Bank3 Technology Tip: Security Practices for Small Businesses

Beware of Wire Transfer Fraud!

Fraudsters are attempting a new ploy to trick commercial businesses into providing their bank account information and other sensitive information: wire transfer fraud.

You may be asking.. “How does this scam work?”

Usually, a business is contacted by a fraudster impersonating the company’s bank or credit union regarding a wire transfer. The fraudster claims to be questioning the validity of a wire transfer request and asks the victim to verify their bank account, multi-factor authentication, and wire transfer reference numbers. Once the fraudster has the wire transfer information, they can create a fraudulent wire transfer to another bank account they’ve already established. They will monitor its activity, immediately verify receipt of the money, and withdraw the funds.

Insufficient internal controls, lack of employee training, and a lapse in good judgment can enable this fraud — and once funds have been wired, it is very difficult to retrieve them.

Learn the following tactics, techniques, and processes to bolster your security response and use the internal controls listed below to safeguard your business.

Tactics:

Urgency and scarcity

Scammers create a sense of urgency or claim to have limited time and opportunity. The intent is to pressure victims into acting quickly without noticing the risk.

Sophisticated impersonation

Fraudsters do their homework to impersonate legitimate individuals or financial institutions, making it very hard to detect scams.

Business Email Compromise (BEC)

Fraudsters compromise email accounts belonging to the owner of a business or a supplier to it and initiate fake transfers or approve fraudulent ones.

Internal Controls:

Educate employees

Use freely available security training material (e.g., EPCORPymts) to train your employees so they can recognize the most common social engineering tactics (e.g., pretext calling, phishing, smishing, etc.)

Avoid sharing sensitive information

Never share restricted or confidential information.

Implement strong internal controls

Incorporate dual controls so that a second person sees and approves wire transfer requests. Verify the legitimacy of wire transfer requests via phone, email, or text. Contact your financial institution for additional technical controls.

Use secure communication channels

Avoid relying solely on emails. Use encryption when emailing confidential information. (e.g., account numbers)

Knowing how you will respond

If your small business utilizes wire transfers, establishing internal controls and using a tested, documented incident response plan will reduce your risk. This enables you to quickly respond in the event you experience fraud.

Verify contact information

Verify the caller’s identity through alternate and legitimate sources.

REMINDER, your financial institution will NEVER ask you to provide sensitive account information it already has.

Resources