With online security concerns rising, and the threat of ever more sophisticated attacks on financial institutions looming, teaching your employees to spot and prevent fraud is key to the health of your business. One increasing risk is the threat of wire transfer fraud, and the ability for hackers to penetrate your systems, impersonate executives, and initiate fraudulent wire transfer activity.
Business Email Compromise is a sophisticated attack that targets certain employees within financial institutions that often perform the task of initiating wire transfers, or who may work with outside suppliers and vendors. The potential to lose millions of dollars through these attacks is very real, and on the rise.
How does Business Email Compromise happen
Attackers will hack or take over the email account of your institution’s executives or high-ranking employees, often at times when that employee may be on vacation or out of the office. Sometimes the attacker will simply spoof the email address and modify where replies are sent, which is known as header manipulation. Once they have control of the email address, they will use it to send electronic requests to the employees that manage wire transfers or who have access to funds, asking the employee to process the wire transfer transaction. These employees will most likely take the request as valid, and process the transaction without question. Even if they send an email back for further confirmation, the attacker is controlling the reply address, and can continue to spoof the executive’s email address until their request is processed.
What your employees should do when they receive such requests
- Examine the email address closely, to make sure the email address has not been altered in a subtle way. Often attackers will replace certain characters in the address to retain the appearance of a valid email address (changing a capital I into a lowercase l, for example).
- Follow up on the request with a phone call or in-person visit to their office, if possible, to verify that the request is valid. Do not simply rely on an email reply to verify. If there is a verification procedure in place for your institution, follow those instructions.
- If you suspect that the request is an attempted attack, forward the message immediately to your IT department
- If you do reply to the email, verify the reply address matches the real address of the recipient, and is not going to a different address
How to keep your email address secure
- Never provide your email password or other credentials to anyone
- If you receive a request to change your email password, verify with your IT department before proceeding
- Do not open attachments or click on links contained within emails if you are unsure of where they link to, or if you do not know the sender of the email. Some institutions employ phishing alert buttons within your email program to alert IT of any suspicious emails you receive.
If your institution does not currently have a process in place to handle suspicious requests when it comes to the handling of funds, recommend one be put in place by your management team. Make sure any requests to move funds or process wire transfers include multiple forms of verification, including phone calls, face-to-face or multi-step procedures.