Scammers target small to mid sized businesses, but larger victims get the most press. This lulls me into a false sense of security that recent events have shattered. Last week, I treated a valuable client’s Chief Financial Officer to lunch, and during the course of our conversation, he mentioned receiving a large consulting firm’s white paper warning of wire transfer fraud. This scam works by sending a Treasury Manager, Controller or CFO fraudulent instructions via email from their boss instructing them to wire money for a specific purpose to a special account. Often, the boss encourages to “…just keep it between you and me for now”, which may tap into the subordinate's need to be wanted or valued. Also, the request looks extremely legitimate, as the bad guys have nothing better to do than develop their skills at email spoofing.
I had not heard of this scamming strategy, and I remember thinking this might make an interesting blog topic.
Then, exactly 3 days later, I received a call from the very same CFO, and he said “You will not guess what has happened.” He proceeded to share how an email had just arrived from his CEO instructing him to make a $264,000 wire transfer for a new project that the company was about to start. I find it interesting he told me about the scam on Thursday and became the subject of the scam 3 days later. I knew then I had to write this article. And no, my customer did not transfer the money, thankfully.
Scammers troll LinkedIn to find out "who’s who" at a company. They research current events or travel plans of company personalities to add context to their message. Then, they create authentic looking emails containing instructions to move funds into accounts the control. Once this happens, reclaiming the money will probably never occur. Imagine if my friend had transferred $264,000 of his company’s money. According to the United States Secret Service, over $1 billion has been lost this way…in the last 18 months alone!
Join your colleagues from the Dallas Society of CPAs and the North Texas Chapter of the Risk Management Association for a panel discussion on cyber security with an emphasis on small to mid sized businesses and the financial services industry. You will learn from industry experts how best to prepare for, identify and respond to sophisticated, Internet based business threats. The program, which includes an excellent buffet lunch, will be held at Prestonwood Country Club on October 13th from 11 AM to 1 PM. You may find more information and sign up online.
I hope to see you there!
By Brian Terrell of BTerrell Group, LLP, Intacct and Sage ERP & CRM provider based in Dallas.