WEBVTT

1
00:00:06.339 --> 00:00:08.675
Tom. an AP employee at

2
00:00:08.675 --> 00:00:13.221
one of our clients. received
an email seemingly from a known vendor.

3
00:00:13.304 --> 00:00:17.600
requesting a bank account change
for an upcoming invoice payment.

4
00:00:18.226 --> 00:00:19.519
It was a busy day.

5
00:00:19.519 --> 00:00:24.149
So to save time.
he called the number included in the email

6
00:00:24.315 --> 00:00:27.819
to confirm the request
and then made the change.

7
00:00:28.820 --> 00:00:31.031
The next day. his team sent

8
00:00:31.031 --> 00:00:35.618
a $620.000 wire to the new account.

9
00:00:36.286 --> 00:00:40.290
A week later.
the real vendor called the AP team

10
00:00:40.373 --> 00:00:43.376
since they hadn't received their payment.

11
00:00:43.668 --> 00:00:48.006
At that point. our client realized
they were a victim of fraud

12
00:00:48.048 --> 00:00:52.052
and contacted their bank team
to recall the transaction.

13
00:00:52.927 --> 00:00:55.930
The lost funds were never recovered.

14
00:00:56.806 --> 00:01:00.894
This real life
case study is an example of business

15
00:01:00.894 --> 00:01:04.731
email compromise.
also known as imposter fraud.

16
00:01:05.148 --> 00:01:07.734
One of the most persistent

17
00:01:07.734 --> 00:01:12.280
and costly threats
facing organizations today.

18
00:01:13.323 --> 00:01:14.407
With this scam.

19
00:01:14.407 --> 00:01:17.911
fraudsters impersonate someone you know

20
00:01:17.911 --> 00:01:23.208
and trust. a vendor. a senior executive.
or even a colleague

21
00:01:23.458 --> 00:01:26.628
to trick you
into sending payments to them.

22
00:01:27.545 --> 00:01:30.048
No organization is immune.

23
00:01:30.048 --> 00:01:33.927
These attacks
target businesses of all sizes

24
00:01:34.177 --> 00:01:37.180
and across every industry.

25
00:01:37.180 --> 00:01:41.142
The fraudulent request
may come from a spoofed email address.

26
00:01:41.392 --> 00:01:45.313
one that looks almost identical
to a legitimate one.

27
00:01:45.563 --> 00:01:48.358
but perhaps just a subtle change.

28
00:01:48.358 --> 00:01:51.361
Or worse.
it may come from an email account

29
00:01:51.486 --> 00:01:54.739
that's been hacked. often
through phishing.

30
00:01:55.865 --> 00:01:58.034
Imagine a senior executives

31
00:01:58.034 --> 00:02:03.957
email being used to request
a fraudulent wire transfer. or a vendor's

32
00:02:03.957 --> 00:02:07.585
email asking to update their bank account
details.

33
00:02:08.044 --> 00:02:11.172
Today's cybercriminals are smarter.

34
00:02:11.381 --> 00:02:14.676
more sophisticated. and better resourced.

35
00:02:15.009 --> 00:02:20.223
thanks in part to the availability
of generative artificial intelligence.

36
00:02:20.932 --> 00:02:24.602
They'll patiently research and study
their targets.

37
00:02:24.936 --> 00:02:28.022
crafting messages that seem legitimate.

38
00:02:28.481 --> 00:02:31.067
increasing the chances of success

39
00:02:31.067 --> 00:02:34.154
and the risk of financial loss.

40
00:02:34.362 --> 00:02:37.782
Here are three common types of business
email compromise.

41
00:02:38.449 --> 00:02:40.869
Executive imposter fraud. a

42
00:02:40.869 --> 00:02:44.789
fake email
from a senior leader requesting a payment.

43
00:02:45.915 --> 00:02:47.709
Vendor imposter fraud.

44
00:02:47.709 --> 00:02:52.463
a fraudster posing as a vendor to divert
invoice payments.

45
00:02:53.548 --> 00:02:56.718
Payroll imposter fraud.
changing an employee's

46
00:02:56.885 --> 00:03:01.097
direct deposit details
to steal salary payments.

