There once was a company named Zotz,
Which created toys for tots,
Vendor Zed has a new account,
Zotz sends the money out,
Where did the funds go?
Into the hacker’s account, oh no!
Hackers commit financial fraud by creating a fake email address mimicking the vendor’s name and emailing accounts payable saying that the vendor’s account information has been changed. Funds are then sent directly to the hacker.
The key takeaways here are that Zed and Zotz could have prevented financial fraud by using a secure email gateway, which would have scanned all emails, including scam messages from hackers, in Zed’s network, and they may be able to recover some or all of the funds if they properly notify their bank of the fraud soon after it happened.
Many state laws require that companies train their employees to be cyber aware and have written policies in place. Wiring money should occur only if there is independent verification.