The financial industry continues to be plagued by fraudulent third-party wire transfer requests emanating from compromised email accounts. So much so, that it is now an industry-wide practice to confirm such requests by phone with clients before processing. Logically, that one step seems to be enough. However, criminals are creative and continue to come up with new ways of getting these requests processed. For example, there have been cases where an email account was hacked via a stolen cell phone and the fraudster posed as the client and gave the verbal consent.
All disbursement requests (like-titled and third-party) must be treated with caution. To help combat wire transfer fraud, CCLS recommends implementation of the following safeguards:
- First, check the email address carefully. Imposters will often setup similar looking email accounts to impersonate clients.
- Always call the client to voice verify all types of disbursement requests. Do not act strictly off email requests, even if urgency is requested.
- The call should be to the phone number on record. If a different number is provided in the email, have the person confirm their identity. For example, ask for the last four digits of their Social Security number.
- Verify ALL the instructions and information in the email with the client via phone. Do not read the information to the client, have the client verbally confirm the request, including amount, bank account title, and routing and account numbers.
- Email disbursement requests from staff members should also be voice verified by whoever will be entering the instructions. This guards against the possibility of a staff member’s email account being compromised.
Important Compliance Steps
- Review current policies and procedures with regard to safeguarding client assets and issuing disbursements to determine if updates are necessary.
- Include this topic as a training item at staff meetings and send periodic compliance memos to employees that outline current wire fraud trends and the risks of fraudulent disbursements.
- Check your insurance policy to determine if there is coverage for this type of fraud. Many E&O and cyber liability policies do not routinely cover this type of fraud.
CCLS Can Help
If you would need assistance with reviewing and/or enhancing your policies and procedures, please contact CCLS at (619) 278-0020 or firstname.lastname@example.org.