Thanks to a new scam, you should be extremely cautious before making any type of wire transfer or large payment, even if you think the request to do so has come from your boss.
The Federal Trade Commission (FTC) is warning businesses of the new scam, sometimes called "masquerading," in which a hacker poses as a senior executive and asks an employee to complete a financial transaction, such as a confidential business investment or a payment to a vendor.
Once an employee makes that transfer, the money is nearly impossible to recover. Nicole Vincent Fleming, a consumer education specialist for the FTC, said the scheme often goes undetected until the company's fraud department raises an alarm, or company executives talk to each other about the transfer request.
According to the FTC, the scammers have been contacting businesses by both email and phone. When contacting businesses via email, the scammers often make subtle changes to an address, making it difficult to distinguish a fake address from a legitimate one. For instance, For example, email@example.com could be altered to firstname.lastname@example.org.
"In other cases, the hackers break into an organization's email system and send urgent requests from legitimate accounts," Fleming wrote on the FTC's website.
Some "masqueraders" try to commit this fraud on the phone by posing as the chief financial officer, comptroller or CEO to intimidate an employee, Fleming said. [Online Directory Scam Targets Small Businesses ]
The FTC is offering businesses several tips to ensure their companies don't fall victim to the masquerade scam:
- Establish a multi-person approval process for transactions above a certain dollar threshold.
- Implement a system that requires a valid purchase-order, along with approvals from a manager and finance officer, to spend money
- Confirm that any request to initiate a wire transfer is from an authorized source within the company.
- Double- and triple-check email addresses.
- Slow down. Fraudsters pressure you to take action quickly so you don't have time to think it through. Take time to verify any request, even an urgent one.
- Be suspicious of requests for secrecy. Speak to the executive on the phone or in person. If you still have doubts, speak to another senior executive.