Bank statement and wire transfer fraud: how to avoid them?

Bank statement and wire transfer fraud

Last modified on January 10th, 2023

Last year, the FBI reported that US companies lost over $6.9 billion in cybercrimes. The bulk of those? Crimes by business email compromise, bank statement fraud and wire transfer fraud. When hackers steal your hard-earned money and financial data, it compromises your entire business operation. Businesses stand to lose much more than cash – trade secrets and passwords can be accessed. Assets from all departments are at risk. 

In this piece, you’ll learn about some of the most common wire fraud and bank statement scams, and how to protect your company from falling victim. 

What are some examples of wire transfer fraud?

Wire transfer frauds have been around since the internet began. But each year, businesses are susceptible to more creative hacking techniques that leave them vulnerable. The most common type of wire transfer fraud is a phishing scam.

Phishing scams 

A phishing scam is also known as business email compromise. 

Scammers start by cloning your company emails or buying up similar domains for one of your suppliers. When they reach out, they are able to fool employees into believing that the email is real. They send a fake email requesting either money (via an invoice) or asking your employee to reveal sensitive information. 

Some examples of phishing emails include: 

  • A fake “suspicious login attempted” email so that you reveal your password
  • False invoice to get money wire transferred
  • A payment link email that will download malware onto your computer

Since the hackers use urgency techniques, employees can be fooled easily into wire transfer fraud without checking the details of the email. Moreover, sometimes criminals can gain access to the system for weeks or months before they target your people. Scammers can make their attempts sound more genuine by confirming a relationship with a certain supplier or using familiar language. 

Detect and avoid phishing 

These days, there are a number of security or software programs that should help protect your business against unauthorized access. However, criminals can still slip through the cracks with wire transfer fraud

There are two major workplace culture ways to prevent phishing in your business. 

The first is to build an environment where your employees work without time pressures and trust their supervisors. This would make spotting a suspicious email easier: since there’s usually a generic greeting, spelling mistake, or problem in the sender address. Moreover, the employee would not succumb to the urgency pressures inside the email.

Secondly, you can avoid falling victim to phishing scams by building in a set of controls around invoices and security. This makes it harder for criminals to steal your information, and money. 

For example, ensuring that invoices are validated by three-way matching and then account details are verified with the real name and address. Likewise, the authority to wire money  should only be granted to a handful of individuals. Fraud training is also important.

Some of the other things that your business can do to spot and prevent phishing include: 

  • Protecting remote employees with built-in computer software
  • Upgrading the spam filter on your email systems
  • Applying multi-factor authentication to access accounts
  • Backing up your data in a cloud location

2022 fraud study - SAP Trustpair

Types of corporate fraud

Corporate fraud can have similar results to phishing, with companies losing out on millions if it’s not spotted on time. The types of corporate fraud you should be aware of include: 

  1. Bank transfer fraud
  2. False supplier fraud
  3. President or CEO fraud
  4. False customer fraud
  5. Internal fraud

Bank transfer fraud 

The most common type of bank wire transfer fraud is through an authorized push payment. Most people are familiar with these since banking apps and online payments technologies are so common. 

How does it work? 

The criminal poses as your bank, an official body or another genuine payee by sending a notification. Since authorized push payments act as an anti-fraud measure, employees are usually not suspicious at all. But this is a malicious attack. Granting the payment means that the criminal walks away with your money, and as an instant payment, clear out the cash before your accountants can catch up. 

False supplier fraud 

As the name would suggest, this type of fraud leads a criminal to impersonate one of your known suppliers, or create a new supplier persona. They send an invoice for work they haven’t completed or intercept a genuine invoice by changing the bank details from a real supplier. This is another form of wire transfer fraud.

Many businesses fail to protect themselves against false suppliers since the technique relies on social engineering. After initial verification, most businesses won’t continue monitoring their suppliers’ details. But this is when criminals strike – so it’s required for companies to detect and prevent falling victim to false supplier fraud.

CEO Fraud

This technique involves the hackers impersonating your CEO or another senior figure in the business. 

A version of this fraud became very popular during 2021, known as the gift card scam. Here’s how it works:

  1. Criminals would spoof the email address of the CEO and send out a company-wide email, asking for employees to buy thousands of dollars worth of gift cards 
  2. Once purchased, the employee is then tasked with photographing the gift cards, ensuring that their ‘boss’ can see their codes
  3. Within minutes, the value of the gift cards are reduced to $0 as the criminals steal from the other end
  4. The employee is none-the-wiser until they next see their boss or try to claim the gift cards on expenses

Fraud on the President can also happen through invoicing, cloning the CEO’s email address and urgently requesting finance to pay a fake invoice. 

