The first “online” transfer of money dates back more than 150 years ago. The sender would make a payment at a Western Union office which then sent a message over the company’s existing telegraph network, using passwords and code books to authorize the release of funds to the recipient waiting at the receiving location. Since then, wire transfers have been a fast and reliable way to send funds to businesses and individuals, domestically and internationally. Recently, however, wire transfers have become a target for scammers who use emails, phone calls and a myriad of other tactics to trick people into sending money to them, instead of the intended recipient.
According to the FBI, about $2 billion is lost annually in funds transfer fraud. Some cases involve third-party payment apps like Zelle and Venmo, while others abuse more traditional services. In any scenario, fraudulent activity must be mitigated with strong oversight and tight internal controls at financial institutions both large and small.
In mid-2022, a $6.4 billion asset bank holding company in the mid-west was the victim of international wire fraud that cost the company more than $18 million in losses. The transaction involved a “foreign threat actor” who used a forged wire transfer form to steal the funds, targeting a general ledger at the bank discovered by hacking a single employee email account outside of the company’s network.
A forensic technology investigation firm analyzed the incident and concluded that the bank’s network was not compromised and no attempts were made to access client accounts. In other words, the crime was committed by pilfering information from an employee email and by forging documents. This is just one of many examples where insufficient controls, data protection protocols and verification procedures can have a major detrimental impact on financial performance, not to mention reputational marketplace risk.
Take a multipronged approach to prevent wire fraud
- Secure employee end-user devices. Keep computers and mobile devices protected with updated antivirus and security software.
- Control access. Require the use of strong, unique passwords or passphrases to log in to a device, an email account and the bank networks, especially important in a remote work environment. Implement multifactor authentication (MFA), password vaults and other technologies for additional security. Read more >
- Train often. Employees at every level, from front line to back office to the C-suite, should be consistently and frequently educated about common scams, red flags, language and tactics used by scammers and the best practices to spot a potential threat before it happens.
Take fast action when an incident occurs
As the financial institutions that become victims of wire fraud quickly learn, acting fast to identify and attempt to mitigate losses is critical. Yet, that may not be enough. Rehmann’s team of forensic accountants and investigators work closely with bank leadership to identify internal control gaps that may expose the organization to fraud opportunities, help uncover why and how the gaps may have been overlooked and develop a detailed, feasible plan to address these gaps and lower future risk.
Our team of financial, IT, cybersecurity and forensic investigations advisors have the skills, experience and access to the latest technologies to provide expert guidance to design, implement and test internal controls that serve your unique risk profile. Talk with your Rehmann advisor or contact Bill Edwards, Director of Financial Investigations, at [email protected] or (248) 267-8445.