Recently, seven separate company chief financial officers in a city in Indiana received an email similar to the following from their chief executive officers:
We are in secret merger discussions. Tell no one. We have hired a consultant to assist with the
due diligence review. Please send a retention payment by wire to:
Ms. / Mr. Smarty
Bank Account No.
Thank you for your help. I’m at a funeral today. Email me if you have questions.
The above email represents a growing trend. Hacksters and fraudsters are playing upon fears of regulations and legal authorities in order to trick employees into transferring monies by wire without second thought.
Why it Works
The chief financial officers want to be helpful and fear the regulatory issues for insider information. They also have concerns regarding potential future employment. In endeavoring to be over helpful, they initiate the wire transfers.
[easy-tweet tweet=”Companies frequently use alternative security measures to prevent hacking the company’s bank account.” via=”no” usehashtags=”no”]
Often, because of the secrecy factor, companies require only a single person’s involvement. Companies frequently use alternative security measures to prevent hacking the company’s bank account. However, in the many cases, the chief financial officer can initiate and complete the wire transfers. The chief executive officer sends an email verifying the monies were wired and sends subsequent requests for monies. The chief financial officer replies to the emails and confirms the monies were wired. A week later, when the chief financial officer and the chief executive officer meet in the office, the chief financial officer finds out the chief executive officer never sent the emails. The emails typically come from a “phantom” email resembling a verified email, such as [email protected] instead of [email protected]
In the case above, the fraudster sent emails to seven chief financial officers. One chief financial officer sent two wire transfers exceeding $200,000 in total. One out of seven. Not bad results for obtaining in excess of $200,000.
Preventing and mitigating these situations includes:
- Management’s ability to question other managers.
- Confirmation with the person requesting the wire by an alternative method, such as phone, text or fax.
- Standard insurance does not normally address these scenarios when authorized individuals submit instructions to wire transfer monies. However, there are many companies who manuscript forms or ISO endorsements for fraudulent impersonations to address the aforementioned scenarios. Extra precautions should be used with new vendors. Our next article will address fraudulent impersonations of vendors and customers.