At first glance the emails look legitimate.
But businesses get defrauded of millions of dollars daily by people using spoof emails and other false documents to steal funds, said Randy Roewe, chief risk officer for First Financial Bank.
“We get things from time to time that look exactly like a company logo,” said Darren Faulk, who is in business development for Stewart Title Co.’s Cleburne office.
With these spoofed emails, however, there is always something off with them, he said. “Title companies get targeted more than anybody because we’re moving large amounts of funds.”
Because transactions could be moving millions of dollars electronically, title companies have to be extra vigilant about security, from verifying information to keeping information private, Faulk said.
‘We do everything possible to keep things secure,” he said.
Electronic crime has become such a big business, Roewe said, the FBI has developed the Internet Crime Complaint Center — or IC3 — to track electronic crime. Over the last three years, businesses in the U.S. have lost $1.5 billion to internet fraud.
Much of the money being lost is going to Asia, especially China, although the United Kingdom is also becoming prominent, he said.
Email fraud is one of the most prevalent ways businesses get defrauded of money, Roewe said. Nationally, title companies are some of the hardest hit, losing more than $17 million last year.
But every business, from legal services to food service and manufacturing, is vulnerable to losses, he said.
By stealing basic information through company websites and tracking social media, crooks determine who to target and impersonate in an email to perpetrate their scams, Roewe said.
Usually, compromised email attacks will come in the form of electronic funds transfer requests, he said. Such transactions go so fast, they are hard to catch.
“We encourage you to use electronic funds transfer,” he said, but when using any banking service businesses have to be aware of risks and how to manage them.
These emails might appear legitimate, he said, and the criminals usually pose as a CEO or other executive but the emails will usually come from a look-a-like domain camouflaged by as few as one or two letters off the real site. The crooks might alter a domain like “payme.com” to “payrne.com” that at a quick glance might look like the real thing.
They also might leave clues in subject lines or in the body of the email itself, he said. Usually messages and subject lines contain a sense of urgency in the request or a request for secrecy.
When checking email from a phone, if a request comes in from a CEO or executive, it’s usually good to double-check on a computer to see the actual address the email is coming from, he said.
Besides using fake emails, criminals also create fake invoices or concoct elaborate stories to steal money, he said. Like fake emails, fake invoices might look legitimate, using company logos or real names, but will be off in some way, usually through account numbers.
Thieves will concoct elaborate stories to attract third party “mules” to have money sent through them for part of the cut, he said. Work from home offers are also usually to good to be true scams to get people to release their information.
The thieves are sophisticated, he said. With one recent scam the bank discovered, for instance, a Houston title company was sent a money transfer request, one that looked completely legitimate, using the same language used in transfer and even a real routing number to an account at a bank in Ohio.
What clued the title company into the scam was the routing number — it was for a personal rather than business account, he said. The company had checked and confirmed with the bank in Ohio that the account stood out.
It’s through diligent action like checking and confirming and coaching employees to recognize fraud that will save businesses from its headaches.
Implementing dual controls — where two people are responsible for one operation — is one of the best ways to deter fraud, he said.
While email and other electronic fraud are prominent, checks are still used to commit fraud, said Daniel Neely, First Financial Senior Vice President of Treasury Management Solutions.
Checks can be altered or forged or counterfeited, he said, and as with other forms of fraud, diligent checking and confirming will help prevent loss. He recommended reconciling accounts daily as a way not only of keeping books current but of checking for fraud.
But most important, knowing who you’re doing business with will lower risks, he said.