Written By Carol E. Roland, CPA, CFE, CGMA, MBA
In 2021, the FBI received 19,954 business email compromise (BEC) complaints with adjusted losses of nearly $2.4 billion, up from $1.8 billion in the prior year - a 33% increase![1] Many of these losses result from wire transfer fraud. Fraudsters have become more sophisticated, and their schemes have evolved to stay ahead of the preventative measures that are developed. Cybercriminals don’t discriminate – both small businesses and public companies are targets and victims of these schemes. In many cases, the wired funds are immediately converted to cryptocurrency by the recipient, making recovery virtually impossible.
One of the common schemes involves an executive’s email being hacked. The fraudster uses the hacked email address (or similar email address) to send an email directing an employee to wire funds. Another scheme uses a compromised vendor email address (or similar email address) and instructs an employee to change the vendor’s wire payment account number and/or routing number (or requests payment by wire when the vendor has historically been paid by check.
Most organizations have policies and procedures to protect them from fraud losses in the typical payment transaction (i.e. payment by check). However, processes and procedures to protect the organization from losses related to electronic payments (ACH and wires) may not be as well-defined. Below are some suggestions you should consider implementing to protect your organization.
If you suspect that your organization has been the victim of wire fraud, contact your financial institution immediately and ask them to contact the recipient bank. If they refuse, you should contact the recipient bank directly. In addition, you should inform the FBI.
[1] FBI. (n.d.). 2021 INTERNET CRIME REPORT. Internet Crime Complaint Center. Retrieved July 7, 2022, from https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf