Late last week, the Federal Bureau of Investigation (FBI) issued a wire transfer scam alert for all small businesses in the United States. According to the FBI alert, between October 2013 and December 2014 a total of 1,198 complaints from U.S.- based companies were received dealing with wire transfer scams. Losses from these incidents totaled more than $179 million. The FBI also reports that the scams can follow a Ransomware incident, and may involve a fraudster contacting a vendor and requesting a change of payment to an alternate fraudster-controlled bank account.
How To Mitigate This Type of Scam
If you’re a small business owner, you may be at risk for this kind of scam. The FBI recommends the following mitigation steps for these types of scams:
- Keep all of your anti-virus software up-to-date.
- Educate your workforce about security best practices.
- Be sure that any changes to payments via electronic transfer are verified with an employee of the bank and at a phone number that you utilize for assistance.
- Don’t use alternate phone numbers provided via email or by a bank representative contacting you.
- Always call the institution back and verify that you are communicating with your bank.
- Monitor all of your business’s financial transactions on a daily basis. Suspected electronic fraud must be reported in a single business work day.
- Use two-party authorization access to complete all wire transfer transactions.
- Utilize biometric authentication to verify the identity of authorized users.
- Use online bank portals that require strong fraud controls to complete all wire transfer transactions.
You can find more information about the FBI’s scam alert here. This site also provides detailed samples of how the scams will be run against unsuspecting businesses.
If you have any specific questions about how this scam might impact you or if would like more information on IT security best practices, email Rea & Associates.
By Joe Welker, CISA (New Philadelphia office)