Qualified Settlement Funds: How to Avoid Falling Victim to Wire Transfer Fraud
According to the Association for Financial Professionals’ Payment and Fraud Controls report, 2017 was a record year for payment fraud. The tactics employed by scammers and other malicious outsiders continue to grow more complex each year, deceiving even the savviest organizations and costing time, money, and organizational resources.
Business Email Compromise (BEC) and Email Account Compromise (EAC) schemes targeting companies that regularly perform wire transfers and work with foreign suppliers are among the most prevalent methods for initiating payment fraud. A staggering 77 percent of companies fell victim to a BEC scheme in 2017, and the FBI’s Internet Crime Complaint Center received more than 15,000 BEC/EAC complaints that year alone, resulting in more than $675 million in adjusted losses.
Wire transfers in the legal community are not immune to BEC and EAC scams. In fact, recent fraudulent transfer requests requesting funding for a Qualified Settlement Fund (QSF) have been convincing enough to defraud even the most sophisticated law firms, resulting in millions of dollars in stolen and unrecovered funds. Yet, with wire transfers remaining the preferred method for moving large sums of money and facilitating payments and distributions in the legal community, it is critical to understand how to identify the warning signs of wire fraud and how to protect your firm – and its clients – from significant financial loss.
Scrutinize Your Inbox
Wire transfer fraud typically begins with a simple email that, by all accounts, appears legitimate. These are designed to create a perception of authenticity and facilitate hacking or direct the recipient to fraudulent sites. Any emails related to the request or processing of wire transfers should be heavily scrutinized by:
- Evaluating domain names for any variations, however slight. For example, a fraudulent domain designed to mimic Epiq Global may be structured as “@epicglobal.com” instead of “@epiqglobal.com”
- Hovering over any embedded links within the body of the email, and reviewing them to confirm legitimacy
- Inspecting logos, signature lines, and the body of the email to ensure they are consistent with what you know to be true about the sender and company
Verify Legitimacy of Wire Instructions
When wire transfer instructions are provided for a settlement account funding at account opening, take steps to ensure the instructions are legitimate:
- When in receipt of wire transfer instructions by email, do not reply by email; a reply to the original email provides the fraudster with the opportunity to advance the fraud
- Forward the email containing the wire transfer instructions to your contact at the requesting organization for confirmation that the instructions are correct, double checking the email address is accurate prior to sending
- In the email, request a telephone call-back from your contact to review the wire transfer instructions verbally, and ensure that call-back comes from your contact’s telephone number
Learn to spot red flags
While not always immediately recognizable, there are several tactics commonly used in fraudulent BEC and EAC scams that should raise your suspicion right away, including:
- Uncharacteristically urgent requests from a valued client or a member of your executive management team
- Subtle changes to the email domain name, the beneficiary name, the beneficiary bank and/or the account number
- Payment requests for past-due invoices from what appears to be a nationally recognized company with whom you may or may not normally do business
- Payment instructions from domestic companies that direct the funds outside of the U.S.
Control the Process
Regardless of whether your organization is the requestor or recipient of a wire transfer request, it should take steps to remain in control of the process, from its origination through to processing and completion:
- Employ a dual-control approach to payment processing, requiring two employees to execute the payment to keep a second set of eyes on the transaction
- Limit the number of individuals with whom account information is shared
- Pay careful attention to the writing style and subtle nuances in the structure of the emails you receive so you know who you’re communicating with at all times
- When in doubt, pick up the phone to verify information verbally
- Always use your address book when reaching out to ensure you are using the legitimate contact information and not compromised contact information
For many years, the probability of falling victim to wire transfer fraud was slim; today, however, it is a reality that all organizations must face, particularly those operating within the legal and financial industries. With full email inboxes and deadlines competing for attention, it can be easy to overlook important red flags that signal fraud is on the horizon. Putting into place these best practices is an important first step toward protecting your company and its clients from wire fraud in the future.