The Wire

INSIGHTS FOR FINANCIAL INSTITUTIONS

September 15, 2016

CONNECT

Gary Smith, CPA, Partner, Director of Financial Institutions
 
Need help with Cyber Security? Contact us at fi@eidebailly.com or 888.777.2015.

 

View our profile on LinkedIn Blogs Watch Us on YouTube Find us on Facebook Twitter

Eide Bailly Mobile
ABOUT US

Eide Bailly is a top 25 CPA firm in the nation, serving more than 500 financial institutions across the nation by providing expertise to our clients with the following services: 

 

Compliance Consulting
Directors' Examination 

Financial Statement Audits
Forensic & Valuation 
Internal Audit 

Interest Rate Risk
Loan Review Services
M&A Consulting

Regulatory Compliance

Tax Planning & Preparation
Technology Risk Advisory 

 

The Wire is published on an as-needed basis to keep our clients, prospects and business friends informed on current news.

 

QUESTIONS?

If you have questions, Please contact your Eide Bailly professional or

Eide Bailly Financial Institutions at 888.777.2015 or fi@eidebailly.com.

Email Compromise Fraud Schemes - FinCEN Advisory

On September 6, 2016, the Financial Crimes Enforcement Network (FinCEN) issued an advisory to guard against a growing number of email fraud schemes targeting financial institution's personal and business customer accounts. Through email compromise, fraudsters are submitting seemingly legitimate instructions to mislead financial institutions and their customers into conducting unauthorized wire transfers. Individuals who conduct large transactions through financial institutions, lending entities, real estate companies, and law firms are the most likely targets of this type of scheme. Since 2013, there have been approximately 22,000 reported cases of Business Email Compromise (BEC) and Email Account Compromise (EAC) fraud involving $3.1 billion.
 
Red Flags
A few of the red flags identified within the advisory (condensed here) include:
  • Different language, timing, and amounts than previously verified.
  • Email address is slightly altered by adding, changing, or deleting one or more characters. 
  • Beneficiary's account information is different from what was previously used. 
  • Instructions include markings such as "Urgent," "Secret," or "Confidential."
  • Instructions are delivered in a way that limits time or opportunity to confirm authenticity.
Share This Advisory
We encourage financial institutions to share this advisory, which includes scenario illustrations, with employees as part of ongoing cyber security awareness program education. According to the guidance, FinCEN advises sharing the advisory with cyber security departments, risk departments, fraud prevention units, BSA/AML management, AML intelligence units, and AML analysts/investigators. The full advisory is located here.

Should you have any questions, please contact your Eide Bailly professional.
This publication is produced and published by Eide Bailly and distributed with the understanding that the information contained does not constitute legal, accounting or other professional advice. It is not intended to be responsive to any individual situation or concerns as the contents of the publication are intended for general informational purposes only. Readers are urged not to act upon the information contained in this publication without first consulting competent legal, accounting or other professional advice regarding implications of a particular factual situation. Questions and information for publication can be submitted to your Eide Bailly representative. To request reprints of this publication, send a written request to RequestReprints@eidebailly.com. Copyright Eide Bailly 2016.