Upload File

state auditor wire transfers risk advisory

2
Visit our website at: www.osanm.org/government_accountability_office. GAO Government Accountability Office New Mexico Office of the State Auditor Risk Advisory Government Email Wire Transfer Scams The Office of the State Auditor (OSA) has issued this Risk Advisory to alert governmental agencies in the State of New Mexico of a pattern of ongoing scams in which employees are asked to make wire transfers based solely on email communication. The OSA strongly advises management and governing bodies to ensure safeguards are in place to prevent and detect inappropriate wire transfer requests, and to establish a “tone at the top” that encourages employees to question payment requests that deviate from standard procedures. The OSA has received notice of three recent attempted wire transfer schemes specifically targeting local governments in order to steal public money. While one county government and two school districts most recently reported to the OSA, the OSA is aware that other organizations have been observing a pattern of these schemes across the state. In all three incidents reported to the OSA, the administrative staff followed up with questions in outgoing emails and received responses that added to the legitimacy of the wire transfer requests. All three entities processed the wire transfers and subsequently became suspicious enough to contact banking authorities to attempt to reverse the transactions. Two of the three entities were able to prevent the loss of public money. The diagram on the following page uses redacted versions of real emails that government employees received to highlight the indicators of fraud. Internal Controls Adherence to established internal controls regardless of the situation is critical to safeguarding public funds. It is critical that staff are properly trained on internal control procedures and that the “tone from the top” allows staff to question deviations from policies and procedures. The OSA has the following various recommendations that agencies may consider when assessing their internal controls of expenditures and disbursements: Requiring purchase requisitions, purchase orders and detailed invoices prior to making payments. Segregating duties among the creator of the purchase order, the good recipient and the payment approver. Requiring a full set of supporting documents before transactions with a new vendor. Resources FBI Internet Crime Complaint Center (IC3) http://www.ic3.gov/complaint New Mexico Department of Information Technology (DOIT) www.doit.state.nm.us Multi-state Information Sharing and Analysis Center https://msisac.cisecurity.org/ U.S. Department of Homeland Security - www.dhs.gov/cyber National Cyber Security Alliance - www.StaySafeOnline.org

Upload: new-mexico-political-report

Post on 08-Jul-2016

264 views

Category:

Documents


1 download

Report

DESCRIPTION

A risk advisory by the new Mexico State Auditor warning against scams involving wire transfers.

TRANSCRIPT

Page 1: State Auditor wire transfers risk advisory

 

Visit our website at: www.osanm.org/government_accountability_office.  

GAO

Government Accountability Office

New Mexico Office of the State Auditor

Risk Advisory Government Email Wire Transfer Scams

The Office of the State Auditor (OSA) has issued this Risk Advisory to alert governmental agencies in the State of New Mexico of a pattern of ongoing scams in which employees are asked to make wire transfers based solely on email communication. The OSA strongly advises management and governing bodies to ensure safeguards are in place to prevent and detect inappropriate wire transfer requests, and to establish a “tone at the top” that encourages employees to question payment requests that deviate from standard procedures.

The OSA has received notice of three recent attempted wire transfer schemes specifically targeting local governments in order to steal public money. While one county government and two school districts most recently reported to the OSA, the OSA is aware that other organizations have been observing a pattern of these schemes across the state. In all three incidents reported to the OSA, the administrative staff followed up with questions in outgoing emails and received responses that added to the legitimacy of the wire transfer requests. All three entities processed the wire transfers and subsequently became suspicious enough to contact banking authorities to attempt to reverse the transactions. Two of the three entities were able to prevent the loss of public money. The diagram on the following page uses redacted versions of real emails that government employees received to highlight the indicators of fraud. Internal Controls Adherence to established internal controls regardless of the situation is critical to safeguarding public funds. It is critical that staff are properly trained on internal control procedures and that the “tone from the top” allows staff to question deviations from policies and procedures.

The OSA has the following various recommendations that agencies may consider when assessing their internal controls of expenditures and disbursements:

Requiring purchase requisitions, purchase orders and detailed invoices prior to making payments. Segregating duties among the creator of the purchase order, the good recipient and the payment

approver. Requiring a full set of supporting documents before transactions with a new vendor.

Resources

FBI Internet Crime Complaint Center (IC3)

http://www.ic3.gov/complaint

New Mexico Department of Information Technology (DOIT)

www.doit.state.nm.us

Multi-state Information Sharing and Analysis Center

https://msisac.cisecurity.org/ U.S. Department of Homeland Security - www.dhs.gov/cyber

National Cyber Security Alliance -

www.StaySafeOnline.org

Page 2: State Auditor wire transfers risk advisory

Risk Advisory: Wire Transfers and Internal Controls page 2  

Visit our website at: www.osanm.org/government_accountability_office.

In addition, specifically with respect to email scams, agencies should consider:

Developing enterprise network and email controls based on industry best practices. Training staff to be alert for malicious or suspicious emails and to appropriately report their

suspicions. Requiring periodic password changes for network and email accounts. Working with agency banking partners to take advantage of available banking controls, including

those that restrict automated clearinghouse and wire transfers to only specifically listed accounts.

