FRAUD
Avoiding Social Engineering Scams & Fraudulent Wire Transfers Suzanne M. Holl, CPA
CPAs continue to be at high risk of social engineering attempts due to the type of information firms gather and store, and CAMICO has observed an uptick in the frequency of these attempts. “Phishing” is one of the more common social engineering scams.
Use your professional skepticism to avoid being lulled into a false sense of security. Any requests for money to be transferred to a bank account unfamiliar to you should be a red flag, especially if the new account is in another country.
CAMICO has also observed a rise in fraudulent email requests for wire transfers. Fraudulent wire transfers frequently cause large dollar losses. If the fraudster controls the client’s and the firm’s email, commonly referred to as a “man in the middle” attack, and the fraudulent request mimics previous legitimate requests, it is very difficult for the firm to identify the request as illegitimate. When the fraud is discovered after the transfer, the funds are usually not recoverable.
If the firm’s protocol with clients is to permit requests for wire transfers to be made via email, then establish and follow procedures to confirm requests using a mechanism other than email and proceed with the transfer only after confirming with the client (ideally by phone or in person) that the request is legitimate. This includes, but is not limited to, confirming the dollar amounts, the name of the financial institution, and the bank account number. To validate the authenticity of the request, confirm information only known to the client (ask questions to which hackers would not know the answers).
www.wscpa.org
The Washington CPA Winter 2022
29
