Holiday Reminder - Imposter Fraud

It's the most wonderful time of the year again…the Holidays. But it’s also the time of year when criminals use the hectic and festive time of the Holidays as cover to increase their attempts to steal money. I published this article several years ago but thought it would be good to update the statistics and provide another friendly reminder…

According to the FBI's Internet Crime Complaint Center's (IC3) annual Internet Crime Report, losses from imposter fraud like business email compromise (BEC) scams, reached $2.4 billion in 2021 - that’s double what it was 4 years ago in 2018! In addition, internet theft, fraud, and exploitation accounted for $6.9 billion in 2022, up from $2.7 billion in 2018. Once again, BEC scams were by far the most costly incidents last year.

With statistics like these, finance and treasury teams must increase their vigilance and be proactive when it comes to protecting their most liquid asset.

There are many ways to do this, but one of the most effective is having finance and treasury leaders remind employees involved in the cash cycle to be extra vigilant this time of year – especially when it comes to watching for increases in imposter fraud or BEC. This is where a criminal sends an email acting like one of the company’s executives - or another person authorized to send cash - to someone in the cash cycle at the company asking for an urgent funds transfer.

Fortunately, there's an easy way to raise awareness about and help prevent this type of fraud. This can be done with a well stated email from finance leadership to remind everyone that attacks like this increase this time of year and that everyone needs to be more careful. This email should go to accounts payable, accounts receivable, finance, treasury, employees that set up and/or release funds, executive management, and any account signers (board members, subsidiary leaders, etc).

?Here’s a quick example email that you can easily copy and use with your team:

It’s the Holiday season again and with that comes an increase in the potential for fraudulent attempts to steal money. One of the most frequent methods criminals use to try to steal money is business email compromise (BEC), more commonly known as imposter fraud or CEO fraud. Criminals will send emails requesting urgent wires/transfers and will make those emails look like they are coming from the CEO or the CFO. But be mindful because they could pose as anyone from the company.

The Holidays are especially prone to imposter fraud because criminals know that executives and others involved in the cash process often take time off to be with family and friends. So, an email that says something like: "I'm out of the office traveling and unreachable by phone, but I need you to please process this urgent funds transfer request..." is not as suspicious at this time of the year.

These imposter fraud emails are oftentimes hard to identify because criminals use very tricky methods to achieve their goals, including:

• Using an email address that very closely resembles the email of the CEO or CFO they are impersonating. But the email is slightly different, typically having one letter in the name of the person or the company that is subtly different (like replacing a capital i with an l for example)
• Marking the fund request as extremely urgent and needing the funds asap. If you receive an urgent request that should be your first warning that something is probably not right with the request.
• Using an outside email like Gmail or a text with the name of an executive that has language stating they are on vacation and had to use their personal email or text to send the request. You should never accept an email from a non-company email or a text as authorization to release funds.
• Utilizing language with personalized information about the recipient or the sender, for example: "How's your daughter..." "Great seeing you at the Holiday party..."
• Stating that there’s a high level of confidentiality around the funds transfer along with words encouraging the recipient to not talk about this with anyone.

These are all signs that something isn't right. In the event you see something suspicious, please make sure to follow the standard process for reviewing and approving fund transfers and make sure to emphasize the following:

• Verify the requestor: double check the email address, look for subtle letter substitutions, pick up the phone and call the person directly (make sure to use the company phone / email directory to verify contact information and do not use what is outlined in the potentially fraudulent email), or go to their office and ask directly.
• If you are asked to change remittance information, prior to making any updates you need to call the vendor to validate the requested change. Make sure to use the contact information already on file for that vendor and not what was noted in the request to change email.
• Be wary of unexpected emails from high level executives. If you suspect something, call or go to the requestor directly to confirm. If you feel uncomfortable doing that, go to someone you feel comfortable talking to that can then talk to the requestor.
• Most importantly, use common sense and trust your gut, especially for suspicious activity such as new remittance/payment instructions, emails with urgency or confidentiality conditions, or requests originated from an external or suspect email accounts.

We take fraud prevention very seriously and we do this to protect both our employees and the company. As always, please feel free to contact me or your supervisor if you have any questions or concerns.

Hopefully this seasonal email is just part of a continued fraud education process with the groups involved in the cash cycle. If you need assistance putting together this email or a comprehensive fraud prevention program, send us a note at [email protected].

"We're Gonna Need Some More FBI Guys, I Guess." - Dwayne Robinson, Nakatomi Plaza, December 24, 1988