The focus of IT and security experts over the past several years has been oriented primarily around hacks and “backdoor” access to corporate financial systems. In the past several months, two of our clients have been victimized by an alternative low tech approach to thievery that we want to bring to your attention. Here is how it works:
- A nefarious character spoofs the email address of a CEO, President or CFO of a company and sends an email to the AP manager or Controller with a fraudulent invoice attached that says, “Pay this via ACH as soon as possible, thanks.”
- Corporate controls around ACH processing are not as rigorous as check processing controls.
- The obedient finance executive processes the ACH.
- Poof – the cash is gone!
A friendly reminder to check for any gaps in your ACH control network and plug them immediately. More examples of these types of emails can be found here.