Impostor fraud is a growing threat to your business and can infiltrate your tech company in a number of ways. Read on for a few real-world examples and tips to avoid fraud.
One of your accounts payable employees, authorized to make payments, receives an email from you marked urgent and confidential, along with a request and instructions to send a wire transfer. The email appears legitimate.
Or, your accounts payable department gets a phone call from a highly valued vendor who recently changed banks and now needs to update their company’s bank account information.
In each case, your employees do what’s asked of them. The problem is … you didn’t send that email, and the person on the phone wasn’t actually your highly valued vendor. Both were impostors.
If your company sends payments, it’s at risk.
What is impostor fraud?
With impostor fraud, a fraudster:
- Poses as a person or entity known and trusted by your employees (e.g., a company executive, senior manager, vendor, or another trading partner)
- Makes contact by email, phone, fax, or mail ― all of which appear to be legitimate
- Requests a payment, submits an invoice, or asks to change vendor payment instructions or bank account information
If employees within your organization fall for the scam, the payments go directly to the fraudster.
How do fraudsters get away with it?
An impostor fraud scam is different from one in which a fraudster steals online banking credentials, and then uses them to make fraudulent payments.
With impostor fraud, your company’s authorized employees make the payments, so they appear to your bank as normal payments. This usually means the fraud is not quickly identified ― by your organization or your bank. This makes it difficult to recover funds, especially when they’ve been sent by wire transfer.
Take steps now to ensure your employees apply extra caution before sending payments. Following are some best practices to share within your organization.
How to protect your organization from impostor fraud
- Alert your staff and business partnersAnyone at your company ― and the companies with which you do business ― can be a target. This includes executives and managers, accounts payable staff, departments that communicate with your vendors, and trading partners.
- Ensure your company uses proper fraud-fighting controlsInternal controls include using dual custody, daily account monitoring, and verification of unusual payment requests. Be aware that while these controls may help, these measures alone will not protect your assets.
- Consider changes to your usual processesChanges may include prohibiting executive payment requests by email. Other changes may include policies to authenticate all payment requests made by email, made outside normal channels, made to new accounts or new countries, along with those asking to change bank account information.
- Empower your staff to question payment requestsLet your staff know it’s appropriate and expected that they question requests for payment or changes to account information.