Protecting your firm against fraud

Business fraud continues to threaten companies, with 65% of organizations reporting being victims of either attempted or actual fraud activity in 2022, according to the 2023 AFP Payments Fraud & Control survey. Of these companies, 71% experienced business email compromise while 63% experienced check fraud. Now more than ever, it’s crucial for organizations to be aware of evolving fraud schemes and implement procedures to help mitigate losses. Here are some typical fraud schemes we’ve seen in the market and some ways to help protect your firm.

Fraudsters continue to become more intelligent when it comes to check fraud, so much so that the standard Positive Pay service may not have the ability to catch the fraudster in action. For example, if a fraudster gets a hold of a company’s check written out to pay a vendor, they have the ability to remove the Payee name from the check using chemicals and place their name on the check instead. As such, standard Positive Pay services will not stop this fraudulent activity from occurring as Positive Pay only allows cross checking between the serial number, ABA, account number and amount on the check. As a result, we recommend you consult your bank about Payee Positive Pay. This service will also cross-check the payee field on a check. Another vulnerability with the use of checks is that checks are able to be physically stolen via mail fraud. For additional security, it’s important to limit the use of checks where possible, as ABA and account numbers are visible on checks. When possible, ACH and wires with the right controls in place should be used in place of checks.

Cybersecurity attacks continue to increase in frequency and sophistication. Fraudsters are attacking businesses through compromised emails and social engineering. It is imperative to authenticate requests received via email or other electronic methods before acting upon any such instructions, particularly those directing the movement of funds. Authentication may include verbal or other method of confirming the legitimacy of the email directly with the sender through a previously established phone number.

Banks have seen an increase in compromised emails where fraudsters pose as executives (e.g., president, controller, treasurer, CFO, etc.), vendors and employees. In this type of attack, it appears that an executive requested a wire, a vendor changed their wire remittance instructions, or an employee changed their banking instructions for payroll so that a fraudulent transaction is initiated and approved in an online banking system (e.g., Business NetBanking).

This entails installing malicious software or malware on a law firm’s computer server, effectively “locking” files. Subsequently, a ransom is demanded to unlock the files, causing disruption to the firm’s operations. There are two solutions: pay the ransom for an unlock code, relying on the perpetrator’s trustworthiness or prevent ransomware by avoiding phishing emails and maintaining updated antivirus software on all devices connected to the law firm’s server.

This is when fraudsters send an email appearing to be someone you know and trust — typically a colleague, manager or vendor. Fraudsters use a slight variation of the original email address. The email seems like a legitimate request that tricks you into transferring money to the fraudster or sharing confidential information. Fraudsters rely on impersonation and social engineering tactics to carry out different versions of the scam.

This includes any wire that was initiated as a result of fraud or deception. For example, when deals are closing, fraud can occur between parties who have not accurately verified payment instructions or parties who are not communicating through secure channels.

To help you be aware of these threats, we wanted to share these typical characteristics:

• Fraudulent email requests are often well-worded and may be based on previous legitimate emails.
• The email address may look identical to your legit counterpart so do not let this fool you. Make sure to contact the individual directly with a phone number you have on file.
• Phrases “code to admin” or “urgent wire transfer” are common.
• Email may provide an alternate phone number, advise that the sender is traveling, or otherwise unavailable to discuss verbally, but can be reached through email.
• Fraudulent request amounts are similar to normal business transaction amounts.

To better detect these types of schemes and protect your business:

• Establish internal communication procedures (e.g., verbal authentication), to verify transaction requests, particularly any requests to a new beneficiary as well as employee requests.
• Do not confirm a request using information contained in the email which you are trying to validate. Authenticate all wire remittance change requests from vendors via a phone call to a known contact or known number. Be suspicious of requests that pressure you take action quickly, are to foreign beneficiaries that are not consistent with historical requests, or to a beneficiary name different from the vendor.
• Implement dual controls which requires two employees to initiate a transaction or transfer, ensuring the success of the process does not rely upon the actions of one sole person.

The CIBC logo is a registered trademark of CIBC, used under license. ©2024 CIBC Bank USA