In recent years, the surge in wire fraud has become a significant challenge impacting financial transactions. Wire fraud involves the illicit use of electronic communication to deceive individuals or organizations into transferring funds.

Understanding Wire Fraud Schemes

A fraudster’s goal is to quickly and easily extract funds from the victim. High value targets within an organization are individuals that control the movement of funds or have access to sensitive information, such as, executives and leadership, personnel in accounts payable, treasury, finance or other participants in closings. The fraudster will seek to have its target act on fraudulent wire instructions and inadvertently send funds to the wrong recipient (i.e. the fraudster).

Commonly, the fraudster leverages a spoofed web domain. “Domain spoofing” is where a fraudster uses a web domain that is visually similar to an organization’s legitimate web domain. Communication from the spoofed domain is intended to be undetected, and fool the recipient into believing the correspondence is legitimate. Common tactics are: “acmebank” vs “acme-bank”; “America” vs “Amerrica”; or “transfer” vs “trasnfer.” Then, when a victim receives an email from icemil1er.com, it may not be apparent that the second ‘l’ was replaced with the number one.

The fraudster uses the spoofed domain to insert themselves into correspondence exchanges. This “man-in-the-middle” tactic is used to communicate with the target victim under pretenses of legitimacy. Fraudulent wire instructions will likely follow and on an urgent and time-sensitive cadence. A ‘11^th hour’ email prompts an unwitting victim take action with a sense of urgency based on an email that cursorily seems legitimate.

The fraud can go undetected until much later – usually, when the legitimate recipient inquires as to why they have not received the funds.

Preventing Fraud

Combating wire fraud involves a mix of technical, organizational, and procedural safeguards.

Heightened awareness and vigilance is first and foremost – do you train personnel on detecting spoofed domains, phishing emails, or flagging suspicious emails? Is training periodic, routine, and current? What about testing? Phishing simulations provide valuable lessons.

Technical controls like multi-factor authentication (MFA) for email or online banking can stem many attacks. Similarly, are technical controls in place to detect suspicious accesses (e.g. unauthorized logins from foreign countries) or phishing emails? Given that email compromises are common in such attacks, securing email environments is a good start.

Procedural safeguards such as manual verification of wire instructions received via email are a must. Does your organization perform phone-based verification for wire or fund transfer instructions? Is verification done via “out-of-band” channels – like a phone call, as opposed to relying on email that the instructions came in?

Does your organization have an incident response plan – where the organization know how to respond to adverse events? Acting swiftly is crucial. Prompt notification to the banks; and, filing a report with the FBI within 72-hours is most likely (but not guaranteed) to yield recovery of misdirected funds.

Consider a holistic, risk-based approach designed to identify high risks, minimize vulnerabilities, and create a stronger security posture. Happy closing!