.com. If you’re in a hurry, you might miss this.
Beware of new wire instructions
Scammers can spend weeks in your email system, learning the internal formatting you use for wire requests. They can also mimic the personal information or style of one of your SVPs.
Double check the destination account numbers, as well as the bank routing numbers to ensure they’re correct. As a standard control mechanism, you may want to have a second person review wire instructions above a certain threshold.
Use your privacy settings on social media effectively
Keep scammers from building a profile to better impersonate you. Scammers are adept at integrating information from Facebook, etc. with LinkedIn, your firm’s own website and other information sources. This can lull recipients into thinking they’re dealing with the real you.
Passwords need to be high quality
Through social media, scammers can learn of your connections to schools, delivery services and clubs, which often have minimal or no security. People tend to have a consistent pattern to their passwords. Scammers can use these insights to hack into your account.
Beware of any sense of urgency
Scammers may place perceived pressure to try and get you to shortcut your controls. They might dangle the threat of material late fees, or have a deal or offer withdrawn if the wire transfer is not completed immediately.
The only failsafe way to prevent wire fraud is to pick up the phone and verbally confirm the details with an authorizing person. You’ll ideally call a published company phone, not a cell phone. Company logos and other official looking references and information can be lifted from websites and placed in an email. Thus, supplemental validation is critical for new wire instructions, large amounts, urgent requests, or any request that seems different.
Subscribe to Blog via Email
About the Author
Tom Donahoe has served as a Foundation CEO. He can be reached at (917) 287-9551. This and related briefings are available at www.manageranalysis.com.