Funds Transfer Fraud – FTF for short – is a type of fraud in which attackers manage to redirect funds before or during a transfer. This is typically accomplished through social engineering techniques, sometimes stemming from email spoofing or even business email compromise.
For example, a bad actor gets into one of your executive's email accounts and sends a legitimate-seeming funds transfer request. The recipient, seeing that the email came from a trusted source, sets up the wire transfer and wires the money to the fraudster's account. A week later, the executive notices the unusual wire transfer – but the funds are long gone at this point. This is a common example that was aided by business email compromise.
The attacks are not always that sophisticated, however. Sometimes attackers will spoof email addresses from third parties, or just send a cold email to see if the victim will comply. In either case, the results are the same: money has been transferred and often not realized until it’s too late.
Preventing Funds Transfer Fraud
In this case, the easiest solution for most people is also free. Coalition recommends implementing a “dual control” process that includes one or many of the following:
Calling the recipient of the wire transfer to verify the transaction details. (Note: Use a known-good phone number, not one in the email).
Verifying the transaction with another executive at the company either verbally or in writing (preferred).
Setting up internal controls within your financial institution. One administrator or user enters or creates a payment (ACH batch, wire transfer), and a second administrator or user is then required to review the payment and approve/release the transaction.
These are low-tech solutions to a high-tech problem, but they work almost every time! If you’d like more help with this, or any other topic, please reach out! We’re here to help.