Protect your business.
We highly recommend going through a due diligence process and to not respond to these requests by email. It is also our recommendation to have an internal policy to require call back on any dollar amount of a certain threshold.
- Requests of $1000 (or whatever your risk tolerance is) DO NOT send payment until you have personally spoken with the requestor over the phone to verify amount, account number, etc. Fraudsters are compromising business emails and providing false information to redirect the payment to them. Once that money is received by the fraudster, most often they withdrawal it and it becomes a loss to the business that sent it.
The following is an example of common internal fraud:
- An employee of Company A's sales team has emailed Company A's accounting personnel requesting the attached invoice be paid right away. Accounting processes the request as it has come from a legitimate sales employee's email address. Unfortunately, that email address has been compromised and the employee was not the person requesting the payment be made. The ACH payment is made, and once it is withdrawn, the bank, nor the company can get that money back.
This situation is also happening with 3rd party vendor emails being compromised and requesting funds from businesses.
We encourage continued vigilance and to communicate this message to all accounts payable and payroll staff.
We are here to help. Feel free to contact us with any questions you may have at 563-588-1000.