Facing FFT: Fraudulent Funds Transfers

By Paul Hawkinson
Dec 16, 2022

On the first Friday in December, we had a Lunch and Learn to talk about the basics and fundamentals of cybersecurity for small and medium-sized businesses. 

In a room full of these business leaders, one voiced their biggest fear: falling victim to a fraudulent funds transfer (FFT). An FFT happens when someone posing as a legitimate vendor, or perhaps even someone within your own company, can trick the victim into sending (generally) large amounts of money as payment or completion of some transaction. It is not an unreasonable fear to have. 

According to infosecurity, FFT and Ransomware are the two leading causes of “financial loss from cybercrime in 2022” and contribute to half the claims made. While Ransomware is more expensive, FFT can still be devastating to a company of any size, particularly to a small business with narrow margins for the expense. Infosecurity, in their interview with cyber insurance company Corvus, states that claims from FFT are generally about $90,000, a number that only grows in importance when you consider that not all businesses invest in cyber insurance. More importantly, according to Infosec, not all insurance companies cover Business Email Compromise in their policies. And unfortunately, that is generally what FFT falls under.

It is not all doom and gloom, however. While you should still double-check your cyber insurance policy (and get one if you haven’t already), there are some best practices you can use to make sure you avoid FFT. 

Have your cybersecurity best practices in place. Often, FFT happens because someone fell prey to a phishing attack, and an outsider now has access to emails that show whom your company expects to pay. Then, using social engineering, the outsider can manipulate your employees (or yourself) into completing a fraudulent transaction. Use multi-factor authentication, password managers, and your good sense to keep safe from the initial phishing attack. 

Always require verification when there is an unexpected change in account numbers. Who cares if it’s the CEO, Sue from the Business Office, or the bank you’ve used for years. Use a separate form of communication to verify that the person, whether behind the email or the phone call, is whom they say they are. 

Provide employee training. Best practices and well-made plans are only helpful if employees are aware and trained. Ensure your policies and procedures move beyond theory and become part of the company culture. 

Yes, FFT is a concern for many businesses, and it is a valid one. However, you are not alone in facing it. Check out our resource page or contact us if you need help with any of these points. That’s what we are here for! 

Contact Us

Carolina Cyber Center
of Montreat College

310 Gaither Circle
P.O. Box 1267
Montreat, NC 28757

(828) 419-0737

Get Started

No-risk, 30-day money-back guarantee. All instructional materials, labs, certification fees*, books, and range time are included.

*First attempt for certification included. The cost for additional certification attempts is the responsibility of the student.