In an article from their CFO Direct quarterly newsletter and in a related on-line video, PwC’s Valerie Wieman and Kristin Rivera explain several very simple wire transfer fraud schemes that can prove to be costly for affected companies.
According to Ms. Wieman and Ms. Rivera these fraudulent schemes involve requesting “fake” wire transfers. In their article, they cite 3 versions of the scheme:
- The cybercriminal may send a spoofed email allegedly from a CEO or CFO who is traveling, asking an employee for an emergency wire transfer;
- A spoofed email from a CEO or CFO who’s out of the office goes to an employee citing a “confidential deal” and asking the employee to contact an outside “lawyer” for further instructions. That “lawyer” then directs the employee where to send the wire transfer;
- A spoofed email allegedly from a vendor asks an employee to change the vendor’s address and payment information in the system.
The PWC experts also offer some advice for insuring that such fraudulent schemes are unsuccessful. Mainly, they suggest employee education and training and enhanced controls over the approval of and ability to send wire transfers.