You may also be interested in:

Articles

BEC Scams: A Threat Treasurers Can’t Afford to Ignore

  • By Andrew Deichler
  • Published: 7/1/2015
The Financial Services Information Sharing and Analysis Center (FS-ISAC), the Federal Bureau of Investigation (FBI) and the U.S. Secret Service released a joint statement last week warning businesses of an increase in business email compromise (BEC) scams. The scam targets companies that make routine wire transfers to foreign suppliers and businesses.

Typically, a company will receive a transfer request via email from what appears to be a high-level executive or a routine supplier. However, the request is actually coming from a hacked email account, or an account that has been “spoofed” to appear legitimate.

Corporate treasurers know this scam all too well.

Just last week, a company based in China attempted to initiate a fraudulent wire transfer against ChildFund International. The company posed as ChildFund’s CFO and wrote to its assistant controller ordering the delivery of funds. “It appeared that our CFO was writing to us from his vacation,” said Sassan Parandeh, CTP, global treasurer of ChildFund. “They probably knew he was out of the office because of his out-of-office message. They emulated an almost identical e-mail to ours where instead of @ccfusa.org they used @ccfsusa.org.”

Thankfully, due to ChildFund’s strong internal controls, the child development organization caught this immediately and wrote back multiple times luring the fraudsters in. “Once we clearly identified their IP address, we informed the U.S. Marshals.”

Incidents like these are becoming more and more common. During a roundtable discussion at the CTC Corporate Treasurers Forum in Chicago, a representative from a major bank said that in just the last six months, many of his corporate clients have been hit with BEC scams.

In many cases, BEC scams begin with a phishing email. “Statistics have shown that one of those phishing emails will be opened by one of your employees,” he said. “It will say that you won a prize, it will ask you to check on the status of a package, etc. They’ll click on it, and it will trigger malware that will go inside your email server. You won’t realize it; it won’t be stopped by traditional protections.”

From there, the hackers will begin monitoring the employee’s emails, until they determine who initiates wires and who requests them. “They’ll find out who the president or CFO is and replicate their email and signature,” the bank representative explained. “They’ll send an email to whoever approves the wires or initiates them. They’ll set up their own mail domain and change one letter. For example, if you have an 'm' in your company name, they’ll change it to 'rn'. If you have a 'w', they’ll change it to two 'v’s'. It looks identical. Companies miss this all the time.”

Timing and phrasing can also help companies recognize these types of scams. The fraudster making the request typically says that the transfer is for administrative purposes or an acquisition, and will stress that the payment needs to be made immediately. The request usually comes on a Thursday or Friday, or right before a holiday weekend when the company is short-staffed.

The bank representative stressed that these scammers are skilled at picking up on your employees’ schedules, and even personal relationships in the office. The CEO and CFO for one of his corporate clients are best friends who have worked together for years. When the CEO was out of the office, hackers sent an email to the CFO, asking him to send a wire. “The CFO thought this was a weird request, so he decided to wait until the next day and ask the CEO when he was in,” he said. “But the next day, he wasn’t in, and the CFO got another email saying, ‘Where’s that wire? I really need it now.’ They knew he was going to be out for two days.”

Ultimately, the CFO sent the money. He transferred $100,000 to China, which is 14 hours ahead of the company. Once the company figured it out on Friday, the banks were closed. “By the time we contacted the Chinese bank on Sunday night, the money was long gone, with no chance to get it back,” he said.

The banker added that it is absolutely critical to train your employees so that when they come across emails with this type of phrasing, it sets off a red flag. “They’re in your email system,” he said. “They have malware in your email. They are reading every one of your emails. It’s uncanny how they know who is going to be in your office.”
Just One Day to Spare?
Discover practical knowledge and innovative solutions to bring back to your organization and take advantage of a full day of educational and networking highlights at AFP 2018.
Select your One Day Pass

Copyright © 2018 Association for Financial Professionals, Inc.
All rights reserved.