Cybersecurity and Fraud Protection
How One Employee Stopped a $3 Million Fraud Attempt
Recently, a Client Service Senior Associate refused to take “yes” for an answer when she received an odd payment request from a client. Her persistence and curiosity helped avoid a potential multimillion-dollar loss when it became clear the client was the target of a payments fraud scheme.
Elaine Escobar, a Client Service Senior Associate for our Commercial Banking group in New York, received an email from our banking operations team asking her to validate a $3 million wire transaction to a vendor.
“There were a couple of red flags,” Escobar said. “Something just didn’t feel right. The payment instructions had been changed to a bank outside the US that the client had not sent a payment to before. I decided to hold the payment.”
The controller said the request was valid and that the company’s chief financial officer (CFO) approved the payment. Escobar was told, please release the payment. She recommended that the controller contact the CFO for verification.
Following that advice, the controller sent an email via the client’s corporate email system to the CFO and copied Escobar.
Then Escobar reviewed the controller’s email she had been copied on, which contained the original payment request from the vendor. She read the email trail and saw that that the vendor’s email domain name was misspelled in the initial email address. Escobar replied to the controller and the CFO, asking them to review the spelling on the email domain.
She then received several emails from the fake CFO—criminals had taken control of the CFO’s email account—demanding that she release the wire. But without a verbal confirmation, Escobar still was not convinced and continued to hold the money.
A Business Email Compromise Scheme
Five minutes later, Escobar received another email from the real CFO: Do not release. Her telephone rang. It was the genuine CFO calling to say that the wire request and the other emails all were fake. The client had been targeted in a business email compromise scheme.
“Confirming the payment instructions with an established contact at a known telephone number is critical to avoiding fraud schemes,” Escobar said. “As we saw here, asking clients to validate by email is not effective because they could be communicating with the criminals at a bogus email address.”
This case is an “excellent example of why the firm implemented additional validation processes,” said John Gambardella, Region Manager, Middle Market Banking & Specialized Industries. “Clients sometimes question why we double-check transactions. But by taking those extra steps, and refusing to act until she was sure it was legitimate, Elaine stopped a significant loss for our very grateful client.”