1

Payment Impostor Fraud & Best Practices

Wells Fargo Bank N.A.

Global Payment Services

South East Asia Seminar

December 2015

Do you know whom you’re paying?

© 2014 Wells Fargo Bank, N.A. All rights reserved. For public use.

2

3

• Business e-mail compromise (BEC) is a highly sophisticated scam that is affecting companies worldwide.

• There has been a 270% increase in exposed loss since the beginning of 2015: • Total U.S. Victims: 7,066 - Total U.S. exposed to dollar loss: $747,659,840.63 • Total non-U.S. victims: 1,113 - Total non-U.S. exposed dollar loss: $51,238,118.62

• The scam has been reported in 79 countries with fraudulent transfers going to 72 countries; the majority of the transfers are going to Asian banks located within China and Hong Kong.

• Cybercriminals are understood to be members of organized crime groups from Eastern Europe, Asia, Africa and the Middle East.

• The average individual loss is about $6,000, but a single scam cam amount to millions of dollars.

Source: Federal Bureau of Investigation, Internet Crime Complaint Center

A Rising Epidemic

4

• Wells Fargo investigations throw the following data:

Wells Fargo BEC Investigations

5

Wells Fargo BEC Investigations (cont’d)

• Approximately 60% of beneficiary banks located in US are small regional banks and credit unions.

6

Wells Fargo BEC Investigations (cont’d)

7

8

What is impostor fraud

• Targets businesses that routinely send international wire transfers.

• Attacks begin with standard phishing lure.

• Targets accounts payable departments.

• Poses as a person or entity you know and trust.

• Contacts you by email, phone, fax, or mail.

• Requests a payment, submits an invoice, or asks to change vendor payment instructions.

The fraudster:

If you fall for the scam, any payments you send go to the fraudster — not where you intended.

9

The fraudster:

Executive impostor fraud

• Poses as your CEO, CFO, controller, or company owner.

• Emails or calls you.

• Asks you to send payments outside of normal channels – and usually by wire.

• May ask you to: • Keep the payment confidential. • Reply once you've sent payment.

From Brand Central

10

Executive impostor fraud (cont’d)

Executive requests will not be questioned.

Executives are often unavailable to verify requests.

What fraudsters hope to take advantage of

11

The fraudster:

Vendor impostor fraud

• Poses as vendor, supplier, or other business partner.

• Contacts you by email, fax, phone, or mail.

• Asks to change their bank account information — "We need to receive payments to this new account."

• Or sends an invoice that appears to be legitimate.

From Brand Central

12

Companies often change vendor bank account information based solely on an email, fax, or call that appears to be from the vendor.

Companies often don't call back a trusted source at the vendor to authenticate a request.

What fraudsters hope to take advantage of

Vendor impostor fraud (cont’d)

13

14

• Attacks begin with standard phishing lure or an email from look alike domain.

• These emails typically are not caught by “spam traps”.

• Emails are specifically tailored to deceive the intended individual recipients.

• When the unwary worker clicks on the malicious links attached to these emails he/she unknowingly downloads malware that steals business data, user credentials, account information and passwords

• Targets employee of company and hacks into his email account, then steals vendor contact list and send fake invoices

• Use language specific to company they are targeting

• Use dollar amounts that seem legitimate

• Carefully study emails of targeted business

Contact by email

15

Example of executive email spoofing

16

Checking for a spoofed email by hitting reply..

17

18

19

20

21

How fraudsters get away with it

• BEC attacks are able to bypass dual custody controls in the accounting process

• As fraud is on the company, payment appears and is a legitimate transaction to the bank.

• Payments are highly automated with little to no manual intervention from end to end.

• Payments are sent in a matter of seconds and credited within hours.

• Most beneficiary banks process and credit payments based on the account details without matching against beneficiary details.

• Loss recovery is very difficult as companies often realize the fraud on reconciling bank statements or when vendor inquires about nonpayment: • Funds are withdrawn from the fraudster account generally within hours or days of

credit

• Some beneficiary's bank require authority from accountholder to debit funds back

• Beneficiary banks have different criteria and processes regarding payment fraud

22

23

24

25

26

27

28

Impostor fraud — common denominators

Payment is to a new beneficiary/

bank account

Payment is an exception

from the norm

Fraudster counts on request not being verified

with trusted source

Payment is urgent

29

30

Information provided in this document is general in nature for your consideration and is not intended as legal, tax, or investment advice. Wells Fargo makes no warranties as to accuracy or completeness of information, does not endorse any non-Wells Fargo companies, products, or services described here, and assumes no liability for your use of this information. Please contact your legal or tax advisors regarding your specific needs before taking any action based upon this information.

31 31 31 31

31

Best practices for fighting impostor fraud

31

32

Alert and educate your executives and staff

Alert them that fraudsters are taking advantage of execs' company titles and positions of authority without their knowledge.

Executives

AP staff

Your AP staff initiates payments and can be targeted directly. Ensure they're empowered to authenticate payment requests or changes to account information.

33

34

Alert and educate your internal business partners and vendors

Educate all groups that communicate with vendors. Alert lines of business that receive/approve invoices then send to AP for processing.

Internal business partners

IT

Ask your IT partners if they can block spoofed emails.

