Architecture firms oversee the transfer of large sums of money for projects. That makes you a prime target for wire transfer fraud. Here’s what to know about the threat and the best practices for wire transfer safety.
What Is Wire Transfer Fraud?
When a criminal inserts themselves into a transaction involving the transfer of a large sum of money, it’s a form of fraud. Both wire transfer fraud and funds transfer fraud are terms that have been coined to describe the problem, since most large transactions now take place through digital banking.
Yet most wire transfer fraud doesn’t involve hacking into a bank customer or lender’s computer. Instead, most wire transfer fraud is accomplished by a criminal gaining your trust and tricking you into sending them the money directly. This tactic is often referred to as social engineering. Wire fraud and social engineering go hand in hand, with results that can be devastating for businesses.
To protect yourself, it’s important to understand the tactics employed by today’s digital fraudsters and to follow best practices when transferring funds. Remember, never send a wire transfer based on just an email.
How Does Wire Transfer Fraud Happen?
Wire transfer fraud can happen any time a large sum of money changes hands between a business and a client, vendor, partner or other individual or outside organization. Criminals prefer to target important transactions that offer big paydays, such as:
- Mergers and acquisitions
- Real estate transactions
- Construction escrow releases
- Legal judgements and settlements
- Employee benefits and compensation deals
- Other movements of large sums of capital
Transactions like these are just a normal part of doing business in the design and building industry. Even so, caution is required. You may be feeling excited or even anxious to complete a business deal, settle a payment or begin a new project. Additionally, you or your employees may feel pressure to facilitate a smooth and timely transaction.
Criminals know this and have social engineering tricks to exploit and manipulate the people handling these important transfers, including:
- Phishing—A common online hazard for businesses of all types, where criminals send the same fraudulent mass email to multiple targets, trying to trick recipients into giving up confidential business info or altering their funds transfer procedures.
- Spear phishing—A more targeted approach, where specific managers or executives receive a fraudulent email that includes enough real information that the target may be tricked into complying with a transfer request change.
Whether you receive an email to provide detailed information about an upcoming payment or to accommodate a payment change request, the incentive to comply is high. The email may appear to be from a boss, VIP, client, lawyer or other person in authority. But with any such request, it’s important to stick to a process to verify and confirm everything before any payment is made and any information is exchanged.
Can You Ensure Wire Transfer Safety?
Preventing wire transfer fraud and avoiding these social engineering tricks requires training, alertness and compliance with the established best practice security procedures. Following these best practices consistently can largely eliminate the risk:
1. Follow an Approval Process
Require dual approval of transactions, with any transfer being approved by both parties. Verify the transaction by calling the phone number already on file. Never confirm by email alone. Instructions for transferring funds should ideally be provided in hard copy format.
2. Ensure Computer Security
Use a dedicated computer for transfers, making sure the system is secure and free of malware and breaches. Phishing emails can contain viruses that compromise a computer, so it’s best to use one without access to email that only connects to secure sites.
3. Encrypt Financial Communications
Enable email encryption to protect communications, with a secure email system that encrypts both incoming and outgoing mail. Unsecured email is at high risk of being read by email provider hackers searching messages for payment-related keywords.
4. Designate Key Roles
Ensure separation of financial duties by limiting the overlap of duties related to financial transactions so that each employee has a clearly defined role in the process and cannot act alone without approval and coordination with other employees.
5. Implement Account Monitoring
Review account statuses frequently, looking for anything out of the ordinary that might indicate fraud. The sooner the bank can be alerted, the better the chance of recovery. Fraudsters often try to stall for time while moving your funds out of the country.
6. Conduct Workforce Training
Train all staff thoroughly on computer safety and funds transfer best practices. Emailed transfer change requests should always be treated as fraud attempts, no matter who the sender appears to be. If communications are disrupted, they should be restored before proceeding. Training and an agreed-upon protocol are truly key to preventing this fraud.
What Can Be Done If Fraud Occurs?
If you suspect fraud, immediately contact the bank and local law enforcement. Time is of the essence in any fraud recovery action. By contacting the FBI, the Financial Fraud Kill Chain (FFKC) can be used to recover large international funds transfers in limited cases. It is best to work with the bank immediately upon discovering the fraud and not to wait to determine if the funds have gone overseas.
For FFKC recovery action to proceed, a transaction must meet certain criteria:
- The wire transfer is $50,000 or more
- The wire transfer is international
- A SWIFT recall notice has been initiated
- The wire transfer has occurred within the last 72 hours
The epidemic of wire transfer fraud shows no sign of abating, with fraudsters continuing to develop new ways to intercept and misdirect payments. The only effective way to defeat online criminals is by being proactive. You may also consider implementing a cyber attack response plan.
How Can You Better Protect Your Firm?
Architects, engineers, construction managers and other design professionals are all vulnerable to attacks by fraudsters. Yet there things you can do to make wire transfer fraud harder to pull off.
- Make sure you and your team understand fraud risks and the tactics used to perpetuate them.
- Develop robust procedures to verify and double-check all transactions by phone and employ hard copy instructions where possible.
- Train your firm on your procedures and ensure they are followed.
These steps go a long way towards protecting your firm and its financial transactions. Unfortunately, no system is perfect every time. Some risk still remains, which is why the appropriate insurance protection is so important.
With Cyber Liability coverage from Lockton Affinity Architect + Engineer, you can protect against the high cost a fraud attempt can cause for a firm like yours. Cyber coverage can also protect against other online threats, such as data breaches, ransomware attacks and more.
Learn more by visiting us at LocktonAffinityA-E.com or call 888-425-7011.