Umpqua Bank has recently become aware of customers being targeted for a wire transfer fraud scheme. The fraudsters use e-mail impersonation techniques to trick employees into believing they are receiving an e-mail from a co-worker, vendor, supplier, or business partner. Based upon the e-mail address in the "From" field, these fraudulent emails look legitimate. E-mails in this scheme appear to be targeting corporate executives, corporate finance personnel, or others likely to have roles in authorizing or executing accounts payable operations. The fraudsters spend time learning about target companies, their employees' jobs, and vacation/travel plans.
What To Look For
Please be on alert for payment requests which:
- Involve pressure to take action quickly.
- Are directed to a bank account that has not been previously used for payment to the supplier, vendor, or business partner.
- Involve sudden changes in business practices. For example, if a partner asks to be contacted via his or her personal e-mail address when all previous official correspondence has been on a company e-mail address, the request could be fraudulent.
What Should You Do?
We recommend you implement the following controls to protect your business from such fraud:
- Ensure all employees who handle accounts payable and wire transfers are educated on this type of fraud scam
- Establish additional protocols to verify the legitimacy of all wire transfers requests received via e-mail, phone, or fax. For example, call the contact back at the phone number you have on file (i.e., do not use phone numbers provided as part of the wire request).
- To defeat e-mail impersonation techniques, do not use the "Reply" option to respond to wire transfer requests received via e-mail. Instead, use the "Forward" option and either type in the contact's e-mail address you have on file or select it from the e-mail address book to ensure the intended recipient's correct e-mail address is reached.
- Be wary of unsolicited e-mails or phone calls requesting detailed information about your employees' job duties/descriptions, hierarchal information, or vacation/travel plans. Also, reconsider what you post on social media or websites in these areas.
- Never click on links or open attachments contained in unsolicited e-mail from unknown parties. These attachments and links may contain viruses or malware that could give fraudsters access to your computer system.
- If you determine that your company has been a victim of payment fraud schemes contact us immediately at 1-866-486-7782 and we can attempt to recall the payment.