Imposter Fraud—An Old-Fashioned Scam Finds New Life
Anne Bacher |
May 21, 2015
- With imposter fraud, a thief poses as a trusted person, company executive or a critical partner/vendor looking for quick responses in order to steal funds.
- Preventing imposter fraud requires establishing and enforcing clear company practices in initiating and approving payments.
- Employees should be trained to ask questions about suspicious requests and encouraged to verify payment requests, even when instructions seemingly come from the highest levels of the company.
Since the migration of business activities to the Internet, much has been made of the sophisticated methods cybercriminals are using to steal funds, corporate data, and intellectual property. Yet companies should be aware of imposter or business email fraud schemes – theft through a relatively low-tech approach – that have been successful in stealing millions from companies. The Internet Crime Complaint Center reports that thieves posing as imposters stole $215 million from over 2,000 businesses between October 2013 and December 2014.
In imposter fraud, thieves impersonate trusted decision makers (the CEO or CFO or a vendor) through business email to request that an employee send a payment. Sometimes they craft expertly forged emails, using data collected from surveillance activities. The email will reference real life activities such as a current vacation, a valid internal business memo, or something else that would gain the recipients trust to move funds. Another variation of the scam involves the thieves posing as their trusted vendors and sending emails stating that their payment details have changed. In many scenarios, the fraudster typically provides international wire instructions, using a jurisdiction where reversing or clawing back the funds is extremely difficult or legally impossible.
The Best Defense
The best protection against imposter fraud is to
train employees to rigorously follow established payments processes and question when something seems out-of-the-ordinary. If a payment request appears suspicious, employees should investigate further. For example, a thief posing as the CEO or CFO may instruct an employee to initiate a payment outside of the normal channels. Fraudulent requests typically invoke a false sense of urgency so that the employee will skip the correct procedures in order to respond to the "high-priority" request.
| Red Flags
|| Best Practices |
- Stop if the email address or phone for a vendor is different than the one you have on file.
- Be wary of requests marked confidential or asking for immediate action.
- Take note if there's a sudden change in a vendor's business practices. If a contact suddenly asks to be contacted via their personal email address, the request likely could be fraudulent.
- Look at the calendar. Email payment requests often coincide with dates when executives are out of the office. Criminals may have gained access to an executive's calendar and email server, and may know that the executives they are impersonating will be hard to reach.
Best practices to prevent imposter fraud:
- Establish and follow accounts payable practices for processing payment requests.
- Ban the use of email-only wire requests. Use a wire form or an intranet site.
- Validate payment requests through a secondary channel.
- Avoid making rush payments or payments based on a single set of instructions.
- Let employees know it's okay to ask questions about suspicious invoice requests.
Imposter fraud is a classic low-tech crime with low-tech solutions. To prevent imposter fraud, your company should establish clear procedures for processing payments – and adhere to them. Everyone in accounts payable and treasury should have clear instructions and training about how to request, process and approve payments. Require dual approvals for large payments for added security.
When suspicious requests are made, employees should verify requests through a secondary channel using the contact information on file. If the request arrives by email, verify it with a phone call. If the request comes by phone, confirm it by email. It pays to be vigilant.
Have questions on how to develop or enhance your company's fraud prevention plan? We are here to help. Contact your Silicon Valley Bank Relationship Manager or
Global Treasury and Payments Advisor to start a conversation about fraud prevention. Visit the
Fraud Prevention Center for additional information and best practices on protecting your company.
This material is provided for informational purposes only.
About the Author
Anne has more than 20 years of experience in Treasury Management as both a Corporate Practitioner and an Advisor to bank clients. At SVB, Anne delivers strategic and tactical guidance on worldwide account and service solutions to clients. Previously, as a Treasury Manager for several major technology companies, including Apple and Electronic Arts, Anne specialized in treasury operations, treasury systems and the creation of SOX 404 Controls. She earned her Bachelor Degree in Economics and in History from U.C. Berkeley, and holds the Association for Financial Professionals’ Certified Treasury Professional (CTP) designation .
Now Let's Get Started
See how Silicon Valley Bank makes next happen now for entrepreneurs like you.
Connect With Us