Cyber Threat Alert

Holiday Weekend - Friday Funds Transfer Fraud

When a long holiday weekend approaches, typically Friday afternoons, the business world slows down, employees lose focus, and many key staff leaves early for the weekend.

Friday afternoon creates the perfect scenario for cybercriminals to manipulate employees into sending fraudulent payments through advanced social engineering techniques or invoice manipulation. Now more than ever, companies need to implement procedures that will help prevent and protect their bottom line from a devastating fraudulent funds transfer.


  1. Long holiday weekends are the most common time for fraudulent funds transfers. 
  2. By the time the fraud is discovered, the weekend has passed, and the funds are long gone.
  3. Cybercriminals are using advanced social engineering techniques that are highly convincing.
  4. Sophisticated attacks send invoice payment requests from legitimate company email accounts.
  5. One fraudulent payment alone can cripple a business.
  6. Like many in the workforce, cybercriminals also collect their paycheck on Fridays.


The employee will receive an email from the CEO/CFO with an urgent message stating that an invoice needs to be paid by the close of business with payment instructions included. With the executive out of the office, the employee is unable to authenticate the transaction, and they quickly issue payment to satisfy their executives’ demand.

These payments can range from a few thousand dollars to a few million, and when the fraud is discovered on Monday, which by then the funds have transferred through multiple accounts, and the money is long gone.  

Cybercriminals have become more sophisticated in their attacks by researching the employee’s habits, schedule, and personality traits to make the fraudulent request highly believable. This form of cybercrime is commonly known as Spear Phishing.

A new and scarier method of funds transfer fraud involves hacking an employee’s email account to send a fraudulent invoice payment request to a client or vendor, commonly referred to as Invoice Manipulation. These attacks raise serious concern because the emails are sent from an actual company account, and the attacker deletes all correspondence, without the user even knowing.

When the company follows up for their invoice payment days or weeks later, the fraud is discovered, and the money is gone. With invoice manipulation, your client or vendor is defrauded, and liability issues can arise regarding where the fault lies.

Defending against funds transfer fraud involves a combination of prevention techniques and risk transfer to a Stand-Alone Cyber Insurance policy that evolves with emerging risks, such as invoice manipulation.


  • Users must implement privacy and security measures now:
  • Dual Control: Implement controls that require two users to authentic funds transfers either internally, through your financial institution, or ACH/Wire Transfer partner.
  • When receiving payment requests through email, simply pick up the phone to validate the transaction with the sender, especially if the request is urgent. If the sender is unreachable, contact another executive at the company.
  • Verify that the sender’s email address is valid and review the message for grammatical errors or inconsistencies. If your gut tells you it is fraudulent, question the authenticity.
  • Ask your clients, vendors, or customers to validate invoice requests sent through email, especially if that is not your companies typical payment method.
  • If you become the victim of a fraudulent funds transfer, immediately contact your financial institution to initiate a SWIFT recall.

Stand-Alone Cyber Insurance Solutions

Stand-Alone Cyber Insurance is your go-to option when you are looking to transfer some of your residual risk (that cannot be adequately mitigated):

  • Social engineering, Funds Transfer Fraud, and Invoice Manipulation coverage
  • Ransomware or cyber extortion coverage, including ransom payments and/or data recovery
  • Data breach coverage, including direct first-party losses and third-party liability and damages
  • Business interruption coverage, including loss of profits and extra expenses incurred during a shutdown of your computer network.
  • Employee training and educational tools to help prevent attacks and protect your network/data


This article is made available for informational purposes and is not intended to be a substitute for professional or legal advice. No attorney client relationship is formed or implied between you and the authors(s) or Cyber Armada Insurance.

Topics: Cyber Threat Phishing Business Interruption

Cyber Armada Team
Posted by Cyber Armada Team on May 22, 2020 11:53:07 AM

Apply for Cyber Insurance Online

Answer a few questions online and Cyber Armada will design a cyber insurance policy tailored to your particular needs.

Apply Online
Apply for Cyber Insurance
Schedule an appointment with Cyber Armada

Can we talk?

We're ready to talk when you are. You can schedule an appointment to speak with a representative from Cyber Armada when it is most convenient for you. Whenever possible we use online meetings to increase productivity and increase the amount of time we can spend with you. We use Zoom Meetings as our preferred video conferencing platform.

Schedule Appointment