Guard Against Cybertheft

Learn steps that can help avoid falling victim to electronic funds transfer fraud.

October 2010
from the Journal of Accountancy

A type of fraud has come into the public eye in the past year in which the criminal surreptitiously obtains financial banking credentials, hijacks a corporate computer, and steals money from the victim’s bank accounts.

In this scenario, referred to as a fraudulent electronic funds transfer (EFT) transaction, a cybercriminal uses a software tool to gain control of the victim’s computer from a remote computer. The criminal then uses an EFT to move most, if not all, of the money in the victim’s bank account to one under his or her control, often costing the victim tens, if not hundreds, of thousands of dollars. The increasing scope of this fraud prompted the FDIC to issue an alert warning about it last year (available at tinyurl.com/2cz9sto).

According to the FDIC alert, the number of frauds has increased, as well as the size of losses, resulting from cyberthieves’ stealing login credentials and using them to carry out unauthorized EFTs, which include Automated Clearing House (ACH) transactions and wire transfers.

Many small to medium-size businesses (SMBs) face some risk related to this fraud. The Washington Post reported a case in November 2009 in which cyberthieves tried to steal $1.3 million from a large property management firm by initiating debits against it with credentials stolen from a painting company.

What makes this type of fraud a widespread concern for CPAs is that, rather than targeting large banks, criminals are targeting businesses that may be clients of public accounting firms. Additionally, CPAs who work in business and industry are often in a key accounting position or are the finance officer, and thus are in positions of responsibility related to this type of fraud.

This article describes how these crimes are perpetrated, the associated risks and some preventive measures.

This article has been excerpted from the Journal of Accountancy. View the full article here.