Architecture firms oversee the transfer of large sums of money for projects. That makes you a prime target for funds transfer fraud. Here are the best practices for wire transfer safety.
Wire Fraud Risks
When a criminal inserts themselves into a transaction involving the transfer of large sums of money, it’s called fraud. When they do so by first gaining your trust, this is called social engineering.
Wire transfer fraud facilitated through social engineering is a big risk for architecture firms. A successful scam could result in huge losses and be devastating for your firm.
To protect yourself, it’s important to understand the tactics employed by today’s digital fraudsters and to follow best practices when transferring funds. Remember, never send a wire transfer based on just an email.
Wire Fraud Tactics
Wire transfer fraud can happen any time a large sum of money changes hands between a firm and a client, vendor, partner or other individual or outside organization. Criminals tend to target important transactions that offer big paydays, such as:
- Mergers and acquisitions
- Real estate transactions
- Legal judgements and settlements
- Bills, invoices and purchase orders
- Employee benefits and compensation deals
- Other movements of large sums of capital
Transactions like these are just a normal part of doing business, but caution is needed. You may be feeling excited or even anxious to complete a business deal, settle a payment or begin a new project. Additionally, you or your employees may feel pressure to facilitate a smooth and timely transaction.
Criminals know this and have tricks to exploit the people handling these important transfers, including:
- Phishing—A common online hazard for businesses of all types, where criminals send the same fraudulent mass email to multiple targets, trying to trick recipients into giving up confidential business info or altering their funds transfer procedures.
- Spear phishing—A more targeted approach, where specific managers or executives receive a fraudulent email that includes enough real information that the target may be tricked into complying with a transfer request change.
Whether you receive an email to provide detailed information about an upcoming payment or to accommodate a payment change request, the incentive to comply is high. The email may appear to be from a boss, VIP, client, lawyer or other person in authority. But with any such request, it’s important to stick to a process to verify and confirm everything before any payment is made and any information is exchanged.
Wire Fraud Prevention
Preventing wire transfer fraud and avoiding social engineering tricks requires training, alertness and compliance with the established best practice security procedures.
- Require dual approval of transactions, with any transfer being approved by both parties. Verify the transaction by calling the phone number already on file. Never confirm by email alone. Instructions for transferring funds should ideally be provided in hard copy format.
- Use a dedicated computer for transfers, making sure the system is secure and free of malware and breaches. Phishing emails can contain viruses that compromise a computer, so it’s best to use one without access to email that only connects to secure sites.
- Enable email encryption to protect communications, with a secure email system that encrypts both incoming and outgoing mail. Unsecured email is at high risk of being read by email provider hackers searching messages for payment-related keywords.
- Ensure separation of financial duties by limiting the overlap of duties related to financial transactions so that each employee has a clearly defined role in the process and cannot act alone without approval and coordination with other employees.
- Review account statuses frequently, looking for anything out of the ordinary that might indicate fraud. The sooner the bank can be alerted, the better the chance of recovery. Fraudsters often try to stall for time while moving your funds out of the country.
- Train all staff thoroughly on computer safety and funds transfer best practices. Emailed transfer change requests should always be treated as fraud attempts, no matter who the sender appears to be. If communications are disrupted, they should be restored before proceeding. Training and an agreed-upon protocol are key to preventing this fraud.
Wire Transfer Recovery
If you suspect fraud, immediately contact the bank and local law enforcement. Time is of the essence in any fraud recovery action. By contacting the FBI, the Financial Fraud Kill Chain (FFKC) can be used to recover large international funds transfers in limited cases. It is best to work with the bank immediately upon discovering the fraud and not to wait to determine if the funds have gone overseas.
For FFKC recovery action to proceed, a transaction must meet certain criteria:
- The wire transfer is $50,000 or more
- The wire transfer is international
- A SWIFT recall notice has been initiated
- The wire transfer has occurred within the last 72 hours
The epidemic of funds transfer fraud through social engineering shows no sign of abating, with fraudsters continuing to develop new ways to intercept and misdirect payments. The only effective way to defeat online criminals is by being proactive. You may also consider implementing a cyber attack response plan.
Wire Transfer Safety
Make sure you and your employees understand the risks of wire transfer fraud and the social engineering tricks used to perpetuate it. Develop a robust system of protocols to verify and double-check all transactions by phone and employ hard copy instructions where possible. Train your team on the procedures and ensure they are followed diligently.
Even with the best wire transfer safety protocols, it may be impossible to prevent all online criminal attacks. That’s where insurance comes in. Cyber Liability Insurance can help protect your architecture firm against the increasing costs of cyber attacks.
To learn more about coverage from Lockton Affinity Architect + Engineer, visit us online at LocktonAffinityA-E.com or call 888-425-7011.