What to do if your company is the victim of a fake transfer order? Secure your emails with Altospam

False transfer orders are very common fraud practices on the internet. Thus, it is necessary to take some measures to protect your company and each employee against this type of attack. Find out what to do.

Tech Securing your emails Complete service for securing your electronic mailboxes Complete service for securing your electronic mailboxesBeing advisedAccess to the serviceBeing advisedFind out more

What are fake transfer orders?

Fake International Transfer Orders (FOVI) are types of financial scams that involve getting the victim to make unplanned transfers from their account to that of the scammer. Very often victims are unaware of this, as the techniques used by scammers go unnoticed.

Also called “president fraud” “or president scam”, FOVI attack a company decision-maker, a manager or simply an employee, who has access to accounts. This type of scam most often happens in emails, following a hack. The attacker is responsible for carefully analyzing the environment of his victim, by recovering data and information on the Internet. Then he either creates a fake domain name or impersonates a third party. It uses many specific techniques.

The techniques used by scammers are numerous. The attacker or hacker can for example usurp the identity of one of your suppliers or customers and communicate new bank identities so that you can pay a false invoice. He can also usurp the identity of an employee and change his bank details so that the company can make a salary transfer. The attacker can also impersonate a merchant site that requests payment for a fake order.

What to do if your company is the victim of a fake transfer order?

If you believe that your company is the victim of fake international transfer orders, it is essential to notify all the entities concerned by this attack:

Identify fraudulent transfers

Record the emails and transfers that you consider to be fraudulent, those that have already been made or those that are pending. Also note the bank details of the scammer. At the same time, alert your company's accounting department or account manager.

Alert your bank

Alert your bank as soon as possible and let them know that you have been the victim of a fake transfer order. Also file a complaint so that the IT department or the account transfer service will take care of following up or reversing the transactions.

Request the cancellation or blocking of transactions

If you alert the bank in time, it may be possible to cancel the transfer, if it is still in progress. On the other hand, if the transaction has already been carried out, the bank could block the funds and recover the fraudulent transfer.

File a complaint with the authorities

This type of scam, whether by telephone or online, must be reported to the competent authorities. Gather all the evidence you have (transfer order, fraudulent email, false invoice, etc.) and file a complaint with the police station or the gendarmerie.

Change your email password

If the scam happened by hacking your email, change your password right away. Use more complex characters to make your credentials more secure.

How to protect your business from fake transfer orders?

Email account fraud risks can arise anyhow and at any time. To limit the risks, you should take preventive measures with your employees:

Always verify or validate a transfer

If a transfer request arrives in an email, you should contact the entity or person concerned directly to validate or verify the veracity of this transfer.

Protect professional emails with an email protection solution

To avoid any hacking attempt by email, set up an email protection solution. This filters all incoming emails suspected of being fraudulent and places them in quarantine or sends them directly to “junk mail”. AltoSpam is one of the anti-spam and antivirus solutions that fully protects your email address by analyzing spam, viruses or other hacker threats.

Strengthen the identifiers of each employee

Ask your employees to strengthen their passwords on their e-mail address and on all the sites where they have an account. Rather than using their date of birth, it is necessary to favor a password with a higher level of complexity: with numbers, letters and even specific characters such as punctuation marks. Also, use different passwords for all accounts rather than generalizing on a single password.

Use two-factor authentication

This measure consists of validating access to the email address, to professional accounts, by a code that will be sent by telephone or email. Thus, when another person tries to enter the accounts, the employee will be notified.

(Photo credit: istock)

Article written by

AuthorStéphane ManhesOKTEY specializes in publishing products and services for securing electronic messaging: antispam, anti-relay, antivirus, antiscam, protection against denial of service…...See his contributionsThis text is published under the responsibility of his author. Its content does not in any way engage the editorial staff of Les Echos Solutions.