Fraud Involving Electronic Fund Transfers (“EFT”) Using Phony E-Mails & Phone Calls

November 17, 2021

a close up of a keyboard with lock on top

This is an e-mail received from McGowan, one of our Managing General Agency Partners.

 

Recently, one of our brokers was the victim of a clever “cyber fraud” scheme involving a phony EFT request. Below, we describe “How the Fraud Occurred” and “How to Prevent EFT Cyber Fraud.”

How the Fraud Occurred

1. The fraudster set up a phony internet domain, designed to closely resemble McGowan’s real internet domain.

The phony internet domain set up by the fraudster was: www.mcgovvanexcess.com.

McGowan’s real internet domain is: www.mcgowanexcess.com

The fraud in the phony internet domain is brilliant and barely perceptible. What is the difference between the two internet domains? The fraudster used the letter “v” twice in its phony internet domain to resemble the letter “w’ in McGowan’s real internet domain.

2. The fraudster sent e-mails to our broker, pretending to be a McGowan employee, from the phony internet domain mentioned above, notifying our broker that McGowan changed its banking institution and its ACH account details.

The fraudster sent e-mails to our broker from SallySmith@mcgovvanexcess.com(again “vv,”rather than “w”).

The fraudster’s e-mails stated that McGowan changed its banking institution, experienced a “glitch” with one of it sold accounts, and changed its EFT account information. One of the e-mails was accompanied by an “EFT Payment Form,” referencing J.P. Morgan Chase Bank that looked legitimate (but was not). Here are excerpts from those e-mails:

A. “Additionally, We had a change of banking institution and method of payment switched to electronic payment via ACH/EFT. We are experiencing a glitch with our old account so we have to update our new ACH/EFT account information on your system for all future payments.”

B.“Attached is our updated ACH Bank Information for you to set up on your system. Our CFO John Mike would call you and verify ACH bank information, Please What is the best next to reach you at. Please confirm receipt.”

The author’s sentence structure, lack of proper pronouns and punctuation, poor grammar, poor syntax, and odd phraseology are “tip offs” that these e-mails might originate outside the United States and be fraudulent.

3. The broker paid premium due to McGowan to the fraudster.

Unfortunately, our broker was duped by the fraudster and paid over $30,000 in premiums due to McGowan to the fraudster. Such payments are almost always impossible to recover.

How to Prevent EFT Cyber Fraud

There are numerous ways in which fraudsters engage in cyber fraud. However, almost all of them are modern versions of “con games,” in which a fraudster obtains the confidence of a victim, then abuses that confidence.

Cyber fraud comes in many forms with a lot of names, such as “phishing,” “vishing,” “spoofing,” “masking,” and “social engineering.”

1. Avoiding Electronic Fund Transfer (“EFT”) Payment-Related Fraud

Electronic Fund Transfer (“EFT”) refers to any electronic transfers of funds between bank accounts, including ACH and wire transfers.

The simplest way to avoid EFT payment-related fraud is to:

A. Verify Odd E-Mails

Be suspicious of any e-mails that seem odd. Any time that you receive an e-mail that seems odd, call a valid telephone number for the sender, talk to the sender, and verify that the e-mail is valid. Remember: do not call a telephone number on a suspicious e-mail to talk to the sender, as such telephone number is possibly phony.

B. Verify Business E-Mails Using Gmail, Hotmail, Yahoo, or AOL

Most businesses have their own internet domains and do not use @gmail.com, @aol.com, @hotmail.com, or @yahoo.com to communicate. Any time that you receive a business e-mail from @gmail.com, @aol.com, @hotmail.com, or @yahoo.com, call a valid telephone number for the sender, talk to the sender, and verify that the e-mail is valid. Remember: do not call a telephone number on a suspicious e-mail to talk to the sender, as such telephone number is possibly phony.

C. Verify E-Mails Requesting Changes to a Payee’s Bank Account

Any time a payee asks you to change your records with regard to the payee’s bank account, call a valid telephone number for the payee, talk to a human being in the payee’s Accounting Department, and verify that the requested change is valid. Remember: do not call a telephone number on a suspicious e-mail to talk to the sender, as such telephone number is possibly phony.

D. Verify E-Mails Requesting Changes to a Payee’s ACH/Wire Instructions

Any time that a payee asks you to change your records with regard to the payee’s ACH or wire instructions, call a valid telephone number for the payee, talk to a human being in the payee’s Accounting Department, and verify that the requested change is valid. Remember: do not call a telephone number on a suspicious e-mail to talk to the sender, as such telephone number is possibly phony.

2. Avoiding Other Types of Cyber Fraud

J.P. Morgan Chase Bank has an excellent website to help people avoid cyber fraud. We recommend that you and your Accounting Departments review this website at:

Fraud Prevention (jpmorgan.com)

Our Real Contact Information

Our real contact information appears below:

Main Phone Number of The McGowan Companies: (440) 333-6300

Main Website of The McGowan Companies: www.mcgowancompanies.com

McGowan Companies Logo

Get a Cyber Insurance Quote

Do You Have Sufficient Protection?

Ready to protect your professional career with the best malpractice insurance on the market? Contact us today and let our experienced team guide you towards peace of mind. Your success is our priority.