Devise ways to foil scam artists using wire transfer ploys.
To prevent wire transfer scams from disrupting these transactions, commercial real estate companies can take the following steps.
Launch Preventive Measures
Educate employees. Firms’ employees must remember to never feel rushed to give out confidential information. Many scam artists will speed up the process, so that they accomplish what they need quickly without any background check.
Company leaders should always communicate these warning signs of wire transfer scams to employees by making IT policies and procedures readily available and visible. Consider posting these policies on the company’s intranet page, as well as promoting Cyber Awareness Month every October as a time to raise awareness of the typical scams targeting companies.
All employees should confirm wire transfer requests by phone using the executive’s phone number listed in the corporate directory rather than one included in the signature of a suspicious email.
Typically, scammers include phone numbers in an email signature and will staff that phone number anticipating that an employee will call to confirm the request by phone. Confirmation and authentication of the individual requesting money can thwart these criminal attempts.
Businesses should implement a phishing filter for email systems, which will help eliminate some of the fraudulent messages that may be targeting a firm’s employees.
Additionally, businesses must provide a way for associates to report any suspicious emails to the IT Department. This will allow the IT department to take proactive measures to ensure that other employees are aware of the attempts to infiltrate the system and a loss can often be avoided.
Many companies use a centralized email address to which associates can forward these suspect emails for further evaluation by the IT Group. Once companies identify the fraudulent email sources, they can be eliminated from ever attempting another scam.
Launch and uphold new processes. This calls for collaboration across all company departments, so that all assets are accounted for and properly protected. Some new processes that companies should implement: update computer passwords every 45 days with a combination of letters, numbers, and punctuation marks; properly encrypt all company laptops; and communicate new procedures to all employees.
Implement Checks and Balances
Businesses should also validate every wire transfer request with a telephone call in addition to an email, require two or even three approvals before a wire transfer can be initiated, and review all wire transfers for suspicious activity. Red flags would include the request to change account numbers, expedited requests, and unusual amounts requested.
Any changes to the normal routine should require further scrutiny to ensure the request is legitimate. Dual control or the separation of duties can protect a company against fraudulent requests. Having two sets of eyes on every wire transfer is better than one.
One crucial education tactic is hiring companies that run penetration tests and try to hack into the companies’ system. This will allow companies to see if their organizations are vulnerable and will educate their employees to see where their systems may have weaknesses. Before running a penetration test, make sure to check with the insurance company to see if they offer a discount.
Commercial real estate professionals and their clients must be aware that wire transfer scams are extremely convincing. Many sophisticated real estate companies have been duped. No one in the commercial real estate industry should think that they are too smart to be scammed, and no company should assume that they are too small to be on these hackers’ radars. Wire transfer scams are pervasive, realistic, and constantly evolving.
By: Greg Cryan (CIRE Magazine)
Click here to view source article.