A post to Exponent Philanthropy's blog

Preventing Wire Fraud at Foundations and Family Offices

Photo by Hannes Johnson on Unsplash

Wire fraud is a daily danger. Cyber-security filters may stop 90%+ of attempts, but some still get through. For international clients, efforts are especially focused when US, European and Asian bank holidays are out of sync. Scammers want to prevent you from verbally verifying a wire request, since the requester’s office is closed.

Here are other things to do to prevent wire fraud at your foundation:

Check the email source thoroughly

It’s easy for a scammer to slightly change an email so that it looks close to the authentic source. E.g. George.Jones@Acmbank.com versus the authentic George.Jones@Acmebank.com. If you’re in a hurry, you might miss this.

Beware of new wire instructions

Scammers can spend weeks in your email system to learn the formatting you use for wire requests, and mimic the personal info or style of one of your higher-ups.

Double check destination account numbers and bank routing numbers to make sure they’re correct. As a standard control, you might have a second person review wire instructions above a certain threshold.

Use your privacy settings on social media effectively

Scammers are skilled at integrating information from your social media with your foundation’s website and other sources. This can lull recipients into thinking they’re dealing with the real you.

Passwords need to be high quality

Similarly, through social media, scammers can learn of your links to schools, delivery services and clubs, which often have minimal or no security. People tend to have a consistent pattern to their passwords, which scammers can exploit to hack into your account.

Beware of any sense of urgency

Scammers may try to get you to shortcut your controls through perceived pressure. This includes dangling the threat of material late fees, or withdrawing an offer or deal, if the wire transfer is not completed immediately.

The only failsafe way to prevent wire fraud is to pick up the phone and verbally confirm the details with someone who’s authorized.

Ideally, this will be a published company phone, not a cell. Logos and other official looking information can be lifted from the internet and placed in an email. As such, supplemental validation is a must for new wire instructions, large amounts, urgent requests, or any request that seems off.


Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.


About the Author

Tom Donahoe was previously a foundation CEO. His number is (917) 287-9551. This and related briefings are available at Manager Analysis Services, LLC.

Leave a Comment

Your email address will not be published. Required fields are marked *