Protect Your Business from Wire Transfer Fraud

October 07, 2022

Protect Your Business from Wire Transfer Fraud

Wire Transfer Fraud continues to be a real threat for many organizations who receive invoices from threat actors that look legitimate. Don’t get caught. With some advance planning and key security measures in place, you can protect your organization from falling prey to sophisticated criminal activity.

The first step in protecting your business is to understand that the methods being used by cybercriminals to interrupt and redirect wire payments can be quite covert and sophisticated. Scammers may use targeted email phishing, or other social engineering methods, to steal information and then use that information to manipulate an employee or executive into completing a fraudulent wire transfer. Fraudsters do this by inserting themselves into an online transaction and posing as a trusted vendor, service provider, or other known business contact.

While online scams aren’t new, the COVID-19 pandemic added an additional layer of risk when the internet was used at an unprecedented rate and our reliance on online business transactions increased dramatically. The cybersecurity impact of this has been significant, but there are many ways you can protect your organization from Wire Transfer Fraud.

Consider implementing these steps prior to wiring funds:

1. Include this footnote on your invoices: 

“To help prevent cyber fraud, our organization does not include wire transfer information on our invoices or emails. To make a wire payment, please call us directly so we can provide our banking information. Additionally, any request for electronic payments, or modifications/changes to your current payment method should be confirmed by contacting our organization at a known contact number, not the number provided within the email, unless they are the same.”

2. Use professional judgement:

Exercise caution with all requests for electronic payments, especially related to changes in your current payment method(s).  Assess whether the request seems legitimate or fraudulent. Does the sender’s name, email and domain name look accurate and authentic? Are the instructions unusual in any way – e.g., a sudden change in bank and/or account information after years of dealings? Was the request rushed or urgent? Does something seem off?

3. Validate the request:

Do not immediately reply to wiring instructions received electronically or by phone. Wait until you have time to review the request and validate the information. Take the time to be thorough and careful.

4. Use the information you have on file:

Use the phone number and information you have for the account, not a new number that has been provided in the updated instructions/request – even if the email appears to be from someone you know. Initiate the call yourself. Only process the payment when all of the information has been checked and you have confirmed the payment and recipient is legitimate.

5. Include secondary authorization within transfer procedures:

Require a second individual in the organization to authorize a transfer with new or updated wiring instructions.

Third Party Liability
Please be aware that if you have a Cyber insurance policy, it often provides third party defense coverage if your business partner suffers a cyber security incident and alleges that your organization is the cause of the breach. If this happens, we recommend that you immediately contact the Cyber Breach Coach on your Cyber policy. The Breach Coach will engage a forensic investigator to review your network and identify any issues that need to be addressed related to the allegation and to identify the entry point of the intrusion. Furthermore, the findings are protected by Attorney-Client privilege when the Breach Coach (Data Privacy Attorney) is engaged. This exposure would not be covered in a typical Crime policy and is subject to a lower sublimit for fraudulent impersonation coverage.

Personal Risk
Individual risk can also be an issue in fraudulent wire transactions. If an Executive is deceived into providing personal information and a fraudulent wire transfer takes place using personal data or funds, this incident is not covered by your organization’s insurance policy. Some homeowner policies, however, offer optional coverage for the loss of personal assets. Please consider having your organization’s executives review the availability of this coverage with agents from their personal homeowner’s insurance.

Tips from the FBI
In the U.S., the FBI is the federal agency that investigates cyberattacks and provides information on how to protect yourself from cybercriminals. The FBI has provided these tips for National Cybersecurity Awareness Month:

  • Recognize that cybercriminals will use current events (like the catastrophic hurricane in Florida or a global conflict) to appeal to your organization for help. Be suspicious and do not send payments without researching and verifying legitimacy.
  • If you’re not expecting a specific document, do not click links or open unknown email attachments. Verify the sender first and be aware of variations in spelling or an email address that looks unusual.
  • Travelling? The FBI warns that free charging stations provided in airports and other public places can infect your devices with malware and monitoring software. They recommend finding a power outlet and using your own plug and charger.

Your Graham Company Service Team is here to help you protect your organization from cybercrime and fraudulent wire transfers. We can assist you in determining the best way to manage, finance, and transfer your organization’s cyber risk. If you are interested in discussing further, please reach out to your Graham Company Account Manager.

If you have questions about your cyber posture, we encourage you to talk with us about GRAHAM CYBER BLUEPRINTSM. With Graham Cyber Blueprint, you can improve your cyber strategy and insurability as a result of completing a quick questionnaire that will help you identify areas for improvement and general recommendations for next steps to strengthen your organization's cybersecurity defenses.  Fill out our Graham Cyber Blueprint questionnaire HERE.

Margaux L. Weinraub,

CPCU, ARM, CPLP, CCIC, Cyber Practice Leader

mweinraub@grahamco.com
Tags: Cyber Liability Cyber Liability Insurance Cyber Liability Policy Cyber Risk Cyber Security Cybersecurity Cyber cyber attacks cyber insurance
RECENT POSTS
Risk Playbook: Episode 9 – General Michael Linnington
Risk Playbook: Episode 9 – General Michael Linnington

Jul 17, 2023

Utilize a Captive for Better and More Cost Effective Employee Benefits
Utilize a Captive for Better and More Cost Effective Employee Benefits

Jul 06, 2023

Focus on Providing Care, Not Paying for It with Life-Long Term Care Hybrid
Focus on Providing Care, Not Paying for It with Life-Long Term Care Hybrid

Jul 05, 2023

Canadian Wildfire Smoke Exposure: Protecting Outdoor Workers and Mitigating Health Risks
Canadian Wildfire Smoke Exposure: Protecting Outdoor Workers and Mitigating Health Risks

Jun 08, 2023

RELATED POSTS
2023 Cyber Market Update
2023 Cyber Market Update

Feb 21, 2023

Are Cyber Captives Right for Your Business?
Are Cyber Captives Right for Your Business?

Dec 20, 2022

Holiday Safe Shopping 2022
Holiday Safe Shopping 2022

Nov 25, 2022

Data Extortion Hacking Group "Lapsus$" Compromises Several High Level Organizations
Data Extortion Hacking Group "Lapsus$" Compromises Several High Level Organizations

Mar 23, 2022