Funds transfer fraud, also known as business email compromise (BEC), is a much more widespread problem than it seems, according to lawyers at Ice Miller LLP. The attorneys believe this type of CEO Fraud is often underreported by the victims, so that even law enforcement doesn’t have a full view of the problem’s scope. Every organization should assume they will be targeted by this type of attack.

“Funds transfer fraud is a crime that leverages technical and social engineered attacks, over the internet or by phone, that involve fraudsters impersonating vendors, executives or banks to convince organizations to wire funds to accounts under the control of the criminal,” the lawyers explain.

These crimes usually involve multiple steps and the attack can potentially be thwarted at each one, either by an observant employee or by the organization’s security protocols. For example, an email-based BEC attack can be foiled by requiring employees to confirm the legitimacy of a fund transfer via a phone call.

Stopping funds transfer fraud in its tracks is important because, In many cases, the money is gone for good once it’s been transferred to the scammers. In cases where the funds can be recovered, however, the victims must act quickly. The lawyers say a comprehensive security program that includes employee training is the key to stopping these attacks.

“Building an integrated data security program, with training that ties to your company’s financial and internal controls, is the best approach to mitigate the risks that transfer fraud entails,” they write. “Done well, such an integrated enterprise risk management also helps to protect against other types of fraud and criminal conduct. We caution, in particular, that organizations handling large sums of money and transactions, such as retirement plans, real estate companies, manufacturers and financial institutions, are prime targets for these types of attacks. The criminals often know a great deal about how these companies operate and once they succeed against one, they will replicate their attacks against others.”

New-school security awareness training can help prevent these attacks at the outset, and it can also enable your employees to thwart attacks that are in progress, or mitigate the ones that have already taken place.

This blog originally appeared on KnowBe4.

About the Author

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4 Inc, a provider of the most popular Security Awareness Training and Simulated Phishing platform. A serial entrepreneur and data security expert with more than 30 years in the IT industry, Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.” Along with his CEO duties, Stu is Editor-in-Chief of Cyberheist News, an e-zine tailored to deliver IT security news, technical updates, and social engineering alerts. Stu is a four-time Inc 500 award winner and EY Entrepreneur of the Year finalist.