SCAMMED! A Cautionary Tale and a Defense Strategy

SCAMMED! A Cautionary Tale and a Defense Strategy

SCAMMED! A Cautionary Tale and a Defense Strategy Presenters: Ann Kokx-Templet Director of Contracts and Purchasing Services

Bill Dickerson Director of Accounting and Financial Services Attack Types Methods of Attack

Payment Fraud Continues on the Uptick Percentage of firms that experienced actual and/or attempted payment fraud in 2017 Prevalence of Fraud by Payment Type

Sources of Actual / Attempted Payment Fraud in 2017 Payroll Fraud Payment Fraud and

How the Scam Occurred 3/19/2018 - Fraudster opened new domain name from

namecheap.com 3/19/2018 10:43 AM Fraudster sent email request to San Jac to update supplier ACH

electronic payment banking information 3/19/2018 10:49 AM

SJC Forwarded new direct deposit form to Fraudster 3/19/2018 11:22 AM

Received new direct deposit form and copy of voided check with new routing number

3/19/2018 11:22 AM Received direct deposit form and copy of voided check with routing

number 3/22/2018 Payment intended for a construction contractor issued to the fraudsters account with confirmation sent to email on record 3/26/2018 - PNC Bank contacted JPM

Chase (our bank) because they suspected it may be fraudulent Our Response and Cure Measures Team formed with department leaders from Accounting, Accounts Payable, Purchasing,

Internal Audit, Payroll and Police Informed supplier of the fraud College Police started investigation Issued subpoenas to obtain bank account and domain names owner information Implemented new controls and formal procedures to prevent recurrence of this type of fraud

Insurance (Crime Policy) coverage limited to $150,000 Key Controls Obtain confirmation from supplier on all

changes Confirm using contact information in existing vendor database, not the information provided in an email or new invoice Only accept information from communication we initiate

Accept information from Controller or Accounts Receivable personnel only Banner FTMVEND using FOATEXT Document all changes Date

Initials of person making changes Phone number or email that was contacted Name and job title of person at firm who supplied the information Notate everything that was changed in the record

Update Address and Direct Deposit Information Other Preventative Measures Implementation of Tighter

Internal Controls Partner with Accounts Payable and Purchasing Publish a clear payment processing policy and follow it Enforce strict compliance with the payment and vendor set-up process

Keep a clean vendor master database Perform callbacks on all account change requests Be watchful for potential malware links If something doesnt feel right, ask questions

DONT BE RUSHED Partner with Accounting Teams Bank account reconciliation is a key control to detect fraud Consider implementing daily automated reconciliation process for:

Bank statements Receivables matching Check clearing Enforce strict segregation between financial payment systems Watch out for overpayment or duplicate payment refund

requests from accounts receivable Partner with Audit Team Engage audit teams early and often Immediately report fraud and ask your internal audit team to engage in a risk

assessment Perform access reviews to keep system access clean and limited to only those who require it Partner with Technology Teams

Awareness, training and repetition are important tactics in preventing cyberattacks Mandate cybersecurity training Provide phishing awareness reminders as well as reporting tools Implement social engineering exercises to test readiness

Tips for Identifying Phishing Emails Sender name is vague or generic Subject does not specify the purpose of the email Sender address has a suspicious domain (i.e. builders-US.com) Grammar, spelling or punctuation mistakes

Look for foreign spellings of English words such as Organise instead of Organize Uses authoritative language to entice the user to respond quickly Link is obfuscated Absence of a logo or improper use of text and graphics Unusual web links or attachments

Tell Us About Your College Thank you. Source Credits: Association for Financial Professionals

(AFP), Payments Fraud and Control Survey, Underwritten by J.P. Morgan Chase

Recently Viewed Presentations

  • CSCE 612: VLSI System Design

    CSCE 612: VLSI System Design

    CSCE 212 Chapter 8 Storage, Networks, and Other Peripherals Instructor: Jason D. Bakos Magnetic Disk Storage: Terminology Magnetic disk storage is nonvolatile 1-4 platters, 2 recordable surfaces each 5400 - 15,000 RPM 10,000 - 50,000 tracks per surface Each track...
  • English Terms from Mythology

    English Terms from Mythology

    On Mount Olympus, the gods created a young woman. Each one gave her a special gift, such as a silvery gown, a golden crown, great beauty, and garlands of flowers. They named her "Pandora," which means "the gift from all."
  • Презентация PowerPoint

    Презентация PowerPoint

    doTERRA молодая (8 лет), динамичная (постоянный рост продаж - 1.2 млрд за 2016 год), стабильная (без долгов), частная (есть хозяева) ... Презентация PowerPoint Last modified by:
  • Developers vs Testers

    Developers vs Testers

    What exciters can we add to keep the customer with us? What types of documentation / training needed for users? Are compliance documents needed to sustain business? How to technology current to avoid risks from shelf-life? How to avoid technical...
  • Welcome to Second Grade!!

    Welcome to Second Grade!!

    Welcome to 1st Grade Mrs. Arthur RM 310 Mrs. Dew RM 308 Mrs. Lepick RM 311 Mrs. Lingenfelter RM 309 What is First Grade all about? Forming a classroom community Fostering independence Teaching responsibility Standards Based Instruction using the AZCCRS.
  • Middle States Commission on Higher Education Evidence of

    Middle States Commission on Higher Education Evidence of

    Mid-Point Peer Review of AIU Data. 2024 - 2025. Self-Study Evaluation using the "New" 7 Standards. MSCHE Evaluator Team Site Visit. Requirements of Affiliation. ... mission-centric standards acknowledge the diversity of institutions.
  • State of Utah Division of Purchasing

    State of Utah Division of Purchasing

    Background:current high school assessment In 2012, RFP was issued by USBE and State Purchasing for a computer-adaptive assessment for grades 3-10. Five-year contract. Total cost of $39,303,646
  • Chapter 4 Triangle Congruence - Strongsville City Schools

    Chapter 4 Triangle Congruence - Strongsville City Schools

    Chapter 4 Triangle Congruence By: Maya Richards 5th Period Geometry Section 4-1: Congruence and Transformations Transformations: Translations - slides Reflections - flips Rotations - turns Dilations - gets bigger or smaller (only one that changes size) Rotation of 180 degrees...