I discussed wire transfer frauds in: http://cpagold.com/?p=370
Recently, we have seen a significant uptick in fraudulent wire transfer claims.
The latest claim involved an investment adviser that among other services, managed Trust accounts on behalf of a high net worth client. There were substantial funds under the control of the firm.
The client’s system was hacked by overseas criminals. Then the hacker sent an email request for a transfer of funds from a Trust account. This email was in the usual style and tone of the firm’s client and requested a transfer in the six figures to an offshore account.
The firm emailed the client for confirmation and this was received. The firm tried to telephone the client but reached a fax number. After several emails back and forth, the funds were transferred.
The transfer request turned out to be fraudulent. The firm had signed a hold harmless agreement with the client’s bank, so the insurer paid the loss.
One crucial risk avoidance technique that was learned from this experience was to always confirm such transfer request by speaking to your client. Telephone, or even better use Skype or FaceTime. The other is to check the time stamp on the email from the client. If it is outside the usual time zone of the client it may be a fraud. As the majority of hackers seem to be overseas, checking the time stamp of an email that is alleged to be from a client is crucial. This simple step will avoid a lot of future negative interaction with your client, your professional liability insurance and possible law enforcement.
In the case described, the time difference was five hours but went unnoticed until it was to late.
So if you get a funds transfer request:
- Call the client to confirm; and,
- Check the time stamp on the email request.
This type of email “spoofing” is becoming more commonplace. All CPA firms should seriously consider purchasing a Cyber Insurance policy which covers this type of risk. Not all professional liability policies cover this type of claim and it is possible that there may be a exclusion added in the next hard market cycle. Until that time our policyholder was lucky as CPAGold™/XL Catlin stepped up and paid the claim.
By Rickard Jorgensen
© September 2015, Hunt Jorgensen, LLC