Please Don’t Be Like This Accountant Who Got Scammed Over Email

Here's an unfortunate situation that hopefully none of you ever have to go through:

The accountant for a U.S. company recently received an e-mail from her chief executive, who was on vacation out of the country, requesting a transfer of funds on a time-sensitive acquisition that required completion by the end of the day. The CEO said a lawyer would contact the accountant to provide further details.

“It was not unusual for me to receive e-mails requesting a transfer of funds,” the accountant later wrote, and when she was contacted by the lawyer via e-mail, she noted the appropriate letter of authorization—including her CEO’s signature over the company’s seal—and followed the instructions to wire more than $737,000 to a bank in China.

The next day, when the CEO happened to call regarding another matter, the accountant mentioned that she had completed the wire transfer the day before. The CEO said he had never sent the e-mail and knew nothing about the alleged acquisition.

And you might think, "You have to be pretty stupid to get scammed over email," but the FBI notice says that "Business E-Mail Compromise" frauds have duped more than 7,000 businesses with losses in excess of $740 million over the last couple of years. Crikey, that's a lot. Does gullibility result in that much fraud? If so, yikes.

Here's more:

[A]fter the accountant spoke to her CEO on the phone, she immediately reviewed the e-mail thread. “I noticed the first e-mail I received from the CEO was missing one letter; instead of .com, it read .co.” On closer inspection, the attachment provided by the “lawyer” revealed that the CEO’s signature was forged and the company seal appeared to be cut and pasted from the company’s public website. Further assisting the perpetrators, the website also listed the company’s executive officers and their e-mail addresses and identified specific global media events the CEO would attend during the calendar year.

Yeah, it's a little sloppy that a single email from a CEO along with a lone signature over a company seal would be enough to wire $737k. As Matt Levine writes:

[N]o one ever wants to talk on the phone any more, making it less likely that anyone will ever pick up the phone to verify e-mailed transfer instructions.

That might sound tedious, but it could save you the kind of embarrassment that causes people to lock themselves in a closet for a year. Be careful out there.

[FBI via Bloombergview]

Related articles

auditor fraud pwc colonial fdic

Accounting Fraud Watch: Autonomy Trial, Patisserie Valerie Arrests, Longfin CEO Charged

Plus, Patisserie Valerie’s ex-chairman doesn’t have nice things to say about Grant Thornton and Steinhoff warns of lingering damage from massive accounting fraud. Lynch says HP’s Meg Whitman couldn’t cope with ‘all the fires’ [Bloomberg] On his first day of testimony, Autonomy founder Mike Lynch said Hewlett-Packard Co.’s executives made him a scapegoat for their […]

Former Marks Paneth Partner Admits to Screwing Investors Out of $2 Million

Steven Henning, CPA, a former partner-in-charge of advisory services at New York City-based Marks Paneth, could have as long as 20 years to think about his choices: Steven Henning pled guilty today [June 24] to participating in two wire fraud schemes. In the first, he falsely claimed to have entered into multimillion-dollar intellectual property deals […]