Alert

ALERT: Internet scams increase against businesses which have foreign suppliers or conduct wire transfers

Phishing scams image

May 11, 2017

The Federal Bureau of Investigation has released an alert warning of increased email scams causing fraudulent wire transfers and loss of confidential information. Businesses which perform wire transfer payments or which work with foreign suppliers have been especially targeted with sophisticated methods by individuals who have learned the business’ processes and activities. Between Jan. 2015 and Dec. 2016, actual or attempted losses from business email compromise increased by 2,370%, and were reported in all 50 states as well as 131 countries.

What to watch for

These scams often begin when a business’ employee clicks on a link in a “phishing” email from a seemingly legitimate source, which downloads malicious software (malware). This malware may provide access to the employee’s data, including passwords and personal information, or may be combined with social engineering to probe deeper in the organization for access. Social engineering occurs when a scammer manipulates employees by deception to get confidential information or system access – for example, pretending to be a repair person who needs a password to access the computer network.

The Internet Crime Complaint Center (IC3) outlines the five most frequent scenarios to watch out for:

  1. Business working with a long-term foreign supplier is asked to wire funds to pay an invoice to a different (fraudulent) account
  2. Business executive’s email account is compromised and used to request a wire transfer either from the company or even the company’s bank
  3. Employee’s personal email is compromised, then used to request payments from the business’ vendors to fraudulent bank accounts
  4. Scammers claim to be attorneys handling confidential or time-sensitive information, needing quick and secretive transfer of funds
  5. Business executive’s compromised email account is used to request confidential personally identifiable information (PII), often targeting human resource professionals; this scam may be followed by wire-transfer requests

Protecting yourself and what to do if you’re scammed

The FBI’s alert includes a list of practices to help businesses protect themselves. More information including what action you should take if you’re scammed is available from the US Department of Justice in the publication Best Practices for Victim Response.

Need more information?

To learn more about how to protect your business and yourself with IT risk management, contact Brian Johnson, senior vice president of technology services, using the information below.

Brian Johnson

Senior Vice President
Technology and Administration

Brian Johnson is an experienced technology executive and consultant with a proven track record of leadership in technology management. As a technology and business leader with more than 30 years of experience, Brian successfully leverages his technology background, business acumen, and people management skills to help organizations link innovative technology solutions to their strategy and mission. Brian’s technology experience and credentials are supplemented by his training as a certified public accountant.

Brian is a frequent speaker and advisor on technology developments and trends. A certified public accountant, he has extensive expertise in IT risk advisory services and has earned the Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified In the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC), credentials as well as additional certifications in operations management, systems engineering, and solution development. Brian was named one of the Wichita Business Journal’s CIO of the Year honorees in 2015.

Information in this document has been obtained by Allen, Gibbs & Houlik, L.C. from sources believed to be reliable. However, AGH does not guarantee the accuracy nor completeness of any information. This communication does not and is not intended to provide legal, accounting or other professional advice or opinions on specific facts or matters, and accordingly, AGH assumes no liability whatsoever in connection with its use. Nothing in this communication can be used to avoid penalties that may be imposed by a governmental taxing authority or agency.