Yesterday we talked about Check Fraud. One way to avoid it is by using ACHs instead to transfer money directly into another company’s bank account.
Here’s the game. The bad guys get someone in your company to click on something you should not. That launches a malware program running in your server. The bad guys can see all your emails. Over time, they figure out who the president is, who the CFO is, who the accounts payable person is, who your vendors are, and even your account balances with those vendors.
Ready? Then they strike. Your accounting people get an email that looks like it’s from your supplier. “Hi, I just want to let you know we have a new receivables person in the office. It’s Judy. She will be handling things.” You say, “Hi, Judy!”
Two weeks later, you get an email that looks like it’s from the supplier again. Judy says, “Hey, can you clean up that $102,854 balance today? Because of fraud, we had to change our bank account. Please ACH it to this routing number and this account. Your accounting people say, “Oh, ok.” You transfer the money to the bad guys. Gone. You dummy.
First, your people should be trained not to click on anything they don’t recognize. There are many many forms of things they email you that look legit that they want you to click on. Second, when you get an incoming email, you always have to pull down the sender’s email address and look at it. If you aren’t sure, call and ask the person you know, “Is this from you?” And don’t call the number on the email, call the number you already had been using.
Next, with ACHs, no one person should be able to send an ACH. Have one person initiate it, and another person in your office has to release it.
There are many forms of this scam. Beware.
If you bank with PNC they have a great product called “Pinacle.” It is a dashboard that manages ACH traffic. In it, no one person can send an ACH without a 2nd person authorizing it and the primary on them account will see all ACH traffic each day and be able to cancel unauthorized ACHs while in transit before they are funded. It also comes with positive pay for checks where you can stop a check from being cashed once it is deposited.
Definite Dad joke from Kim Komando today
Not many people knew that Albert Einstein had a brother who was an evil scientist.
His name was Frank Einstein
Actually had someone call yesterday claiming they were from our bank and needed to clean up “unauthorized ACH and wire transfers”. Mispronounced the name of our bank and tipped us off that it was a scam
Those Judy’s are trouble y’all!
Larry, you saved me $14,000 from this one Think Daily. We had received a very legitimate series of emails and an invoice from our 401K provider for $14k in missed payments. They were playing the long game and their email address was almost indistinguishable from our actual providers email. My accountant brought the bill to my attention and then showed me a separate document with the “new” ACH and routing numbers. I pulled up this Think Daily on my phone and re-read it. We called our actual company number instead of the number in the email. It was complete Fraud! I owe you big! Thank you, Larry!