Wire Fraud is happening, but unfortunately, no one is talking about it! And it could be affecting those receiving electronic grants from private foundations and other sources.
December sees a drastic increase in the crime of socially engineered (a.k.a. through people trying to be helpful) wire fraud. As we know, there are always urgent, year-end payments to vendors and grantees. Additionally, firms are short-staffed as teammates may be out-of-office for the holiday and those remaining are stressed out and distracted with their holiday obligations.
It’s with these tailwinds that the bad guy will strike! They have likely been in your e-mail or your counterparty’s e-mail for months, waiting for the perfect time to steal a payment. The payments they target are the ones your organization wants to pay. By using AI, money "mules," compromised e-mails, and people who are helping the bad guys unwittingly, these fraudsters will succeed.
According to Dave Adams and Ryan Castle of Conduit Security, solving wire fraud is 90% financial controls and processes---and only 10% on IT.
Sending money electronically is among the riskiest activities to engage in, so here are Four Safety Tips to Protect You, Your Team and Grantees from Wire Fraud:
-
Beware of All New, Urgent, and One-Off Requests: When you receive sudden requests that seem urgent and don’t align with regular processes, exercise caution. Wire fraudsters often create a sense of urgency to pressure victims into making hasty decisions.
-
Always Verify Every New Account and Account Change via Phone Call: Whether it’s a new vendor, a longtime grantee changing accounts, or an unfamiliar transaction, it’s crucial to verify the instructions out-of-band. Reach out to known contacts using trusted contact information to validate the bank detail independently. Double-check any new banking instructions or payment requirements to ensure accuracy.
-
Source a Known Good Number for the Out-of-Band Verification Call: Don’t rely on the phone number provided in an e-mail or invoice, as it may be manipulated by fraudsters. Use established contact information from previous interactions, a CRM (your database), or the official company website and get transferred into the proper contact.
-
Consult Your Teammates with Questions or Concerns: You’re not alone! Your colleagues and teammates are essential allies in maintaining security. If something seems suspicious or if you have any doubts, consult your co-workers and leadership. Slow down, ask for help, and use another set of eyes.
Conduit's SaaS solution solves wire fraud in an hour---if you can believe that! Their approach is holistic and provides the best practices and manuals, ongoing security training/education, but most importantly the technical controls (something called the "SaaS workflow automation tool") that ensures the process is scalable, repeatable, and auditable.
If you are interested in getting a free assessment or learning more about the mechanics of the crime, please e-mail Dave Adams at dave@conduitsecurity.com. You can learn about the Founder and CEO, Ryan, below:
|