Ignore Emails from Limited Partners When They Ask to Change Wire Instructions
By Ben Mazza, COO of InvestorFlow
FBI tracking $800,000,000 in wire fraud due to a simple email scam.
I've worked with fund administrators, CFOs and controllers for the last 20 years, spanning private equity, venture capital, hedge funds, real estate and other asset classes. I've heard many stories about a firm's limited partner who requests distributions or redemptions via email.
Given that the wiring of funds is so common at alternative asset firms, cybercriminals have taken note, and the FBI is warning firms to be aware of these requests in email. As strange as it sounds, this type of crime is called "CEO fraud." However, it's not what you think. The CEO is not the criminal. It's someone who is impersonating the CEO in email.
Impersonating the CEO starts with a simple phishing attack, where a thief gets access to the CEO's email. Even if the criminal doesn't get access, they can purchase a domain with minimal investment that drops a letter or performs a like-character substitution. Would an overworked controller notice the difference between email@example.com and firstname.lastname@example.org? Emails are then sent to a targeted list, just one or two people at the office. Filters do not tend to block these emails since they are only sent to a few people.
These thieves are smart. They look at the public news stories, press releases, and sift through the boss’s email, looking for when the fund sells a portfolio company and money will need to be wired. The thief who is impersonating the boss sends a convincing email, "I'm running to my next flight, can you quickly update my wire instructions before I board the plane. I'll then be out of touch for some time."
It's understandable why this type of crime is successful. In the alternative asset field, many of these bosses have type A personalities. Where speed and perfection are required, with few questions in return. The office employee diligently performs the Partner's request, wiring the funds. Even if questions are asked by replying to the email, the thief is in control, and can successfully respond back.
the fbi has stats on this
, and it is staggering. over 8,000 companies have been victim, with almost $800,000,000 in losses. Reuters noted that Scoular Co.
, a commodities trader was a victim to the tune of $17,200,000. The targets are businesses that regularly perform wire transfer payments, just like those in alternative investments.
At InvestorFlow, our investor portals have tools that can help fund managers maintain better control of the process. Investors can log into the portal with their user ID and password and update the wire instructions online. Once performed online, managers can then take the process out of band (offline), confirming with additional steps over the phone and on paper that the wires are to be changed. With email merge tools within InvestorFlow, managers can send messages and set deadlines for wires to be updated, whereby updates can only be made a certain number of days in advance.
Back to Blog