Wire Fraud On The Rise
Cybersecurity Awareness – By Ron Frechette, The Cyber Coach
Wire fraud is one of the most common types of white-collar crime. The practice has been around for decades but with the proliferation of the internet we have seen a dramatic increase.
Seventy-six percent of all fraud attempts feature a wire transfer, according to the Financial Services Information Sharing and Analysis Center. Wire transfers are an attractive target because they are often used to move large sums of money quickly and are difficult to reverse. The real estate industry is especially vulnerable due to the size of the transactions.
Wire Fraud Defined
Wire fraud is any fraudulent activity that occurs over interstate wire communications, which includes the telephone and internet. In many cases, the fraud attempt occurs over email. If a payment request is not authenticated, it can result in a fraudulent transfer of money.
Fines and Penalties
A single act of wire fraud can result in fines of up to $250,000 and up to 20 years in prison. However, if the wire fraud scheme affects a financial institution or is connected to a presidentially-declared disaster or emergency, the potential penalties are fines of up to $1,000,000 and up to 30 years in prison.
Wire Fraud in Action
Wire fraud often starts by gaining access to a business executive’s email account or by creating a spoof account that looks similar.
· Fraudster sends an email to the CFO from the CEO’s fake account requesting a wire transfer
· CFO goes through the company’s standard protocols for initiating and approving wires
· Initiates the wire and comptroller approves request
· Typically bank calls the comptroller to verify that the request is legitimate
· Comptroller may call CFO to confirm the wire is approved
· CFO checks the email and confirms the CEO does want that amount to go to that account
· Wire transfer is initiated.
How to Prevent a Wire Fraud Attack
· Double check the email address. Criminals are tricky and can create email addresses that look very close to the legitimate account. They often find naming conventions for a company and use that same formula but with two letters transposed, or for example an “m” instead of “rn,” which looks correct unless you inspect closely.
· Beware a sense of urgency. Usually fraudsters will write that the funds need to be wired right away. These requests often ask that the client be contacted only through email instead of other channels.
· Do not respond to email to verify. Don’t reply to the requester by email. The fraudster either controls the spoof email account or has gotten access to executive’s email account and can write back that it’s legitimate when it’s not.
· Call to confirm. Before the wire request goes to the bank, call the original requester to verify. Be sure to use a phone number you know or have in your contact list for the requester. If the person who sent the email works in the same building, walk to their office to confirm that they sent you the wire request. If you don’t already have a policy in place for confirming wire requests, create one.
· Create a special template or code. You can use a secret code that only wire initiators/approvers know to confirm that the wire is legitimate. But don’t use the code in emails! If the criminals hacked into an email account, they now have access to that information.
· If anything is different or out of the ordinary, call. Follow your intuition—if something doesn’t seem right, call the requester to confirm. The reality is once a wire transfer is initiated, the chances of recovering the funds are slim to none.
Until next month, wishing everyone a Happy 4th of July and safe travels in cyberspace!
Questions? Send me a tweet: @GoldSkyRon or email: firstname.lastname@example.org