Promoting staff awareness to curb losses critical
TORONTO, Nov. 10, 2014 /CNW/ - EY's Fraud Investigation and Dispute Services group has been made aware of a wire-transfer scam that has impacted several companies recently. While many companies have avoided losses, some have lost up to $5 million.
"No company is immune from fraud and, as we've seen, the cost can be significant because the chances of recovery are remote," says Mike Savage, EY Partner and Canadian Fraud Investigation and Dispute Services Leader. "By increasing awareness of these schemes amongst their staff – especially those authorised to release wire transfers – companies can better detect fraud and prevent losses."
The highlights of this recent scam are as follows:
- An employee receives emails from an individual impersonating an executive of the company, typically the CFO or CEO.
- These emails are generally well written and plausible. They appear consistent with company emails and may even come from a domain name set up to look similar to the corporate email address, but with an added letter. For example: @institute.com might appear as @instiitute.com.
- The requests include instructions on where to wire money – usually to a foreign location, in foreign funds – for an urgent business transaction such as an acquisition.
- The perpetrator sometimes requests that the transaction remain confidential and states that the employee is trusted with this information.
- The emails often include an attachment with beneficiary account details or may include what appears to be an invoice from a supplier.
- On occasion, the transfer request maybe made or reinforced by a telephone call from an individual impersonating the company executive or advisor.
Four key tips to help companies curb losses:
- Notify treasury and finance staff about the scam, so they know what to look for.
- Require the use of business email accounts for correspondence on payment instructions and prohibit the use of personal emails.
- Implement an acknowledgement procedure, in which staff are expected to forward the email to the executive to confirm receipt of instruction. An email reply would simply go to the impersonator, but a forwarded email would pick up the executive's true address.
- Implement additional procedures around high-risk payments with numerous red flags such as urgent, company-domiciled offshore payment in foreign currencies and new beneficiary accounts.
EY's Canadian Fraud Investigation and Dispute Services team is available to discuss this and other fraud related issues. To reach a spokesperson, or for more information, please contact a member of our national PR team.
EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization and may refer to one or more of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.
SOURCE: EY (Ernst & Young)