Cybersecurity and Fraud Protection

Foiling a Look-Alike Domain Fraud Attempt

Learn how Commercial Banking’s fraud prevention education helped a national university stop a $2.3 million wire fraud attempt.


Learn how Commercial Banking’s fraud prevention education helped a national university stop a $2.3 million wire fraud attempt.

Cybersecurity and fraud prevention education has played a key role in helping higher education institutions protect employees, students, alumni and vendors.

That prevention strategy helped stop a business email compromise fraud attempt for one Commercial Banking client when the criminals used a look-alike domain to impersonate one of the school’s known vendors. By following the organization’s established callback protocols and other best practices, the university’s employees stopped a fraudulent wire transfer request for $2.3 million.

 

Q: You learned about the fraud attempt from another university employee. What happened on that day that seemed unusual?

A: A payments employee received an email from a known vendor that requested a change to the established wire instructions and a $2.3 million transfer to a bank in Hong Kong. The employee emailed the request to the beneficiary bank and copied me. When we read the email, it sent up all kinds of red flags.

 

Q: What were the warning signs that this email was suspicious?

A: The email was well-written and professional, but we scrutinized it closer and noticed that the domain address from our vendor was different. There was an extra letter added to the address, so if you scanned it quickly you may have missed it. Just the day prior, we received a fraud alert from JPMorgan Chase’s Fraud Prevention team about the increase in wire fraud directed to banks in Hong Kong. Our employee promptly called the vendor by phone by following our callback procedures and let them know that she had received a suspicious wire fraud request. We also learned that the cybercriminal had registered the fraudulent domain two days before attempting the wire fraud transaction.

 

Q: How did this fraud attempt change the university’s view on cybersecurity and fraud prevention best practices, especially in the wake of expanded remote working?

A: We have shared cybersecurity emails with appropriate managers and other university members who have some level of wire authority. Going forward, we are including all wire-entitled employees on these cybersecurity alerts. We will continue to perform callbacks on new wire instructions or changed instructions on recurring payment requests that we receive.

 

Q: Did this fraud scheme give the university an opportunity to increase its fraud education among employees? 

A: The university holds an annual cybersecurity seminar with [Commercial Banking Relationship Manager] Mike Wilson with JPMorgan Chase. Earlier this year, we expanded the distribution list to include employees from human resources, accounting, budgeting and a member of the chief investment officer’s team. Moving forward, the university will increase cybersecurity presentations and include more employees from different areas. We think it is helpful for everyone to understand the pervasiveness of the different types of fraud schemes and how to spot them.

 

Q: What recommendations would you tell another Commercial Banking client about this experience that could potentially help them avoid a fraud attempt? 

A: Fraud attempts really can happen to any organization. This is the reality we live in. Establish relationships with your vendors and pick up the phone and call them if you receive an email with a change in wire instructions and it doesn’t sound right. Always do a callback.

 

The university’s Commercial Banking Relationship team, Mike Wilson and Candice Mahanay, help reinforce the message with regular client training sessions and fraud prevention collateral.

“We regularly send cybersecurity email alerts to our Commercial Banking clients to help them stay aware of emerging cyber and fraud trends. With the rise in cybercrimes, it is important that all organizations conduct cyber and fraud education training to help educate their employees on how to spot red flags,” Wilson said.

Fraud attempts really can happen to any organization. This is the reality we live in.

University Director, Finance And Treasury

Higher Education Cyber Magazine Fall 2020 Cybersecurity and Fraud Protection

Get in Touch and Stay Informed

icon
Loading...