Protecting Your Business Against Wire Fraud
Originally Published by: SBCA Magazine — February 13, 2024
SBCA appreciates your input; please email us if you have any comments or corrections to this article.
Criminals are becoming increasingly sophisticated in their methods for diverting business funds through fraudulent wire instructions, such criminals are often difficult to catch (especially those outside US jurisdiction), and businesses are increasingly suffering substantial financial losses that are not fully recoverable!
In addition to spoofing emails that appear to come from a trusted source, scammers are also often intercepting legitimate emails and modifying wire instructions. All companies are potential targets for these wire fraud scams, and should assess their processes for preventing.
Key Recommendations for Protection: We strongly recommend businesses consider tailoring and implementing precautionary measures such as the following:
- Verbal Verification of Wire Instructions:
-
- If your company is involved in transactions that require wiring funds, we strongly advise conducting verbal verification of wire instructions through a known and trusted phone number with known and trusted contact before initiating any transfers. This step is crucial in ensuring the legitimacy of the instructions received.
- Self-Protection Strategies:
-
- Avoid Email Changes: Never rely on emails purporting to change wire instructions, as parties rarely alter such instructions during a transaction.
-
- Always Verify Instructions: Verify wire instructions, including the ABA routing number and account number, by directly calling the party who sent the instructions, and perhaps even with the main contact that has been negotiating the transaction that the wire is being sent pursuant to. Avoid using the phone number provided in the email; instead, use known and verified phone numbers of known parties to the transaction.
-
- Enhance Security: Strengthen your email security by using complex passwords that include a combination of mixed case, numbers, and symbols. Change your passwords regularly and avoid reusing the same password for multiple online accounts. Have a clearly defined policy for cybersecurity or a monitoring service.
-
- Implement Multi-Factor Authentication: Consider implementing multi-factor authentication for email accounts to add an extra layer of security.
- Internal Processes and Controls
-
- Employee Training: Conduct regular training sessions to educate employees on the risks associated with bank scams and wire fraud. Ensure key employees, especially employees involved in your companies financial transactions, are familiar with the protocols outlined for outgoing wire transfers.
-
- Set Processes and Procedures: Develop detailed processes and procedures for initiating, approving, and executing wire transfers. Address segregation of duties and set thresholds and triggers when outgoing wires are at certain amounts. Develop a strong relationship with a local banker, and work with the bank to establish a protocol requiring at least two employees to execute the wire transfer.
-
- Cybersecurity and Insurance: Retain a reputable cybersecurity company to handle IT issues and safeguard network infrastructure. Consider obtaining Fraudulent Wire Transfer Fraud Coverage to insure accounts from financial loss.
Additional Resources: For more information on wire-fraud scams or to report an incident, you may refer to the following links:
About the Author
Kent J. Pagel is the President and Senior Shareholder of the Houston, Texas law firm of Pagel, Davis & Hill (“PDH”), a Professional Corporation, and has practiced law for almost 40 years. He has also served, and continues to serve, as an advisor to many companies and associations in a Board of Director capacity or otherwise–often in an outside general counsel role.