With Mobile Wallet, safely make purchases in store, in-app or online using your smartphone.
Manage your business accounts on the go with our Business Mobile App.
Want to work at one of Forbes' World's Best Banks? Browse our career opportunities.
Do you know what’s in your email inbox? Some dangerous messages could be lurking from fraudsters attempting to convince you to wire money to them, all while acting as legitimate companies. This practice, known as email spoofing, leads to financial damage for targeted companies and increased stress for everyone involved.
Know the signs of email spoofing to safeguard your corporate accounts.
An email spoofing attack leverages the likelihood that the Accounts Payable department at the targeted company will have actual invoices from the spoofed company. Attachments usually include only wire transfer information in the form of a text object that many email filters can inspect.
The body of the email often includes a fake “original message” to set the pretext that the targeted recipient has had a previous conversation with the impersonated sender regarding a wire transfer. In the faked included message, the impersonated sender’s actual domain name is used by the fraudster, and a look-alike domain name is in the headers of the actual message. The faked message is also back-dated, as if the supposed email conversation occurred several days prior.
Fraudsters typically use the actual names of executives. The domain names, however, are look-alike domain names which are very similar to those of the spoofed organizations. For example, the fraudsters might attempt to register and send email from the domain name “examp1e.com” when spoofing the sender from a company using the actual domain “example.com.”
Spoof emails are sent to corporate executives, corporate finance personnel, or others likely to have roles in authorizing or executing accounts payable operations.
Analysis suggests that the link between targeted organizations and the spoofed senders may have been gleaned from data available on professional networking websites.
We recommend organizations take the following steps to reduce the risk of falling victim to these attacks: