Cyber Fraud Resource Guide 2023

Awareness of Cyber Threats for Payments Fraud

Payments fraud attempts are widespread across all industry types as a result of email compromises and financial malware infections. Understanding how these fraud schemes are designed to infiltrate/compromise your business and taking action to prevent them are critical to your defensive strategy.

It is imperative that employees with access to funds movement services are aware of these fraud schemes and can recognize potentially fraudulent or malicious activity against their email or PINACLE® login credentials. These are very real threats, and we encourage you to educate staff throughout your organization.

Attempted Payments Fraud via Email Compromise

Cybercriminals initiate fraudulent payment requests, or requests to change payment instructions, from email accounts that appear to be from a company executive (such as the CEO or CFO) or from a known external partner, such as a supplier. The fraudulent “From” email address may be a fictitious account in the executive’s name, or it may be a slight variation of a legitimate supplier email address, both of which can trick the recipient into believing that the communication is valid. It is also possible that the sender’s legitimate email account has been compromised, making it essential that employees are able to recognize the characteristics of a fraudulent payment request.

Also be mindful that even when an email account is not compromised, there is quite a lot of information available in “Open Source” records (social media, public records) that cyber criminals can obtain easily in developing such schemes.

For example, large construction contracts, such as for universities or hospitals, are disclosed in public filings. Cyber criminals can access these records, register a website impersonating the legitimate contractor, and initiate communication with University/Hospital introducing a “new” accounts receivable contact and account number set up specifically for this contract. Oftentimes, the cyber criminals will wait several months before initiating contact and use open source records to identify Accounts Payable personnel.

In such schemes, the cyber criminals don’t need to know the amount of the upcoming payment or even the projected date for the payment. Instructions sent typically state that “All payments going forward should be made to the new account number and to the attention of the new accounts receivable contact.” As construction contracts are typically paid in net 30-, 60- or 90-day increments, often the victims are unaware of the fraud until weeks or months have passed, making recovery of funds extremely difficult.

These types of schemes often involve losses in excess of $1 million.

Another email impersonation fraud scam targets employee direct deposits. Hacked or spoofed employee email accounts are used to request changes to the employee’s direct deposit information. As with all email requests relative to payments, you should confirm them with the requestor at a known telephone number.