They use various methods, including business email compromise (BEC), which has cost businesses $26 billion, including domestic and international wire fraud.
Wire fraud attacks are persuasive and cost can be exorbitant. Wire fraud can disrupt your operation, put your payment system in jeopardy, and impact your corporate reputation.
These cyber attackers target people who are responsible for making wire transfers to gain access to the bank details and sensitive data to steal funds. They use various methods, including Business Email Compromise (BEC), which has cost businesses $26 billion, including domestic and international wire fraud.
What is Wire Fraud?
Wire fraud is a fraudulent act that occurs over wire communication, including telephone and the internet. In many cases, attempts are made using email. If such payment requests are not validated and authenticated, it can result in unauthorized and fraudulent transfer of money.
Cybercriminal uses various methods to commit wire fraud; here are some of the methods that they use:
Malware
Malware is the widely used method to access sensitive data; it occurs when a user opens an email or clicks a link that directs the user to the website that downloads malware and infects your computer system. It can also be introduced using removable media like hard drives, USB storage devices.
How to Avoid
- To prevent malware attacks, ensure operating systems and data protection software on your computer and mobile devices, are up-to-date
- Also ensure the anti-malware and antivirus software are up-to-date too.
Phishing
Do you trust emails only by looking at the name of the sender, or a cursory glance at the domain name? Then you’re at risk of email phishing. It usually happens when cybercriminals send you an email that appears from a known company or a vendor or a bank. Usually, it has a website URL that looks similar to a bank’s or any of your business contact’s website and they ask a user to login with valid credentials.
How to Avoid
To avoid phishing be wary of the following red flags in emails:
- Spoofed email address and suspicious attachments or links
- The urgency around payment transmission and last-minute changes of payment instructions.
- Spelling mistakes in the email domain
Note: Banks may never ask you to share personal information or credentials.
Voice Phishing
This method involves fake phones by touts/criminals impersonating your bank/vendor or text messages to intimidate users into providing usernames and passwords by threatening to close the bank account or freeze the fund.
How to Avoid
- Do not assume a phone call is genuine because the person on the other end has your information.
- Call the business back on a known number as listed on its website and check the website domain for the correct name.
- Do not call or text an unknown phone number; call a known number (such as contact information on the back of your credit card or your bank executive) to help prevent a possible fraud incident.
BEC or Email Account Compromise
The BEC method involves stolen credentials, look-alike domains, and spam to get access to user’s email accounts. Usually, cybercriminals impersonate C-suite executives and ask users within the company to transfer funds to unverified fraud accounts.
How to Avoid
- Be careful about the information you share with others, even in the normal course of doing business.
- Do not use personally-identifying information as your username or password.
- Create strong and complex passwords on all devices and online accounts, never share them.
- Change them frequently and consider using a password management tool.
Note: If you have been targeted by any such methods, you should report the incident to your bank’s client services team immediately (Please also note that the FBI has a special unit to help as well for such situations). The sooner you identify such fraudulent activity, the more likely you will get the payment reversed.
As these methods are continually evolving, and the threat continues to grow, businesses are required to develop robust security strategies to mitigate the risk.
