This past March, the city of Albuquerque, New Mexico, fell victim to a wire scam resulting in approximately $420,000 of lost taxpayer money. The scam allegedly occurred when a fraudster made an illegitimate request to change vendor payment information, thereby routing funds to the scammer. It is uncertain at this point whether the city will recover any of the lost funds.
Unfortunately, these payment tampering schemes are becoming increasingly popular for fraudsters, representing approximately 11% of all fraud cases reported to the Association of Certified Fraud Examiners, according to the organization’s 2016 Report to the Nations. On average, these schemes last 24 months and result in a median loss of $158,000. Approximately 58% of all victim organizations recover none of the funds lost, and an additional 21% recover less than half.
Vendor Payment Management
Fortunately, there are several ways an organization can combat the fraudsters in an effort to mitigate these risks:
- First, it should be a company policy to confirm via telephone any payment change request information from a vendor. Companies should be suspicious of any change request that is submitted via e-mail, or from an unfamiliar or new contact at the vendor’s organization. Calling the vendor to confirm the change at a known, publicly-documented telephone number, with a person with whom the company has done business before will help establish the legitimacy of the request.
- Additionally, consider implementing company-wide training to educate employees on the risks associated with e-mail and technology. Often times, the employee base is the first line of defense from fraudsters. By increasing employees’ awareness of these issues and best practices to combat the risks therein, the employee base becomes more equipped to handle unusual or suspicious situations, thereby reducing the likelihood that the company will fall victim to these scams.
- Finally, companies should strongly consider purchasing cyber-crime insurance and/or social engineering fraud insurance through its insurance provider. These policies are gaining popularity in the insurance marketplace, offering affordable premiums to protect companies from scenarios like the one described above. Should a company incur losses from such a scheme, these insurance policies increase the chances that funds are recovered.
Learn about more about cyber security and the risks, vulnerabilities, and best practices therein at our upcoming seminar at Kenwood County Club on May 5, 2017. Register for free here.
You can also request one of our team contact you here if you have any questions about cyber security and how you can keep your company safe.