The Harvard community is being actively targeted by an outside group(s) that is seeking to initiate fraudulent wire transfers. As a result, the Cash Management Office (in the Office of Treasury Management) has added an authentication step to strengthen wire transfer procedures. Effective immediately, all requests to initiate a wire transfer or to change payment instructions via email, even if it comes from someone you know and/or a colleague at Harvard, must be verified either by phone to a previously-known/known-legitimate phone number or in person before you comply with the request.
The new forms may be found at:
Wire Transfer Authorization Form – Domestic Transfers – https://otm.finance.harvard.edu/files/otm/files/domestic_wire_fillable_form_8-2018.pdf
Wire Transfer Authorization Form – Foreign Transfers - https://otm.finance.harvard.edu/files/otm/files/fx_wire-transfer_form_8-2018.pdf
Please contact Kit Lam, Manager of the Cash Management Office, (kit_lam@harvard.edu) if you have any questions relating to this new authentication step.
Background
The Harvard community is currently experiencing a prolonged attack by a group seeking to entice Harvard and its business partners into initiating fraudulent wire transfers. They are specifically targeting people in finance roles using phishing campaigns to steal usernames and passwords and lookalike/similar domains (for example john_harvard@harvard-edu.us instead of john_harvard@harvard.edu). When they steal usernames and passwords, they use at least two tactics. First, they send emails from the Harvard account to others with some sort of invoice and/or payment instructions, or they may ask others at Harvard to pay fraudulent invoices. Second, if they find a legitimate email thread in progress with a vendor that includes payment instructions, they may forge a reply to the legitimate conversation instructing the Harvard recipient to use different payment instructions.
We appreciate your cooperation and partnership in safeguarding the University’s financial assets. Please reach out to Christian Hamer, Chief Information Security Officer (christian_hamer@harvard.edu) or the Cash Management Office (cash_management@harvard.edu) if you have any questions or concerns, or if you believe you may have received a fraudulent request via email.