Businesses are seeing a significant increase in impostor fraud. This type of fraud occurs when an individual posing as a company executive, vendor or even the IRS will request a payment, wire of funds or change to payment instructions. The imposter may make contact by phone, email, fax or mail.
We are aware of several situations of a wire impostor fraud scheme. The company’s system of record was hacked, and an impostor posing as the CEO sent an email to an employee directing him to wire funds to a bank overseas. The employee followed internal disbursement processes, obtained the appropriate approvals, submitted the wire transfer request to the Bank and the funds were disbursed. It was later determined after the funds were deposited in the foreign account that the request was fraudulent.
These incidents are a reminder that impostors are becoming increasingly creative in their methods for committing fraud. Everyone must be alert at all times to unusual or unexplained activity and relationships and to red flags that may indicate fraud. This also alerts us to review company control and authority procedures to avoid, identify and manage unauthorized wires.
How do you prevent fraud?
You and your employees are the first line of defense against fraud.
The only way to lower the risk of being compromised is to be proactive and vigilant in recognizing the signs of fraud. Your fraud program should ensure your team members are aware of what the risks are, how to identify the warning signs and what steps and actions you can take to detect and report fraud.
Authority and Verification
Explore external fraud related to borrower-directed activities, emphasize the importance of taking direction only from authorized persons, and verify the direction with authorized persons.
Verification of an individual’s or requesting party’s authority ensures the individual requesting the service is, in fact, authorized to convey authority on the account. In other words, verify the authenticity of the request.
It would be prudent to review your company controls and authority procedures and periodically audit such procedures for adherence. Consider the following that may be unacceptable forms of both wire request and verification:
– Email address
– Return mail address
– Fax request
– Text by Phone
Additional red flags to consider to identify impostor fraud may include:
– Requests to bend a rule
– Immediate demand requests
– Threats of reprisal upon failure to act
– Directives from unauthorized persons
Is your team aware of impostor fraud? Impress upon them that they have a responsibility to:
– Protect the assets of borrowers and the company
– Recognize red flags that may indicate fraud
– Take the time to properly process and verify requests from third-parties
– Take directives only from authorized persons acting within their authorization limits
– Escalate verification failure as soon as it is identified
– Escalate disbursement fraud as soon as it is identified
– Identify, escalate and report unusual activity and suspected fraud
It is essential that all companies continually reinforce and review current processes and procedures and provide employees adequate and continual training related to identification and reporting of any potential fraudulent activities.