Vendors

Tell vendors you'll no longer accept changes to bank account information by email. Warn them they're targets, too.

35

36

Authenticate payment requests

• Always authenticate requests:

• Received by email.

• Made outside your company's normal channels.

• Made to accounts or countries you've never sent money to.

• That ask to change a vendor's payment remittance information.

• If a request comes by email, fax, or mail, verify it with a phone call (call back). If it comes by phone, verify it by email.

37

Authenticate payment requests (continued)

• Use contact information on file to verify the requestor.

• Never use the information that comes with the request. It's fraudulent, too.

• Prohibit executive payment requests made by email.

• Encourage staff to contact executives directly to verify requests.

• If you don't authenticate vendor or executive requests, audit requests several months back.

• You could be a fraud victim and not know it.

38

Use dual custody, but …

• The initiator and the approver must:

• Pay close attention to payment details — not just give them a rubber stamp.

• Authenticate the request before they initiate or before they approve to ensure it's not fraudulent.

• Require a third-level review for any payments to a new beneficiary.

39

How to prevent impostor fraud

• Verify beneficiary details vs account details for every vendor change instruction via secondary channel.

• Company treasury departments need additional scrutiny when processing time sensitive payments:

• 68% of fraudulent transactions companies used dual custody

• Heightened vigilance when posting financial and personnel information to social media and company websites.

• If possible, register all internet domains that are slightly different than the actual company domain.

• Be suspicious of requests for secrecy or pressure to take action quickly.

• Beware of any significant changes.

• Know the habits of your customers, including the reason, detail, and amount of payments.

40

Monitor your accounts daily

The sooner you spot a fraudulent transaction, the sooner you can start your recovery efforts and take steps to help ensure you don't become a victim again.

41

Wells Fargo’s impostor fraud customer tutorials

Treasury Insights website articles, webinar and videos

http://www.wellsfargomedia.com/whl/725706/videos/03052015/video.html https://treasuryinsights.wellsfargotreasury.com/?elqPURLPage=2190&hs=tiart&ma=tm3000&wid=WVDKTI500 http://www.wellsfargomedia.com/whl/725706/videos/03052015/video.html

42

Wells Fargo’s impostor fraud customer tutorials (cont’d)

Wells Fargo YouTube Three-part video series

43

44

If you suspect impostor fraud

Immediately contact your client services officer and tell them you suspect fraud, or call: 1-800-AT-WELLS

45

Wells Fargo Bank N.A. - Disclaimer The information contained herein has been prepared solely for informational purposes and is intended for use solely by the intended recipient and is not an offer to buy or sell or a solicitation of any offer to buy or sell any security or to participate in any trading strategy or to enter into any transaction. Unless otherwise specified, all rankings and league table positions in this document relate to the U.S. market only. Recipients must not reproduce, redistribute or pass on this document, directly or indirectly, to any other person, in whole or in part, for any purpose.

If any decision to enter into any investment, trading strategy or transaction is made, it shall be made pursuant to a definitive offering memorandum or other documentation (“Definitive Documentation”) prepared by or on behalf of any issuer or parties which would contain material information not contained herein and which would supersede this information in its entirety. Any decision to invest or to enter into any trading strategy or transaction should be made after reviewing the applicable Definitive Documentation, conducting such investigations as the recipient deems necessary and consulting the recipient’s own legal, accounting, and tax advisors in order to make an independent determination of the suitability and consequences of an investment in such securities or entering into any trading strategy or transaction.

The information is intended only to provide a summary and general overview. It is not intended to be comprehensive nor does it constitute legal advice. Recipients should seek legal or other professional advice before acting or relying on any of the content.

Wells Fargo Bank, N.A. makes no representation or warranty, express or implied, as to the accuracy or completeness of the information contained herein and nothing contained herein shall be relied upon as a promise or representation whether as to the past or future performance. Any market price, indicative value, estimate, view, opinion, data or other information herein is not warranted as to completeness or accuracy, and is subject to change without notice. The information set forth herein may include estimates and projections and/or involve elements of subjective judgment and analysis. No representations are made as to the accuracy of any such estimates or projections or the appropriateness of any such judgments or analyses, or that all assumptions relating to such estimates, projections judgments or analyses have been considered or stated or that such estimates or projections will be realized or such judgments or analyses be justified. The information contained herein does not purport to contain all of the information that may be required to evaluate any investment or any transaction or trading strategy discussed and any recipient hereof is encouraged to read the Definitive Documentation pertaining to any investment or trading strategy or transaction and should conduct its own independent analysis of the data referred to herein. Wells Fargo Bank, N.A. disclaims any and all liability on any contractual, tortious or other legal basis as to the information set forth herein or omissions herefrom, including, without limitation any express or implied representation or warranty with respect to such information. Wells Fargo Bank, N.A. does not expect to update or otherwise review the information contained herein. Additional information is available on request.

Wells Fargo & Company provides financial services in Asia through its subsidiaries. Banking services are provided through Wells Fargo Bank, N.A. branches in Hong Kong, Seoul, Shanghai, Singapore, Taipei and Tokyo.

Wells Fargo Bank, N.A. Member FDIC. Deposits held in non-U.S. branches are not FDIC insured.

46