Wire Fraud

Working together - our goals are one.
Working together
our goals are one.
Wire Fraud Tips
Internet-enabled crimes are a prevalent and growing threat in today’s financial crime landscape and the COVID-19 pandemic has created a perfect storm for financial crime. A large number of citizens are under shelter-in-place orders, forcing consumers to change their banking behavior. Companies are facing tremendous changes in their daily operations, from staff working from home with limited resources, to consumers moving to new transaction channels. Wire fraud has been a continuing threat during the COVID-19 crisis as criminals exploit disrupted business processes and cloud-based email services to prey on consumer fear and vulnerabilities in remote workflow. One Florida Bank, not unlike all financial institutions, has observed an increase in the number of clients reporting fraudulent attempts to initiate wires due to invalid payment requests from third parties, vendors and suppliers to their businesses.
 
In an effort to keep our clients aware of this significant risk, we are providing you this whitepaper on internet and wire fraud to help you identify red flags and hopefully reduce the risk that you or your company fall prey to these schemes.
 
What is it?
Internet fraud is the use of Internet services or software with Internet access to defraud victims or to otherwise take advantage of them. Wire fraud is one of the preferred and most effective methods criminals have in their toolbox for accessing your funds. Wires are an attractive target because they are often used to move large sums, quickly, and are difficult to reverse. On top of financial costs, businesses must contend with wire fraud’s impacts on business operations, payments systems and corporate reputation.
 
How does it happen?
Criminals begin by conducting research on individuals, often in high level corporate positions. They utilize online sources of information, including LinkedIn profiles and profiles included on a company’s web site. Once individuals are identified, the fraudster(s) will use targeted techniques (described below) to gain access to corporate systems. With access to these systems, the fraudster will monitor and research how financial transactions are conducted before initiating their attack.
 
Next, the criminal will initiate an urgent and time sensitive request for a funds transfer from the manager/officer of the company whom they have profiled. The email, which appears to be from the manager/officer, instructs the receiver to urgently transfer significant funds to an account within the fraudster’s control (either directly or through a money mule), frequently located overseas.
 
Several high-profile methods to perpetrate fraud include the following:
 
  • Business E-Mail Compromise (BEC): A sophisticated scam targeting businesses working with foreign suppliers and companies that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
  • Data Breach: A leak or spill of data which is released from a secure location to an untrusted environment. Data breaches can occur at the personal and corporate levels and involve sensitive, protected, or confidential information that is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.
  • Denial of Service: An interruption of an authorized user's access to any system or network, typically one caused with malicious intent.
  • E-Mail Account Compromise (EAC): Similar to BEC, this scam targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms. Perpetrators of EAC use compromised e-mails to request payments to fraudulent locations.
  • Malware/Scareware: Malicious software that is intended to damage or disable computers and computer systems. Sometimes scare tactics are used by the perpetrators to solicit funds from victims.
  • Phishing/Spoofing: Both terms deal with forged or faked electronic documents. Spoofing generally refers to the dissemination of e-mail which is forged to appear as though it was sent by someone other than the actual source. Phishing, also referred to as vishing, smishing, or pharming, is often used in conjunction with a spoofed e-mail. It is the act of sending an e-mail falsely claiming to be an established legitimate business in an attempt to deceive the unsuspecting recipient into divulging personal, sensitive information such as passwords, credit card numbers, and bank account information after directing the user to visit a specified website. The website, however, is not genuine and was set up only as an attempt to steal the user's information.
  • Ransomware: A form of malware targeting both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and/or systems. Ransomware is frequently delivered through spear phishing emails to end users, resulting in the rapid encryption of sensitive files on a corporate network. When the victim organization determines they are no longer able to access their data, the cyber perpetrator demands the payment of a ransom, typically in virtual currency such as Bitcoin, at which time the actor will purportedly provide an avenue to the victim to regain access to their data.
 
Instances of BEC alone resulted in over $26 billion in domestic and international exposed dollar losses from June 2016 to July 2019.
 
 
How to prevent it
Here are some controls and red flags to watch for to prevent your company from becoming a victim of wire or internet fraud.
 
  • Establish a tiered confirmation process with third parties, vendors and suppliers.
    • Double check the email address. Criminals are tricky and can create email addresses that look very close to the legitimate account. They often find naming conventions for a company’s email accounts on its website (firstname.lastname@companyname.com) and use that same formula but with two letters transposed or an “m” instead of “rn,” which look very similar unless you inspect closely. Also be on the lookout for misspellings or poor grammar, or a communication style that is out of the ordinary for the requestor.
    • Do not respond to email to confirm validity. Don’t reply to the requester by email. The fraudster either controls the spoof email account or has gotten access to executive’s email account and can write back that it’s legitimate when it’s really not.
    • Call to confirm. Before the wire request goes to the bank, call the original requester to confirm it’s authentic. Be sure to use a phone number you know or have in your contact list for the requester. Do not use a phone number provided in the email; use a number you have previously known to be valid.
  • Beware a sense of urgency. Usually fraudsters will write that the funds need to be wired right away. These requests often ask that the client be contacted only through email instead of other channels.
  • Implement a separation of duties between employees who request payments and those who send the request to the bank to release funds.
  • Create shared protocols with vendors and suppliers.
    • Ensure you know the approved source email address or the individual at the vendor who may request payment.
    • If you don’t already have a policy in place for confirming wire requests, create one.
    • Be suspicious of any requests to change the settlement instructions for payments to the vendor. Call a supervisor at the vendor to confirm the request to update payment instructions is valid.
  • Ensure your IT environment is secure.
    • Train your employees on the risks of phishing attempts and unsecure links. Perpetrators of internet and wire fraud need a way in and fooling an employee into providing their network or email credentials is one of the most popular. Fraudsters prepare emails that appear to come from Microsoft, or Google or other software providers that will ask recipients to provide their passwords to appear to authenticate their accounts with those providers but the destination is a fake website and the information is captured by unauthorized individuals
    • Consider upgrading your Microsoft 365 or Outlook licenses to enhance your security. Email providers have tools that will scan links and attachments in emails to identify suspicious links whose destinations don’t align with the text of the link
    • Use anti-virus software on all computers and ensure anti-malware and anti-phishing features are activated and running. Keep the software up to date.
  • If anything is different or out of the ordinary, call. Follow your intuition—if something doesn’t seem right, escalate the request and double down on your efforts to confirm the request is legitimate. Never release funds if you cannot confirm validity of the request.

Develop an Incident Response Plan
If your business experiences wire fraud, you should be prepared to respond effectively. To do so, you’ll need a thorough incident response plan consisting of four stages:
 
  • Preparation against an intrusion through controls and IT safeguards.
  • Detection and analysis of attempts to initiate internet or wire fraud.
  • Containment and eradication of intrusions and recovery of lost data as a result of an intrusion.
  • Post-incident activity to ensure the threat has been neutralized and assess and patch the vulnerability source.
 
Reporting Wire Fraud Attempts
Victims of wire fraud should contact One Florida Bank at 844-529-8490 as well as any other financial institutions involved to halt additional fraudulent transactions. Likewise, report the incident to law enforcement, which helps your business and others avoid similar fraud attempts. Businesses may contact the Internet Crime Complaint Center (IC3) online at www.ic3.gov. Consumers should contact the Federal Trade Commission at 1-877-FTC-HELP or 1-877-ID-THEFT, or online at www.ftc.gov.