Red Flags in Email Scams

(Excerpts from real emails that government employees received)


the Connector · 2016-05-12 · the Connector. Vancouver Island Chapter Newsletter “Phishy” Business. 3 • Establishing good governance practices on wire transfers, such as multilevel

Corporate Online | Wire Transfers

Division II Transfers Division II Transfers - Checklist

Product Order Form - kangenromania.eu · Product Order Form ... 12/16 101 CVV Bank account (only wire transfers, ... Anexa continand lista altor documente necesare efectuarii platii

5.2. A silver wire 2.6 mm in diameter transfers a charge of 420 C … · 2011-11-17 · 5.2. A silver wire 2.6 mm in diameter transfers a charge of 420 C 28 in 80 min. Silver contains

Embracing Competition Stakeholder Engagement Workshop no ...€¦ · service transfers on LV Steel Wire Armoured (SWA) Cables 22.19 - Enable IDNOs to undertake the bi-lateral technical

Wire Transfers - Columbia Bank › Upload › commercial...the Template list, click the Wire Templates tab. 2 The Wire Template list screen shows all of the Active templates. To search

Butterfield Online - How To: Wire Transfersmedia1.butterfieldgroup.com.s3.amazonaws.com/pdf/167009wiretransfers.pdf · Butterfield Online - How To: Wire Transfers Before you get started

Registration Details - Online & Mobile Banking and Wire ......Title Registration Details - Online & Mobile Banking and Wire Transfers Author CIBC FirstCaribbean Subject Registration

yosemite.epa.gov and ESAs... · U.S. Environmental Protection Agency Fines and Penalties P.O. Box 979077 St. Louis, Missouri 63197-9000 WIRE TRANSFERS: Wire transfers should be directed

Revised Bulletin 6 (Operating Circular 6) (Wire Transfers of … · 1990. 12. 7. · December 7, 1990 Circular 90-93 TO: The Operations Officer responsible for transfers of funds

How to Send Wire Transfers on Chase OnlineSM to Send Wire Transfers on Chase Online. SM. For a convenient, secure and quick way to send money directly to someone’s bank account,

Transfers and Advances - Ohio State Auditor · • Therefore, transferring cash restricted for one purpose to a fund with a different restricted purpose potentially permits spending

Smarter Content, Smarter People: Why Content Management ... · Operations, United Overseas Bank Cuts time and effort taken to process international wire transfers, increasing efficiency

GENERAL - Ohio Auditor of State · Web viewSuch transfers may result in federal reporting requirements under Treasury or Justice Equitable Sharing Programs (see Catalog of Federal

Finance Town Hall November 12, 2012 1. Introduction Finance Division Organizational Chart Finance Office Updates Budget Office Update Wire Transfers New

Passport to International Payments Perspectives– Estimated payment potential of 85 million payments annually based on 2005 data. – Wire transfers and payments via foreign accounts

REQUEST FOR WIRE TRANSFERS AND FOREIGN DRAFTS · 2019-12-16 · REQUEST FOR WIRE TRANSFERS AND FOREIGN DRAFTS City: City: BENEFICIARY INFORMATION FINANCIAL INSTITUTION (FI) INFORMATION

Auditing Wire Transfers and ACH Transactions - FMS · PDF fileAuditing Wire Transfers and ACH Transactions Tuesday, June 18, ... 800-ASK-4FMS. Today’s Agenda ... used stolen usernames

Phishing for Wire Transfers · Email Compromise (BEC), is a more targeted variation of spear phishing aimed at high-profile executives or personnel who manage wire transfers. According

Wire Transfers: Country-specific Code & Formatting Guide

Transfers: Internal Transfers for Recruiters and Managerstraining.wasteconnections.com/workday/Attachments/Manager... · 2017-04-25 · Transfers: Internal Transfers for Recruiters

Wholesale Heat Transfers | T Shirt Transfers

TO ACCESS WIRE MANAGER...1 TO ACCESS WIRE MANAGER Log into Business Online Banking Once logged into the account, from the top toolbar click on Payments & Transfers, then click on the

Processing Wire TransfersProcessing Wire Transfers (4/2015) Page 7 of 30 The Template List screen shows all of the templates available. (This screen is also used to edit key template

Butterfield Online - How To: Wire Transfers

New South Wales Auditor-General’s Report Financial Audit ... · Appendix Four – Agency Transfers on 1 July 2015 Analysis _____ 44 Appendix Five – Cluster ... Some cluster agencies

IMPLEMENTATION OF FATF SPECIAL RECOMMENDATION … 2007_SRVII.pdf · implementation of fatf special recommendation vii ... implementation of fatf sr vii on wire transfers 1 ... law

Material Transfers and Material Management and Accounting ... · The auditor used the contractor-provided online access to its accounting system to query the system for job cost

Wire Transfers and Foreign Drafts Cash Management, June 2013

Five Best Practices for Managing Global Payments · PDF fileUnlike transaction-based, siloed systems that are dedicated to specific payment types (wire transfers, checks, electronic

Secure Computer Configuration for Wire Transfers

Wire Transfers in CU*BASE · Wire Transfers in CU*BASE 5 CONFIGURATION SETTINGS CONFIGURING WIRE TRANSFER CODES Misc. Posting Codes Configuration (Tool #534), Screen 1 On the initial

International Fund Transfers - Amazon S3€¦ · transfers include many types of international transfers, including cash-to-cash money transfers, international wire transfers, international

Supreme Court of the United States - SCOTUSblog...2017/09/16  · wire transfers between financial institutions, and then treating those components as the relevant “transfers”