Prevent fake emails, social engineering and fraudulent transfer business scams


Imagine receiving an email from a Nigerian prince, promising to reward you with millions in exchange for your help transferring his wealth out of the country. An obviously fraudulent request like this would certainly trigger some red flags that it is a business scam.

But what if the email came from a trusted vendor, business colleague, or even your CEO asking a staff person to move funds from one account to another, set up new employees for payroll, pay a new vendor or change banking information? Unfortunately, business scams today are more sophisticated than ever and even trickier to detect. To defend against these sneaky attacks, businesses must stay diligent against threats while mitigating risks with commercial crime insurance.

Here are some recent scams to watch out for, with tips to protect against fraudulent transfer requests and other forms of business email compromise.

Identifying threats

Recently we’ve seen two phishing scams targeting CPAs that resulted in fraudulent fund transfers. In both cases, our insured clients received emails requesting wire transfers to a specified Wells Fargo account. These emails included identifiable personal details—even signatures that seemed to be authentic when validated against the originals.

These types of false pretense business scams are becoming more and more common. In fact, the Association of Certified Fraud Examiners (ACFE) estimates that businesses lose more than $400 billion every year to fraud—impacting about 6% of the average company’s annual revenue.

New technologies make it even easier for criminals to impersonate trusted contacts and forge official-looking documents. Hackers may spend months gathering your personal information online to construct a more convincing email scam, often posing as another employee, executive, or supplier to exploit your trust.

As believable as these scams often seem, there are usually some red flags that give them away. Examine these requests closely and be on the lookout for:

  • Misspelled words, grammatical errors, and typos.
  • Salutations that seem inconsistent with previous email correspondence.
  • Forms that appear to be scanned, altered, or slightly illegible.
  • Urgent rush requests and threats of late payment fees.
  • Embedded links that seem out of place.
  • • Direct requests to ignore or bypass standard transfer protocols.

Training your employees to recognize these red flags is the first step to defending against fraud. However, since these business scams are carefully designed to mislead you, the best defense is a multi-faceted approach to corporate fraud prevention.


Read more: 5 Email Security Best Practices for Accounting Firms


Defending against business scams

Even the most diligent employees might fall prey to today’s sophisticated phishing schemes. That’s why it’s critical that companies incorporate the proper security controls to reduce their liability and safeguard their assets against fraud.

Here are some key steps your company can take to protect against fraudulent transfer requests and other forms of compromised email scams.

  1. Validate transfer requests by phone. Establish non-negotiable security procedures to verify every transfer request. For example, you might want to call a predetermined phone number or send a verification text message before completing a transaction. If the hacker asks to call you instead of receiving a call at a previously established number, it could be a red flag.
  2. Require supervisor sign-off. For larger transfers, you may want to stipulate that employees ask a second person to review the request and sign off on it—especially when processing internal transfers. The more eyes you have examining each request, the more likely that someone will spot a sign of fraud.
  3. Limit wire transfer authority. By granting security clearance and transfer authority to an unlimited number of staff members, you open the door to potential fraud. Be judicious about who, and how many people, have financial access to your assets.
  4. Update your cybersecurity software. As an added layer of defense, consult with your IT team to deploy up-to-date cybersecurity software that protects your email accounts from suspicious senders and suspected spam.
  5. Invest in commercial crime insurance. By purchasing a commercial crime insurance policy, businesses can protect against instances of fraud that sneak past all their other defenses.

Download our Guide to Social Engineering Risk Management to bolster your defenses against fraud.


Mitigating risk with commercial crime insurance

Commercial crime insurance protects your company against theft, forgery, fraud, and other financial losses that result from criminal acts. Since most general liability policies don’t cover losses caused by criminal activity, this additional coverage can provide full protection to mitigate the risks of fraud.

These policies cover the financial losses that result from crimes such as:

  • Employee theft of firm assets or client funds
  • Fraudulent funds transfers
  • Computer fraud like phishing
  • Forgery or alternation
  • Burglary or robbery

Unfortunately, no business is completely safe from the threats of fraud and theft, especially considering all the sophisticated tools that hackers have at their disposal today. Compared to the increasing risk of corporate fraud and the detrimental losses that can result, commercial crime insurance from McGowanPRO is an easy decision to protect your business against scams and hackers.

To get the protection and peace of mind of commercial crime insurance, contact Rob Ferrini, McGowanPRO Program Manager, at rferrini@mcgowanprofessional.com today.