How to spot impostor fraud
Impostor fraud is a growing threat to every organization that sends out payments, including the City. It involves a scammer who poses as a company executive or vendor and instructs an employee to make one or more payments, usually by wire transfer. An alert City employee recently caught an attempt at impostor fraud and thwarted the scammer’s efforts.
Impostor fraud can happen in a number of ways:
Email: An employee authorized to make payments receives an email from the boss marked “urgent” and “confidential,” along with a request and instructions to send a wire transfer. The email appears legitimate and has the correct information in the auto signature. Even when looked at carefully, the sender info seems to be the correct internal email address of the boss.
An alert employee recently caught this impostor fraud email (names and contact information have been changed). If you ever have doubts about a transaction, contact your supervisor immediately.
Phone call: An employee receives a phone call from a longtime, highly valued vendor who recently changed banks and now needs to update her company's bank account information.
Impostor fraud affects organizations of all sizes in all industries. The number of fraud attempts and dollars lost is dramatically increasing. Between October 2013 and year-end 2014, the Internet Crime Complaint Center received impostor fraud-related complaints from every U.S. state and 45 countries involving 2,126 victims and reaching nearly $215 million in related losses.
Because the City sends payments, it's at risk.
What can we do to protect ourselves?
- The Information Technology Department screens incoming emails and filters out those that falsely appear to come from inside the City domain, but some messages manage to get through.
- Use common sense. See red flags if someone requests thousands of dollars out of the blue or makes a payment sound so urgent that you’d have to bypass the established payment practices.
Make sure to follow procedure for every payment request. Verify the requester. Use the contact information you have on file instead of the links or phone numbers that the requester provides. And if ever in doubt, contact your supervisor immediately.
- Different contact information for a vendor than what you have on file.
- Financial requests marked “confidential” or asking for immediate action.
- A sudden change in a vendor’s business practices, such as asking to shift to his or her personal email address.
- Requests coming in when someone is out of the office and hard to double-check with (criminals may have gained access to an executive’s calendar and email account, and may know that the executive they are impersonating will be hard to reach).
- Follow accounts payable practices for processing payment requests.
- Don’t respond to email-only wire requests. Use a wire form or an intranet site.
- Validate payment requests through a secondary channel.
- Avoid making rush payments or payments based on a single set of instructions.
- Ask questions about suspicious invoice requests.
Published Feb 23, 2016