Cyber Scams: Funds Transfer Fraud
Cyber attacks continue to escalate in frequency and severity. Over the last five years small businesses have become increasingly targeted by cyber criminals and continuing education, cyber best practices and insurance are critical to manage your cyber risk. Recently a bookkeeper fell victim to a sophisticated phishing scam, which we have outlined below.
The Scope of the Engagement
A prospective client reached out to the bookkeeper posing as a construction company with the contact initiated through the Gusto partner directory. The scope of the requirements by the prospect were very detailed and included supporting documentation such as financials, company website, etc. Back and forth ensued over the terms of the engagement letter before it was executed.
Invoice / Payment
The “client” submitted payment for the two invoices, one for each of the companies, through Quickbooks. However, the payment for one invoice was overpaid tenfold ($40,000 instead of $4,000) with the client having added an extra 0.
The client requests a refund immediately and asks to wire the difference. The Quickbooks transaction appears to have cleared, however, a couple days later the bookkeeper was notified of a returned/bounced check!
Phishing Scam Best Practices
- Verify all new clients
- Verbal verification of all requests for payment or refund (!!!!!)
- Verbal verification of all requests to change bank account info of a payable system
- Don't be rushed into actioning a request
- Train your employees
- Use secure payment systems
Ensure you secure the broadest available policy! The worst “cyber” solutions are those that are bundled with the E&O for a few dollars a month (major red flag) that would exclude this and many other various other cyber attacks. A standalone cyber insurance policy, underwritten by specialist cyber insurers, is critical!