Luckily, we’ve created a larger resource about CEO fraud so that your people can detect it, and protect the security of the business. Click here to read it. 

False customer fraud 

There are a number of different ways that fraudsters impersonate your customers, through: 

  • Chargebacks after they receive product
  • Using somebody else’s payment details 
  • Requesting a line of credit from your business

False customer fraud typically affects small businesses more than large, since they use third party programs to take payments instead of their own systems. This creates a responsibility gap, leaving the companies vulnerable to unfair chargebacks. Plus, it’s harder to three-way matching the documents – which could miss any payment detail discrepancies. 

Internal fraud

Corporate fraud includes the likes of your own employees skimming money from the business. Most commonly, internal fraud is done through expenses, where your member of staff claims false expenses or for costs unrelated to their work. 

This is incredibly common, with 85% of employees admitting to lying on their expense reports. And it’s even easier to get away with for those working from home as it’s harder to verify how employees are spending their working hours. 

How to fight against payment and wire transfer fraud in companies? 

Since this type of fraud is so prevalent, there are now dozens of ways to protect your company from wire transfer fraud and corporate fraud. In some jurisdictions, this is even written into operational regulations. 

KYC

The Know Your Customer Framework is an anti-money laundering and counter-terrorism measure that applies to businesses in certain high-risk industries, such as insurance. 

It’s a framework that enforces companies to perform proper due diligence on their customers, including identification and verification checks. KYC promotes continuous monitoring, allowing professionals in high-risk industries to spot suspicious activity and prevent fraud. Compliance with this framework is legally required under the US Bank Secrecy Act and Patriot Act

Reinforcing the culture of bank fraud risk in companies

Any new starter should receive training from the finance department on bank fraud. But knowing how quickly fraudsters are inventing new methods, regular training should become part of the culture. 

Establishing proper controls within your organization is key. A step-by-step process for onboarding new payees and automated checkpoints are recommended. Plus, only a few key members of your treasury should be able to authorize outbound payments. 

Use Trustpair, the platform to prevent wire transfer fraud 

Without proper measures in place, companies are leaving it to chance. But with the right protection strategy, even the tiniest hint of a scam will be caught before your business is infiltrated. 

Trustpair specializes in preventing B2B payment fraud. We facilitate a secure payment process for each of your transactions; both outwards to suppliers and inbound from customers. No false supplier invoices, and no corporate customer fraud. 

If you’d like to discover how we minimize third party risks and verify international accounts, request a Trustpair demo

demo request trustpair b2b payment prevention plateform

FAQ

Hackers gain access to your systems and watch how your people interact with their payees for days, sometimes weeks. Then, they impersonate one of your real suppliers by getting a similar domain name and using similar language, as well as urgency to ask for payment.

In some scams, fraudsters gain your exact banking information, and in others, they can get away with your money without knowing any details at all. If you’re on the receiving end, you don’t actually need the sender’s details. In most cases though, your actual credit card information is safe. 

Scammers can tamper with the personal information before you send money through a wire transfer. For example, scammers posing as a false supplier can mean there’s a wire transfer fraud risk for your business.

In general, wire transfers are a pretty safe method of moving money. But they are susceptible to interception at the bank account. Plus, if you request tech support, the person on the other end may be able to gain remote access to your system and take over the wire controls too. 

You can prevent wire transfer fraud by calling your contact to verbally confirm the transfer details. You should also make sure transfers must be authorized by at least two team members before it’s made. 

You can track wire transfers by using your federal reference security number to prevent a fraudulent wire transfer.

The most important thing is to alert your bank as soon as you realize what’s happened. The bank will investigate and later refund you if they can recover the funds – but there’s no guarantee.

Receive our latest news

Subscribe to the Trustpair Newsletter and receive advice every week…

Your personal data is processed by Trustpair to manage and enhance your customer experience, to inform you of Trustpair news and for statistics and surveys. In accordance with data-protection laws, you have the right to access, modify, delete and oppose receiving offers and information from Trustpair via the unsubscribe link in each of our communications or by writing to [email protected].

        By clicking on “Subscribe”, you agree to receive the Trustpair newsletter to be informed of news or important information about our services. By subscribing, you agree to our Privacy Policy.

newsletter-icone

Related Articles