It is time to begin paying closer attention. Considering the fact that technology is growing in leaps and bounds, a call for greater awareness is required to protect our financial assets. We all know how easy it has become in the 21st Century to make payments electronically. Many companies don’t even use checks anymore. Checks are viewed as products of the Stone Age, cumbersome and inconvenient when all we need is the internet. ACH and wire transfers have become the easy-breezy norm.
Email is the primary method most companies use in order to communicate financial transfer information. Details such as sender/receiver identities, account numbers, and amounts are conveniently communicated. Now imagine the sender of an email isn’t actually an authorized person to give these requests. This is the risk! There have been countless cases where this abuse has caused companies to become the victim of criminal fraud.
The scary reality is that this scheme is not complicated. It is easy to find a company’s email domain and to identify who in the employee directory is able to authorize transfers. Using a near-identical internal domain name, the impostor needs only to send an email from (who is believed to be) a top-tiered company individual, typically marked “urgent” and usually sent on a Friday afternoon. Imagine the following scenario. You receive an email from the Chief Financial Officer of your company asking you to pay a vendor a large sum of money and to wire it to a given account number. The email seems legit; it is from the CFO’s address, with signature, and came right to your inbox. Would you question it or would you, seeking to please, complete the task right away? Well, this “scenario” occurs all too often to honest, well-intending people.
Is this preventable? Heck, yes! There are steps that businesses can take to ensure this doesn’t happen within their organization. Here are three tips on how to lessen the risk of fraud:
- Training – Train your employees to look for “fishy” email addresses, and empower, if not make it mandatory, to verify any request.
- Phone verification – Put an internal control into place that requires the transfer request be followed up with a phone approval. Even better, include a code word.
- Electronic signatures – Create an internal control that requires an electronic signature using the requester’s unique identification PIN.
As we move further into this very exciting digital age, enjoy the new developments, the ever-increasing conveniences, and the ingenious new products of the human mind. But, do not be a victim to the emerging pitfalls by allowing yourself to be vulnerable. Create the awareness. Educate and train. And keep your company safe!