- With imposter fraud, a thief poses as a trusted person, company executive or a critical partner/vendor looking for quick responses in order to steal funds.
- Preventing imposter fraud requires establishing and enforcing clear company practices in initiating and approving payments.
- Employees should be trained to ask questions about suspicious requests and encouraged to verify payment requests, even when instructions seemingly come from the highest levels of the company.
Since the migration of business activities to the Internet, much has been made of the sophisticated methods cybercriminals are using to steal funds, corporate data, and intellectual property. Yet companies should be aware of imposter or business email fraud schemes – theft through a relatively low-tech approach – that have been successful in stealing millions from companies. The Internet Crime Complaint Center reports that thieves posing as imposters stole $215 million from over 2,000 businesses between October 2013 and December 2014.
In imposter fraud, thieves impersonate trusted decision makers (the CEO or CFO or a vendor) through business email to request that an employee send a payment. Sometimes they craft expertly forged emails, using data collected from surveillance activities. The email will reference real life activities such as a current vacation, a valid internal business memo, or something else that would gain the recipients trust to move funds. Another variation of the scam involves the thieves posing as their trusted vendors and sending emails stating that their payment details have changed. In many scenarios, the fraudster typically provides international wire instructions, using a jurisdiction where reversing or clawing back the funds is extremely difficult or legally impossible.
The Best Defense
The best protection against imposter fraud is to train employees to rigorously follow established payments processes and question when something seems out-of-the-ordinary. If a payment request appears suspicious, employees should investigate further. For example, a thief posing as the CEO or CFO may instruct an employee to initiate a payment outside of the normal channels. Fraudulent requests typically invoke a false sense of urgency so that the employee will skip the correct procedures in order to respond to the "high-priority" request.
|Red Flags||Best Practices|
Best practices to prevent imposter fraud:
Imposter fraud is a classic low-tech crime with low-tech solutions. To prevent imposter fraud, your company should establish clear procedures for processing payments – and adhere to them. Everyone in accounts payable and treasury should have clear instructions and training about how to request, process and approve payments. Require dual approvals for large payments for added security.
When suspicious requests are made, employees should verify requests through a secondary channel using the contact information on file. If the request arrives by email, verify it with a phone call. If the request comes by phone, confirm it by email. It pays to be vigilant.
Have questions on how to develop or enhance your company's fraud prevention plan? We are here to help. Contact your Silicon Valley Bank Relationship Manager or Global Treasury and Payments Advisor to start a conversation about fraud prevention. Visit the Fraud Prevention Center for additional information and best practices on protecting your company.
This material is provided for informational purposes only.