Email fraud and cybercrime
EDITOR'S NOTE: Elliot Berman is the principal of Bowtie Advisors, LLC, a Milwaukee-based advisory firm which assists privately owned businesses and non-profit companies in areas such as strategic development, governance processes, mergers and acquisitions, and regulatory support.
In September 2016, the Financial Crimes Enforcement Network issued an advisory on email compromised fraud schemes. In October, FinCEN followed up with an advisory on cyber-enabled crime.
Taken together these advisories make clear the continuing concern about the risks of deceptive and intrusive events for financial institutions and their customers.
Email compromised fraud schemes used hacked e-mail accounts to issue legitimate appearing messages to trigger payments or transfers to accounts controlled by the fraudster.
In the email fraud advisory, the agency focuses on both the structure of e-mail fraud schemes and red flags to identify such schemes. The consistent element in all of the versions of such frauds is the successful intrusion into an email account. The account can be of a financial institution customer, an executive of a customer or a supplier. In any case, the fraudster seeks to impersonate the customer and issue instructions to the financial institution, resulting in payments or funds transfer from the customer’s account to an account controlled by the fraudster. Often these payments or transfers are made to accounts in foreign financial institutions. If detected, these schemes should be reported to the government in a Suspicious Activity Report. Open communication between a financial institution’s anti-money laundering, fraud, cybersecurity and business units will enhance the institution’s ability identify, prevent and report such frauds.
Email fraud schemes
Cyber-enabled crime
In the October advisory, FinCEN noted that cyber-enabled crime may involve credential theft – through hacking into a customer’s systems or a direct assault on a financial institution’s systems or employees – such as a distributed denial-of-service attack used to cover the issuance of unauthorized funds transfer instructions. As in the email fraud advisory, the agency noted that open communication and information sharing among a financial institution’s AML, fraud and cybersecurity units are important to enhance its ability to identify, prevent and report these crimes.
The advisory:
  • Recounts existing SAR reporting requirements relating to cyber-enabled crime;
  • Discusses the importance of including “relevant and available … information (e.g. IP addresses with timestamps, virtual-wallet information, device identifiers) in SARs”; and
  • Encourages financial institutions to voluntarily report “egregious, significant or damaging” cyber-enabled events which do not trigger a SAR filing requirement.
How financial institutions can protect themselves from cybercrime.
Read More
FinCEN cautions financial institutions that “no single transactional red flag necessarily indicates suspicious activity.” Reviewing the circumstances of each message is needed to determine if the message – and the related transaction – are indeed suspicious.

In addition to detection and reporting, financial institutions can take affirmative steps to reduce the impact of email fraud. Prepare email review checklists based on the applicable red flags and train staff to use them to evaluate email payment requests. Establish callback procedures for higher risk transactions, such as those marked “urgent” or where the request has a very short execution deadline. Financial institutions also can implement programs to educate their customers to help them identify email fraud in the same way many businesses have established customer education on other types of fraud.
Go beyond detection and reporting and implement active programs to intervene to stop potentially fraudulent transactions.
What are the key takeaways from these two recent advisories?
FinCEN and the principal financial institution regulators continue their focus on information and transaction integrity, and cybersecurity.
Removing the barriers to effective communication and information sharing across detection units is becoming a regulatory expectation and a best practice.
Monitoring, investigating and reporting of complex frauds and cyberevents demand effective deployment of internal resources.
ElliottBermanPhoto
By Elliot Berman
The advisory noted that the e-mail schemes may exhibit one or more of 11 red flags. These red flags include:
  • Slight alterations to the customer’s e-mail address;
  • Messages with different language or other attributes from earlier verified transactions;
  • Messages directing payment to known payees, but to a different account than used in the past;
  • Messages directing payment to a payee with whom the customer has no payment history;
  • Messages with instructions designating the request as “Urgent,” Secret” or “Confidential”;
  • Messages timed to give the financial institution limited time to authenticate the request; and
  • Messages requesting additional payment immediately following a successful payment to an account not previously used to pay a vendor.
Tips to identify red flags and respond to email and cyberthreats
article-down-arrow
© 2017 OnCourse Learning Corp. All rights reserved
Contact Us
20225 Water Tower Blvd. Brookfield, WI 53045
BACK TO TOP
More inside this guide
share-dots-shadowleft-arrowright-arrowright-arrow-3
hamburguer-icon-shadow
MENU
X
Contents
HOME
arrow
arrow
Prevent cyberattacks
Landing-524882074
Banks must take proactive steps to stay ahead of cybercriminals
landing-506789534
Phishing for trouble
Hackers use phishing emails to steal data, penetrate networks
arrow
landing-81178245
Banks face new cyber regs
New cybersecurity standards could affect large financial institutions
arrow
callout-619521204
Leading the way
New York establishes first-of-its-kind cybersecurity standards
arrow
Landiing-522152569
What you need to know
Ways financial institutions can identify and respond to cyberthreats
arrow
landing-483590337-_1_
Email fraud and cybercrime
Tips to identify red flags and respond to email and cyberthreats
arrow
Landing-474096848
Understand the threats
Learn ways financial institutions can mitigate cyber risks
arrow
landing-518856699
Reduce cyber risk
OnCourse Learning webinar focuses on cybersecurity issues
arrow
Landing-639086112
Choose the right vendor
Financial institutions can be held responsible for vendor tech failures
arrow
ThinkstockPhotos-506752188
Become cyber secure
OnCourse Learning offers cybersecurity training to meet your needs
arrow
ThinkstockPhotos-487159125
Take cybersecurity seriously
Guide helps financial institutions identify cyberthreats
arrow
Landing-492263357
Beware of ransomware
Cyberattacks involving ransomware are a growing concern
arrow
landing-521421311
Stop the bad actors
Terrorists and other groups threaten the financial system
arrow
landing-78288589
Credit unions raise the bar
Agency creates cybersecurity assessments for credit unions
arrow
landing-468005219
Cyber preparedness
Why cybersecurity should be a top priority for your financial institution
arrow
landing-637910478
Increase cyber awareness
Federal and state agencies offer many cyber resources
arrow
landing-81859699
Protect online payments
Agency warns of cyberthreats to bank payment networks
arrow
Landing-506709328
Training in the cyber age
Preparation is better than remediation when it comes to cybersecurity
arrow
logo
How to Navigate
X
How to Navigate
BROWSE
FIND
right-arrowleft-arrow
hamburguer-icon-shadow
MENU
Move forward or backward between articles by clicking the arrows.
Click or tap to bring up the Table of Contents.
READ
facebooktwitterLinkedin
SHARE
scroll
Share articles by clicking on one of the social media icons in the upper right corner of the page.
Use your mouse wheel, keyboard arrow keys, or scroll bar to move up and down in an article.