• The criminal accesses a commercial customer's credentials, generates an ACH file in the originator's name and quickly withdraws funds before the victim discovers the fraud. 
• The criminal accesses a retail customer's credentials and sets himself up as an automatic bill-pay recipient. 
• In an insider threat scenario, an employee of the target company or a bank modifies ACH files to steal money.
• In a variation on check kiting -- a scam in which funds are juggled back and forth between bank accounts at separate banks -- a criminal takes advantage of the time lag in transactions.
• In a spear phishing scam, an employee with authorization for ACH transactions receives an email that leads him to an infected site, which installs a keylogger to access authentication information. The thief can then impersonate the company's authorized representative and withdraw funds. 

• Reconciliation of all banking transactions on a daily basis.
• Initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer.
• If possible, and in particular for customers that do high value or large numbers of online transactions, carry out all online banking activities from a stand-alone, hardened and completely locked down computer system from which e-mail and Web browsing are not possible.
• Be suspicious of e-mails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and similar information. Opening file attachments or clicking on web links in suspicious emails could expose the system to malicious code that could hijack their computer.
• Install a dedicated, actively managed firewall, especially if they have a broadband or dedicated connection to the Internet, such as DSL or cable. A firewall limits the potential for unauthorized access to a network and computers.
• Create a strong password with at least 10 characters that includes a combination of mixed case letters, numbers and special characters.
• Prohibit the use of "shared" usernames and passwords for online banking systems.
• Use a different password for each website that is accessed.
• Change the password a few times each year.
• Never share username and password information for Online Services with third-party providers.
• Limit administrative rights on users' workstations to help prevent the inadvertent downloading of malware or other viruses.
• Install commercial anti-virus and desktop firewall software on all computer systems. Free software may not provide protection against the latest threats compared with an industry standard product.
• Ensure virus protection and security software are updated regularly.
• Ensure computers are patched regularly particularly operating system and key application with security patches. It may be possible to sign up for automatic updates for the operating system and many applications.
• Clear the browser cache before starting an Online Banking session in order to eliminate copies of web pages that have been stored on the hard drive. How the cache is cleared will depend on the browser and version. This function is generally found in the browser's preferences menu.
• Verify use of a secure session (https not http) in the browser for all online banking.
• Avoid using an automatic login features that save usernames and passwords for online banking.
• Never leave a computer unattended while using any online banking or investing service.
• Never access bank, brokerage or other financial services information at Internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information leaving the customer vulnerable to possible fraud.
• Stay in touch with other businesses to share information regarding suspected fraud activity.
• Immediately escalate any suspicious transactions to the financial institution particularly, ACH or wire transfers. There is a limited recovery window for these transactions and immediate escalation may prevent further loss by the customer.

• The organization’s legitimate email domain is @company.com.
• The attacker registers domain names deceptively similar to the organization’s (for instance, @conpany.com, @cornpany.com, @cmpany.com).
• The attacker learns the names of the Designated Executive and Designated Employee through social engineering or online research.
• The attacker sends an email purporting to be from the Designated Executive, using a deceptively similar email domain.
• The Designated Employee receives this email and sees that it is from “Designated Executive” <Designated.Executive@conpany.com> directing the Designated Employee to have $1 million wired to account number 123456789.
• The Designated Employee, following procedure, checks to see that the email came from “Designated Executive.”
• But the Designated Employee fails to notice the misspelling in the email domain @conpany.com, mistaking it for a legitimate company email address.
• The Designated Employee logs into the online banking portal account and requests an outbound wire transfer for $1 million to account number 123456789.
• The bank, following procedure, checks to confirm that the request for the wire transfer did come from the Designated Employee’s account on the online banking portal. 
• The bank wires $1 million to account number 123456789.
• Meanwhile, the actual Designated Executive has no knowledge of this wire transfer.

Stop large international wire transfers: