04/04/2019: FRAUD ALERT: Emailed “Account Update” Fraud >>Read More
FRAUD ALERT: Emailed “Account Update” Fraud. Fraudsters email the accounts payable department or other responsible party within an organization to request an update to a routing and/or account number for future payments. The organization updates the account number and future payments are sent to an illegitimate party. How to Identify this Threat: This threat can be identified by emailed attempts to conduct transactions or update account numbers for future transactions. Valid email addresses and formats can be imitated by fraudsters so that a fraudulent request appears completely legitimate; therefore, emails regarding sensitive information cannot be trusted. Fraudulent emails may also contain unprofessional spelling and grammatical errors that are an indicator of potential fraud. How to Protect Against this Threat: Implement controls to ensure updates to sensitive information, such as banking information, are verified using an out of band authentication method such as a call back to the payee to verify the information update. Out of band authentication means contacting the requesting party using an established communication method (such as a known phone number) that is different from the communication method used to request the update. In order to facilitate such controls, consider establishing at least two points of contact with organizations to whom payments are made so requests can be confirmed prior to initiating payments. Source: WesPay Warnings & Alerts (April 3, 2019)