Checks and Wires: More Case Studies in Fraud


By: Kevin Kane, Managing Director, U.S. Head of Commercial Banking, Treasury & Payment Solutions

We’ve covered fraud several times, including providing real-world examples of how quickly fraudsters can get away with your funds. It’s a problem that affects businesses of all sizes, including larger companies.

Technology is a major enabler, particularly when it comes to wire fraud. But as you’ll see in one of the examples below, there’s plenty of risk involving analog methods. That’s why it’s important to remain vigilant, improve your systems and adhere to best practices at all times.

The Check’s Not In The Mail

COMPANY PROFILE

A metal stamping company with annual revenue of more than $75 million.

THE EVENT

While conducting a weekly reconciliation of their checking account, the company noticed three checks that cleared their account dated Dec. 30, 2016, that appeared to be fraudulent. It turned out that a thief had stolen one of the company’s checks in the mail, then sold the account information on Craigslist. Fraudsters created a false check stock and presented multiple checks against the exposed account. A month later, the fraudsters also attempted to execute phishing scams via emergency wire requests against the same account.

THE FALLOUT

More than $2,000 put at risk.

THE WARNING SIGNS

Of the three fraudulent checks that cleared the company’s accounts, two of them were for the same dollar amount, which immediately raised suspicions. Also, fraud activity rises in December. Many employees tend to take vacations during the holiday season, and fraudsters are more active in the event that less-experienced personnel may be managing a company’s payment processes.

THE LESSONS LEARNED

The company closed its old account and opened a new one with Positive Payee, which compares the payee line of the presented check image against the payee data in the company’s issue file. Additional steps that could prevent this type of fraud from occurring include a daily reconciliation of check payments, reducing the number of checks sent out, and moving more payments to Electronic Funds Transfers.

Attack of the Clone

COMPANY PROFILE

A healthcare company with annual revenue of more than $400 million.

THE EVENT

Employees in the accounting group with access to the company’s online banking system noticed the requestor for a recently cleared wire was the company CEO. Because the company CEO had never been involved in wire request before, the department investigated further, eventually determining that fraudsters cloned the CEO’s email to send a wire request to the CFO.

THE FALLOUT

Nearly $50,000 put at risk.

THE WARNING SIGNS

Although there was nothing unusual about the amount requested in the wire, the CEO had previously never been involved in any part of the wire process, which should have been a red flag. Several C-level staffing changes in the company, however, could have contributed to the communication gap.

THE LESSONS LEARNED

If the CFO had confirmed the wire with the CEO, either via telephone or in person, the wire would never have been executed. In response, the company reviewed its internal processes, including implementing better internal communication before approving wire requests.

Getting Too Personal

COMPANY PROFILE

A real estate title company with annual revenue of more than $10 million.

THE EVENT

While the company’s attorney was on vacation, he sent a wire request for a property closing. Because he didn’t have access to his corporate email account, the attorney sent the request via his personal email.

The next day, the party requesting the funds called to inform that they never received the money. It was determined that the attorney’s email was hacked via a phishing scam, enabling fraudsters to intercept the wire instructions and have the funds rerouted to a different bank.

THE FALLOUT

More than $75,000 put at risk.

THE WARNING SIGNS

The request was sent from a personal email address rather than an approved company account.

THE LESSONS LEARNED

Although the company has a policy in place for dual controls, which requires two callbacks to confirm a request, those protocols were not followed in this case. The company is in the beginning stages of overhauling its practices for approving wire requests for closings, especially ones originating by email.



Related Insights



Tax Proposals Affecting Private Corporations: “Income Sprinkling” Draft Legislation Revised
Grow, Plan, Transform

Published by BMO Wealth Exchange on December 20, 2017 at 11:26 a.m. As outlined in our previous publication Tax Proposals …

A post-NAFTA world?
Grow, Plan

A Publication of BMO Financial Group After nearly a quarter century of NAFTA, the future of the historic trade pact …

Making ISO 20022 work for Canadian corporations
Plan, Transform

Previously Published on Payments Business Magazine By Kate Risch Choi, BMO Harris Bank In Canada’s rapidly modernizing payment environment many companies are …