How a global pandemic can provide a breeding ground for wire fraud

April 17, 2020

NTL_Firm_15Apr20_COVID_Rise-of-wire-fraud_LandingPage_679x220.jpg

The COVID-19 crisis has ceased the normal operation of many businesses, as remote working and online transactions have become a necessary norm. Electronic processing of payments through wire or e-transfer are often the only available payment method, and those that are still being paid through cheque or cash may be left unattended or unreconciled due to reductions in workforce. The lethal combination of disrupted workforces, economic uncertainty, rapidly changing business processes and controls, and an increase in electronic money transfers has given wire fraud an unwelcome boost.

The faces of fraud and the tactics they use

As of April 6th, the Federal Bureau of Investigation (FBI) indicated an expected spike in business email compromise scams related to COVID-19. Of particular concern is the targeting of health care providers and government organizations around the purchase of supplies or Personal Protective Equipment (PPE). The Canadian Anti Fraud Centre (CFAC) has seen a sharp increase in COVID-19 scams, some of which include fraudsters pretending to be: 

  • Cleaning companies providing COVID-19 sanitation services or ‘air filters’
  • Charities offering ‘free’ PPE
  • Local utility companies threatening to disconnect services
  • The World Health Organization (WHO) providing lists of infected people in your community
  • Financial advisors offering lucrative investment opportunities
  • Private companies offering treatments or COVID-19 test kits
  • Government agencies requesting personal or health information 

Scam tactics such as phishing, vishing, malware, impersonation, or social engineering haven’t changed. However, these fraudsters are capitalizing on the fear and anxiety created by COVID-19 to lure individuals into disclosing confidential information, installing unauthorized software that compromises security, or making payments to financial accounts owned by criminals. Emails often appear to be legitimate because they seemingly come from familiar customers or vendors. These emails normally include a request for payment, but the account to which they normally send the money has been altered by the scammer.

Once the funds have been processed, recovery is often very difficult. Consequently, the financial and reputational impact to an organization can be significant.

How can your organization protect itself against wire fraud during this pandemic?

From asking the right questions to keeping up-to-date on training and processes, there are steps that you can take to mitigate the risks of wire fraud.

Validation

If physical mail is no longer a means to process payments, incorporate a process around validating payment requests to ensure that they legitimate. This can be as simple as calling the contact name in your files to confirm details around their request for payment.

Be skeptical

Exercise healthy skepticism around unusual and/or urgent requests, and ensure these are flagged and reviewed.

Enhance internal controls and protocols

Add or modify authorization protocols to your payments process to compensate for the loss of in-person controls.

Review, review, review

Be vigilant in reviewing payment requests, including email addresses, remittance accounts, reconciling to purchase orders and so forth.

Training

Refresh cyber-security training for staff, such as phishing awareness and not clicking on links from unknown or unexpected external senders.

Encryption

Only allow encrypted connections to company systems (e.g. Virtual Private Network or VPN).

Mind your access

Restrict access to financial applications and the ability to perform transactions based on role and responsibility, also known as the principle of least privilege. In addition, ensure that you revoke access from terminated employees in a timely manner.

Consistent monitoring

Increased monitoring and review of unauthorized access attempts, data leakage, email forwarding, unpatched or outdated systems.

How BDO can help

The current situation is constantly changing making preparation and risk mitigation challenging. Our team of professionals have helped a number of organizations adapt and pivot in this difficult economic environment and we are ready to help protect your organization from wire fraud.

Alan Mak, Partner, National Forensics Practice Leader

Vivek Gupta, National Leader – Cybersecurity Consulting