Corporate and Email Account Takeover Risk
For the past several years, corporate account takeover has been on the rise. As an ACH Originator or someone that initiates wire transfers, it is important that you understand the potential risks and dangers associated with these actions. Unfortunately, hackers are out there, constantly scheming new ways to obtain sensitive information, and they won’t stop at anything.
Fraudsters are often successful at impersonating a leader of a company (think CEO, CFO, etc.) using email or other communication methods to request a fraudulent ACH transaction or wire transfer. How do you protect yourself and your company? The first (and biggest) thing you can do is confirm the request is coming from a valid source. Do not rely on email communication when asked to initiate a transfer from your account. Instead, make a phone call or visit them in person to validate the request. Additionally, don’t forget the benefit of dual control. Fraudsters have a much harder time convincing two people to send them money than just one.
Another common scenario involves the account information of the people you pay. Once they have access to your email account, hackers can take advantage of a legitimate relationship between your company and your vendors. For example, they may impersonate a vendor and request that you change the account and routing information you use to send them money. The new information, of course, is linked to the fraudster’s account and your vendor never gets paid. Protect yourself and your vendors by verifying everything with your contact using an alternate communication method.
Here at First Utah Bank, we frequently receive email requests from bad actors posing as our customers. Fraudsters compromise your email account and search your email history looking for conversations between you and personnel at your financial institution. Using the conversation history, they learn how you make requests, who you’ve contacted in the past, and even the words you typically use. In order to be successful, they need your financial institution to think it’s you requesting the transfer.
Once funds are transferred via ACH or wire, they often cannot be retrieved from the receiving financial institution. That’s why it is so important to be vigilant and proactive. Don’t forget the importance of utilizing the security precautions offered to you through First Utah Bank as well as taking internal security measures to protect you and your company even further.