47
00:03:03.933 --> 00:03:04.851
So how can you help

48
00:03:04.851 --> 00:03:07.854
protect your organization
against this threat?

49
00:03:08.438 --> 00:03:12.650
There is no silver bullet
to fraud prevention. but utilizing

50
00:03:12.650 --> 00:03:16.988
a layered defense strategy
can help make a difference.

51
00:03:17.822 --> 00:03:21.159
This starts with implementing and adhering

52
00:03:21.159 --> 00:03:24.662
to strong internal controls and practices.

53
00:03:25.121 --> 00:03:28.833
Always verify all requests for payments

54
00:03:29.250 --> 00:03:34.297
or changes to payment instructions.
especially changes

55
00:03:34.297 --> 00:03:37.800
to bank account details or payment types.

56
00:03:38.635 --> 00:03:42.847
And watch for any red flags.
including unusual

57
00:03:43.097 --> 00:03:48.019
or out of pattern requests. requests
with a high sense of urgency.

58
00:03:48.394 --> 00:03:51.397
requests asking for confidentiality.

59
00:03:52.065 --> 00:03:54.400
If you receive a request by email.

60
00:03:54.400 --> 00:03:58.363
never reply directly to the message
to validate it.

61
00:03:58.780 --> 00:04:02.617
Instead. pick up the phone and confirm
it verbally.

62
00:04:02.951 --> 00:04:08.790
reviewing all the details in the request.
such as the account and routing numbers.

63
00:04:09.832 --> 00:04:12.502
And for these verification callbacks..

64
00:04:12.502 --> 00:04:15.505
never use any contact information

65
00:04:15.588 --> 00:04:18.591
that may be included in the request.

66
00:04:18.758 --> 00:04:22.804
Use only the information
in your own system of record.

67
00:04:23.096 --> 00:04:26.099
such as your vendor master file.

68
00:04:26.266 --> 00:04:28.476
This was the mistake Tom

69
00:04:28.476 --> 00:04:31.479
made in the earlier case study.

70
00:04:31.896 --> 00:04:34.899
Use a dual custody process
with your payments.

71
00:04:35.441 --> 00:04:38.611
This setup requires two users

72
00:04:38.736 --> 00:04:44.242
on two different devices
to separately initiate and approve

73
00:04:44.534 --> 00:04:48.329
all payments or payment instruction
changes.

74
00:04:48.913 --> 00:04:52.834
It's a second chance
to stop a fraudulent payment

75
00:04:53.126 --> 00:04:56.129
before it goes out the door.

76
00:04:56.462 --> 00:04:59.299
Monitor your accounts regularly.

77
00:04:59.299 --> 00:05:03.386
We recommend daily reconciliations.
which can help detect

78
00:05:03.636 --> 00:05:06.639
unauthorized activity in a timely manner.

79
00:05:07.890 --> 00:05:09.851
Establish a goal of

80
00:05:09.851 --> 00:05:14.480
creating a cybersecurity culture
across your organization.

81
00:05:15.106 --> 00:05:18.359
For this to happen.
it's essential to provide

82
00:05:18.526 --> 00:05:21.696
regular fraud training to all employees.

83
00:05:22.447 --> 00:05:25.450
Ideally.
it shouldn't just be an annual event.

84
00:05:26.200 --> 00:05:30.663
Shorter. more frequent
sessions can be more effective

85
00:05:30.663 --> 00:05:33.666
in reminding employees that they are

86
00:05:33.666 --> 00:05:37.086
the first line of defense against fraud.

87
00:05:37.378 --> 00:05:40.381
If you detect or suspect fraud
with the payment.

88
00:05:40.590 --> 00:05:43.593
contact your bank team immediately.

89
00:05:43.926 --> 00:05:46.929
Time is critical in these situations.

90
00:05:47.013 --> 00:05:52.226
And remember. staying alert
and informed can help you stay protected.

91
00:05:52.685 --> 00:05:54.937
And thank you for watching this tutorial.