Cyber Crime is not just about hacking your network, stealing confidential information, or having your data held for ransom by a hacker. Here are a couple of cyber stories that I would like to share that have nothing to do with hacking your companies information. In these real life examples, the companies involved unknowingly played into the hands of thieves.
Joe, the controller of XYZ Company, received an email from Jerry, the president to complete a wire transfer for a vendor down payment on a new job. The email was from the president to the controller with all the pertinent information to transfer the funds. Joe processed the transfer that afternoon. Later it was discovered that the president had never sent the email. The account the funds were sent to had been closed by the thief and the company was out $50,000. There was no way to recover the funds. This type of theft is not covered by a cyber security insurance policy or other types of insurance.
Larry a customer service representative at ABC Company, received an internet order for $10,000 in supplies. The supplies requested were not typically ordered in large quantities. The customer was new, had paid by credit card, and the credit card company approved the transaction. The billing address, ship to address, and the credit card address were all different. The supply order was shipped to the purchaser. One week later the company’s credit card company reversed the charge because credit card owner filed a fraud claim. The credit card holder had not ordered the equipment. The company could not recover the stolen merchandise nor was the loss recoverable by insurance or the credit card company.
Amy, a customer service representative, was assisting Marvin from GHK Company, with the purchase of a commercial oven. The oven purchase price was $12,000. Marvin was very excited about the oven and had brought his own truck to transport the oven to his restaurant. Marvin was paying for the purchase by company check. The company check was pre-printed with the purchase price of the oven. Amy requested Marvin’s driver’s license and wrote the information on the check. Marvin took delivery of the oven and left in the truck. The company deposited the check and found out 5 days later that the check was fake. A police report was filed and it was discovered that the driver’s license and address on the check were also fake. The company was unable to recover the money or equipment.
Best Practice Recommendations – How do you prevent these type of thefts? Here are some internal control suggestions:
- Before wire transferring money confirm the transaction with the requester. Joe could have called the president, or stopped by his office to discuss the transfer. If these options aren’t available find some one else with the proper authority in your company to verify the transaction.
- When you receive a big new sales order from a new customer, verify the customer exists. You can google them, check their website, and verify their address and banking information. Make sure the ship to address, credit card address, and business address match. If you cannot verify this information, don’t complete the sale.
- Use a check verification service to accept checks. These agencies charge fees like credit card companies to verify checks. Once a check has been verified by the check verification service, they retain the loss if there is a problem with the check.
Trust your instincts. If a transaction seems unusual or is not typically for your company, ask more questions and get more information. Only let the transaction proceed once you are comfortable with the facts. You are the best person to prevent fraud.
Contact me for a free Discovery Analysis™ today. Learn more about how you can prevent fraud