What every business owner needs to know
With just about every business using online banking, there has been a significant rise in targeted Funds Transfer Fraud Scams. If we look at statistics published by the Australian Banking Association, we can see that $176 million was lost in Australia across all scam categories in 2020. With scam tactics occurring across Phone, Email, Text, Internet, Social, Mobile Apps and In Person.
Did you know that emails and phone calls can pose the most risk for FTF scams?
These scams can also be known as false billing or invoice scams and they target the lifeblood of businesses, their communication networks. The largest number of scams occurred via the phone (103,000 scams in 2020) with a reported loss of $48 million, whilst the second highest occurred via emails (47,500 scams in 2020) with a loss of $34 million.
How can it happen?
False billing scams generally occur via email, but can also be sent via SMS, instant messaging, and even social media. They are an extremely successful method of fraud because financial transactions are processed very quickly and once completed, there’s little recourse as funds are available immediately to the cyber-criminal. It is this inevitability that attracts cyber-criminals to these type of fraud scams because once the invoice is paid, they are home free.
These particular types of scams operate in two ways. First the cybercriminal poses as a person of trust, for example as a company executive, known vendor, lawyer or government agency. Next, they send an email requesting the urgent payment of funds using details provided in the email. These fraudulent emails can request payments for things such as domain name renewals, advertising, or office supplies. An employee is gulled into trusting these instructions and immediately follows through with the instructions.
The second way that these funds transfer fraud scams operate is called business email compromise (BEC). This is where passwords and login details are first stolen using phishing emails. They then log into a trusted person’s email account and send the email directly from the account. Funds transfer scams are so successful, because people are duped into believing that the urgent payment requests are genuine. Employees who fear upsetting management, working from home and do not have access to management, or believe they are receiving the request from management, are less likely to question suspicious activity.
How to protect your company from funds transfer fraud scams
Whilst funds transfer fraud is prolific, there are a number of strategies that can help to protect your business. First and foremost is to educate your employees so that they are not deceived into sending money to these cyber criminals. It is a good idea to put together a cyber policy that is specifically aimed at educating your employees on how to avoid being taken in by these scams. You may find some of the following suggestions helpful to forming your own cyber security policy:
- Educate your employees on how to identify these email scams.
- Cross check all invoices sent via email with purchase orders.
- Limit the number of employees who can authorise fund transfers.
- Confirm changes to vendors’ banking details, using the phone number on file.
- Ensure that two employees are involved in any requests for urgent funds transfer; one who receives the email request and a second who agrees that this is a legitimate request and authorises the transfer.
- Always use encrypted emails for all your company’s correspondence and implement two-factor authentication sign on.
- Keep your anti-virus software up to date.
If you suspect that your company has been the victim of a funds transfer fraud incident, contact your financial institution immediately. In addition, if you taken out the optional funds transfer fraud cover on your 360 Cyber insurance policy make sure that you also notify our Incident Response Hotline noted on your Policy Schedule.
Please note the information in this article is general in nature and should not be relied upon as advice, as it does not consider your personal needs, objectives and financial situation. All coverage is subject to the specific terms and conditions contained in in the Policy Wording.