Mon, Nov 23, 2015

Down to the Wire

In the past year, Kroll Canada has seen a significant increase in wire transfer fraud, costing its victims time, money and significant operational disruptions.

One of the greatest worries for companies, however, is the possibility that they were being targeted from the inside.

In each case where Kroll was retained, the perpetrators seemed to have an uncanny knowledge of the victimized company, including its corporate structure, such as names and positions of executives as well as employees within the treasury and accounting functions. This in- depth knowledge triggers concerns regarding internal involvement or collusion. However, companies should also realize that the use of social media, professional networking sites such as LinkedIn and a company’s own website can make it easy to ascertain information about the company’s executives and how the company operates.

The way to combat wire transfer fraud would seem quite clear, straightforward and obvious: put in place proper policies and procedures.

The fraud usually starts with a single email—often ostensibly from a senior executive—requesting a wire transfer. In most cases, the email contains a chain with what appears to be legitimate prior communications between senior executives, thereby strengthening the credibility of the message. Bolstered by this apparently legitimate string of executive communications, it is not unusual for the recipient to confirm and facilitate the fraudulent transfer request.

One mechanism used to carry out the fraud is to slightly modify the domain name in a manner that will usually go undetected by the recipient. For example, the perpetrator would use “” instead of “”. It’s easy to see in a case like that how a recipient could miss the different spelling, especially if the sender is a senior executive.

Growing and Widespread Problem

In 2014, wire transfer fraud was the number one mass- marketing fraud (MMF), as calculated by dollar loss, reported to the Canadian Anti-Fraud Centre (CAFC), to the tune of more than $22 million. “Only one to five percent of MMF victims report to the CAFC,” says Daniel Williams of the Royal Canadian Mounted Police, who is senior call taker supervisor at the CAFC. “So, sadly, we are all too certain the actual numbers are much higher.” The second most-reported fraud in 2014, for comparison, involved dollar losses of just under $13 million. The problem is prevalent enough that, in early 2014, the Toronto Police Service issued a news release warning companies and individuals of “a number of incidents [requesting] large sums of money to be transferred by email.”

In the U.S., the scam is known as a business email compromise (BEC). According to a January 2015 alert from the FBI, it had received BEC complaints from every state and 45 countries. The total dollar loss between October 2013 and December 2014, based on the cases of which it was aware, was approximately $179.75 million in the U.S., and a combined loss of almost $215 million worldwide. “The FBI assesses with high confidence the number of victims and the total dollar loss will continue to increase,” the alert said.

A Simple but Sometimes Compromised Solution

The way to combat wire transfer fraud would seem quite clear, straightforward and obvious: put in place proper policies and procedures. Indeed, having these policies and procedures is critical, but wire fraud highlights a persistent security weakness—our human nature. Often, security controls are overridden through social engineering simply due to our desire to please others, particularly those in positions of authority. In the cases we’ve seen, when employees receive requests from senior executives, the motivation to assist the person higher in rank outweighs the need to stop and validate that the request is legitimate.

The way to combat this possibility is for a company’s most senior managers to make it absolutely clear to everyone involved in approving wire transfers that no one, no matter their rank, can override policies or proper procedures. When that message is communicated clearly, the chance of being defrauded in this manner is reduced significantly.

Red flags to identify potentially fraudulent wire transfer requests

  • Unusual or vague transaction details: The transaction is described in vague terms (e.g., “strategic marketing advice”) or referenced as a confidential matter known to senior management (e.g., “confidential joint venture investment”). Instructions regarding recording of the transaction are also vague (e.g., “corporate marketing”).
  • Unknown beneficiary and round-sum amounts: The beneficiary is typically a person/entity unknown to the organization and may reference a jurisdiction in which the organization typically does not conduct business. Round-sum amounts, such as “$200,000,” should raise suspicions, although many fraudsters are aware of this and often avoid them.
  • Absence of required supporting documents: Normal wire transfer requests should be supported by appropriate documentation available to both those preparing and approving the transfer. Fraudulent requests often state supporting documents will be provided later or were provided to the CEO or other senior executives.
  • Non-standard email format: Any irregularity in email headers, footers and content such as [email protected] rather than the standard format [email protected] or use of an atypical font or email footer suggest that it could be a fraudulent communication (in addition to a false email domain).
  • Requirement to circumvent normal protocols: A pretext is often presented to justify the need and urgency to circumvent normal protocols. These include reasons such as the funds must be received before end of business the next day to close a confidential transaction, avoid penalties or avoid seizure of product.

Five Strategies to Avoid Fraudulent Wire Transfers
An organization can employ strategies over and above basic internal controls to avoid processing fraudulent wire transfers.

  • Enhanced training and awareness. All relevant employees should receive training periodically to ensure they are fully aware of corporate policies, the prevalence of fraudulent wire transfers and the red flags indicating a potential fraudulent request. All communications from banks or agencies regarding wire fraud scams should be circulated.
  • Establish escalation protocols. Employees should be provided with predefined escalation protocols if they have concerns regarding the validity of a wire transfer request. These escalation requests and subsequent approvals (or denials of approval) should be documented, including details of procedures undertaken to address the initial concerns.
  • Establish protocols for rush or confidential wire transfer requests. Predefined protocols should be established to accommodate legitimate rush and/or confidential transfers.
  • Use IT filters to block fraudulent emails. Existing IT systems can be used to block or flag unwanted emails, such as those emanating from domain names similar to that of the organization.
  • Monitor domain registrations. Conduct periodic searches to identify registered domain names similar to that of the organization. Suspect names can also be blocked.

Learn more about fraud statistics and trends in Kroll’s annual Global Fraud Report.

Intelligence, Transactions and Due Diligence

When organizations worldwide need intelligence, insight and clarity to take decisive action, they rely on Kroll.

Forensic Investigations and Intelligence

The Kroll Investigations, Diligence and Compliance teams consists of experts in forensic investigations and intelligence, delivering actionable data and insights that help clients worldwide make critical decisions and mitigate risk.