PACIFIC
MERCANTILE
BANK
WHITE PAPER: IMPOSTER FRAUD
PREVENTING IMPOSTER FRAUD
SIMPLE STEPS TO AVOID THE WIRE FRAUD EPIDEMIC
By Paul Happach, Vice President, e-Channel Product Manager, Pacific Mercantile Bank
H
ome security experts strongly suggest that
homeowners display signs alerting would-be
thieves that an alarm is installed within the home.
Typically, thieves will see the security signs and
move on to easier targets in the neighborhood. What
is true for homeowners also holds for businesses.
Thieves and fraudsters will always take the path of
least resistance.
WIRE FRAUD IS GROWING ALARMINGLY
The 2016 Association for Financial Professionals (AFP) Payments Fraud & Control Survey found that for the first time Wire Transfer Fraud has
outpaced Credit and Debit Card Fraud. Wire Transfer Fraud affecting businesses increased from 27% in 2014 to 48% in 2015. The trend
was driven by an epidemic surge in Imposter Fraud. According to the survey, in 2015 64% of companies surveyed were exposed to Imposter
Fraud. The FBI reported in August 2015 that over 7,000 businesses were targeted during an eight month period from January 2015 through
August 2015, accounting for over $750 million in losses.
While this threat is real and growing, there are simple steps you can take to prevent Imposter Fraud from affecting your business. This paper
examines the trends in Imposter Fraud and provides the tools and best practices you can employ to protect your business.
NEW APPROACHES TO WIRE FRAUD
It has been called Imposter Fraud, Business Email Compromise, and CEO Fraud. It is a
disturbing trend in fraud that has grown at epidemic rates since it was first identified
by the FBI in 2013. Imposter Fraud scams use email and social engineering to pose as
a senior manager in order to trick employees into sending “urgent” and “confidential”
wire transfers directly to the fraudsters’ accounts. This type of fraud can manifest itself
in a variety of methods.
Email Account Takeover
The thief uses phishing or other means to install malware on an executive’s computer
and gains access to the executive’s email account. Once they have this access, the
thieves will take time to understand the organization’s relationships and the ebb and
flow of routine wire transfer requests. They search the email account for words like
“invoice,” “deposit,” or “president” to learn about the processes at the business for wire
transfers, money movement, and vendor relationships.
Once they have learned the organization’s standard practices, they use the
compromised email account to create a money transfer request. The fraudsters
continually monitor the email account and reroute emails questioning the wire transfer.
The real executive is unaware of the request email and any email responses from employees.
Look-Alike Domain
In this case, the fraudster will use publicly available information to learn about the organization’s executives and activities. They will typically
send emails to executives in an effort to receive out-of-office replies. They attempt to understand when an executive will be unavailable
or traveling.
They create a domain that looks similar to the victim company domain. These are a few examples of the false domain names they typically
create: they replace the letter l with the number 1 (example.com becomes examp1e.com); they drop the last letter of a domain (example.
com becomes example.co); or they may add an extra letter to a domain name that is difficult to spot (progress.com becomes progresss.com).
The thief uses the look-alike email address and, based on information they have gathered on the business, makes money movement
requests of company employees.
Forged Vendor Invoice
Fraudsters may also target an organization’s vendor relationships. To forge a vendor invoice request, the fraudster may compromise an
email address from the vendor, or from an individual within the organization’s finance department. The thief will attempt to obtain
sample invoices and gain insight into the relationship between the vendor and the organization, including typical invoice and
payment patterns.
With that information in hand, the fraudster will either use a compromised email account or look-alike domain email account to submit an invoice
with altered payment information. The invoice payment is routed to the fraudster’s account rather than the vendor.
Confidential and Urgent
Thieves may also craft an elaborate story when sending a compromised or look-alike email. Often the story involves events that must be
kept confidential such as an upcoming acquisition or large purchase. The requests are extremely urgent in nature requiring the target
employee to act immediately. The combination of extreme urgency and high confidentiality persuades the employee to act quickly and
secretively, sometimes conflicting with or bypassing company safeguards and practices.
0 I I 0 0 0 I I 0 I 0 I I 0 0 I I I 0 I 0 0 0 I 0 0 I 0 I I I I 0
BEST PRACTICES TO REDUCE THE RISK OF IMPOSTER FRAUD
Dual Control
Establish dual control for all money movement activities. Ensure that every funds transfer requires a transaction creator and a separate
approver. Utilize online banking security features to set additional approval levels based on the dollar amount of the transaction. Set up
online alerts to notify approvers when a money transfer request is awaiting approval. Utilize the approval feature within your bank’s
mobile application to ensure that senior management can approve transactions on-the-go.
Confirm All Requests
Instruct employees to always confirm requests for money movement. To confirm requests, employees should use a channel different from the
channel used to make the request. For example, an email request should be followed up with a telephone call to the requestor.
Control Publicly Available Information
Exercise restraint when publishing information regarding employee activities. Fraudsters will use this information to determine ideal time
frames for committing fraud.
Educate Employees
Ensure employees are aware that this type of fraud is a real threat. Educate employees on the proper process for initiating money transfers,
and enforce this process with all requests. Coach executives to encourage verification of all wire transfer requests. Encourage
executives to introduce themselves to the Accounts Payable team and let them know it is acceptable to question any payment request.
Investigate Bank Inquiries
Often this type of fraud will trigger alarms at your bank. When the bank contacts the business to confirm the authenticity of the wire, the company
employees will confirm the wire as legitimate since it originated from an executive’s request. Thus, the wire transfer is processed even
though the bank questioned its authenticity. Instruct employees to take additional steps to ensure a wire is accurate and legitimate if they are
contacted by the bank regarding a wire’s validity.
0 I I 0 0 0 I I 0 I 0 I I 0 0 I I I 0 I 0 0 0 I 0 0 I 0 I I I I 0
WHAT TO DO IF YOU ARE A VICTIM
The FBI and financial institutions take this new threat very seriously. If you become a victim of this type of fraud, you should take the following
steps regardless of the dollar amount of the loss.
Contact your financial institution immediately and request that they contact the financial institution where the funds were sent.
File a complaint with the FBI’s Internet Crime and Complaint Center (IC3):
www.ic3.gov/complaint
SOLUTIONS TAILORED TO YOUR NEEDS
At Pacific Mercantile Bank, we have the expertise to evaluate your unique needs and determine the solutions that may help you avoid costly
fraud losses. Call us today for a review of tools available to mitigate fraud risk.
FOR MORE INFORMATION CONTACT
Cindy Verity - 858.320.8419
[email protected]
Shamara Vizcarra - 714.438.2629
[email protected]