Cheques and Wires: More Case Studies in Fraud
- Keywords:
- fraud
- payment fraud
- payments
- wire transfers
We’ve covered fraud several times, including providing real-world examples of how quickly fraudsters can get away with your funds. It’s a problem that affects businesses of all sizes, including larger companies.
Technology is a major enabler, particularly when it comes to wire fraud. But as you’ll see in one of the examples below, there’s plenty of risk involving analog methods. That’s why it’s important to remain vigilant, improve your systems and adhere to best practices at all times.
The Cheques Not In The Mail
COMPANY PROFILE
A metal stamping company with annual revenue of more than $75 million.
THE EVENT
While conducting a weekly reconciliation of their chequing account, the company noticed three cheques that cleared their account dated Dec. 30, 2016, that appeared to be fraudulent. It turned out that a thief had stolen one of the company’s cheques in the mail, then sold the account information on Craigslist. Fraudsters created a false cheque stock and presented multiple cheques against the exposed account. A month later, the fraudsters also attempted to execute phishing scams via emergency wire requests against the same account.
THE FALLOUT
More than $2,000 put at risk.
THE WARNING SIGNS
Of the three fraudulent cheques that cleared the company’s accounts, two of them were for the same dollar amount, which immediately raised suspicions. Also, fraud activity rises in December. Many employees tend to take vacations during the holiday season, and fraudsters are more active in the event that less-experienced personnel may be managing a company’s payment processes.
THE LESSONS LEARNED
The company closed its old account and opened a new one with Positive Payee, which compares the payee line of the presented cheque image against the payee data in the company’s issue file. Additional steps that could prevent this type of fraud from occurring include a daily reconciliation of cheques payments, reducing the number of cheques sent out, and moving more payments to Electronic Funds Transfers.
Attack of the Clone
COMPANY PROFILE
A healthcare company with annual revenue of more than $400 million.
THE EVENT
Employees in the accounting group with access to the company’s online banking system noticed the requestor for a recently cleared wire was the company CEO. Because the company CEO had never been involved in wire request before, the department investigated further, eventually determining that fraudsters cloned the CEO’s email to send a wire request to the CFO.
THE FALLOUT
Nearly $50,000 put at risk.
THE WARNING SIGNS
Although there was nothing unusual about the amount requested in the wire, the CEO had previously never been involved in any part of the wire process, which should have been a red flag. Several C-level staffing changes in the company, however, could have contributed to the communication gap.
THE LESSONS LEARNED
If the CFO had confirmed the wire with the CEO, either via telephone or in person, the wire would never have been executed. In response, the company reviewed its internal processes, including implementing better internal communication before approving wire requests.
Getting Too Personal
COMPANY PROFILE
A real estate title company with annual revenue of more than $10 million.
THE EVENT
While the company’s attorney was on vacation, he sent a wire request for a property closing. Because he didn’t have access to his corporate email account, the attorney sent the request via his personal email.
The next day, the party requesting the funds called to inform that they never received the money. It was determined that the attorney’s email was hacked via a phishing scam, enabling fraudsters to intercept the wire instructions and have the funds rerouted to a different bank.
THE FALLOUT
More than $75,000 put at risk.
THE WARNING SIGNS
The request was sent from a personal email address rather than an approved company account.
THE LESSONS LEARNED
Although the company has a policy in place for dual controls, which requires two call backs to confirm a request, those protocols were not followed in this case. The company is in the beginning stages of overhauling its practices for approving wire requests for closings, especially ones originating by email.
Read more
Susan Witteveen
Senior Vice President & Head, Treasury & Payment Solutions
Susan Witteveen is an accomplished executive within the financial industry across North America, having spent over 20 years in a variety of leadership roles. …(..)
View Full Profile >We’ve covered fraud several times, including providing real-world examples of how quickly fraudsters can get away with your funds. It’s a problem that affects businesses of all sizes, including larger companies.
Technology is a major enabler, particularly when it comes to wire fraud. But as you’ll see in one of the examples below, there’s plenty of risk involving analog methods. That’s why it’s important to remain vigilant, improve your systems and adhere to best practices at all times.
The Cheques Not In The Mail
COMPANY PROFILE
A metal stamping company with annual revenue of more than $75 million.
THE EVENT
While conducting a weekly reconciliation of their chequing account, the company noticed three cheques that cleared their account dated Dec. 30, 2016, that appeared to be fraudulent. It turned out that a thief had stolen one of the company’s cheques in the mail, then sold the account information on Craigslist. Fraudsters created a false cheque stock and presented multiple cheques against the exposed account. A month later, the fraudsters also attempted to execute phishing scams via emergency wire requests against the same account.
THE FALLOUT
More than $2,000 put at risk.
THE WARNING SIGNS
Of the three fraudulent cheques that cleared the company’s accounts, two of them were for the same dollar amount, which immediately raised suspicions. Also, fraud activity rises in December. Many employees tend to take vacations during the holiday season, and fraudsters are more active in the event that less-experienced personnel may be managing a company’s payment processes.
THE LESSONS LEARNED
The company closed its old account and opened a new one with Positive Payee, which compares the payee line of the presented cheque image against the payee data in the company’s issue file. Additional steps that could prevent this type of fraud from occurring include a daily reconciliation of cheques payments, reducing the number of cheques sent out, and moving more payments to Electronic Funds Transfers.
Attack of the Clone
COMPANY PROFILE
A healthcare company with annual revenue of more than $400 million.
THE EVENT
Employees in the accounting group with access to the company’s online banking system noticed the requestor for a recently cleared wire was the company CEO. Because the company CEO had never been involved in wire request before, the department investigated further, eventually determining that fraudsters cloned the CEO’s email to send a wire request to the CFO.
THE FALLOUT
Nearly $50,000 put at risk.
THE WARNING SIGNS
Although there was nothing unusual about the amount requested in the wire, the CEO had previously never been involved in any part of the wire process, which should have been a red flag. Several C-level staffing changes in the company, however, could have contributed to the communication gap.
THE LESSONS LEARNED
If the CFO had confirmed the wire with the CEO, either via telephone or in person, the wire would never have been executed. In response, the company reviewed its internal processes, including implementing better internal communication before approving wire requests.
Getting Too Personal
COMPANY PROFILE
A real estate title company with annual revenue of more than $10 million.
THE EVENT
While the company’s attorney was on vacation, he sent a wire request for a property closing. Because he didn’t have access to his corporate email account, the attorney sent the request via his personal email.
The next day, the party requesting the funds called to inform that they never received the money. It was determined that the attorney’s email was hacked via a phishing scam, enabling fraudsters to intercept the wire instructions and have the funds rerouted to a different bank.
THE FALLOUT
More than $75,000 put at risk.
THE WARNING SIGNS
The request was sent from a personal email address rather than an approved company account.
THE LESSONS LEARNED
Although the company has a policy in place for dual controls, which requires two call backs to confirm a request, those protocols were not followed in this case. The company is in the beginning stages of overhauling its practices for approving wire requests for closings, especially ones originating by email.
What to Read Next.
Balancing the Liquidity Scales
Susan Witteveen | December 11, 2020 Manage Cash Flow, Addressing Covid 19
For CFOs and corporate treasurers, the events of 2020 have highlighted the need for sound fundamentals. We’ve seen organizations boost their ca…
Continue Reading>
Tell us three simple things to
customize your experience
