Wire Fraud: How to Protect Yourself and Steps to Take if You’re a Victim

Written By Anthony Sixta

Introduction

Wire fraud is a growing threat and, in my experience, has become the primary goal of business email compromise (BEC). These schemes often involve bad actors inserting themselves into legitimate transactions at the last minute to misdirect funds. In this post, we'll explore how wire fraud occurs, how to recognize common signs of phishing and impersonation, and practical steps to protect yourself and your business from wire fraud.

Understanding Wire Fraud

Wire fraud involves using electronic communications, such as emails or phone calls, to trick someone into transferring money to an unintended recipient. In real estate, business transactions, or even personal banking, attackers often exploit email compromise to gain the trust and information needed to convince the victim to complete a transfer.

Example Wire Fraud Case

Lily was working with her realtor to purchase her first home, communicating primarily through email. After several weeks of discussion and work, her realtor sent an email with wiring instructions for the escrow payment. Lily contacted her bank, provided the account details, and transferred the funds.

A few days later, she reached out to her realtor for an update, only to be shocked when her realtor said he never sent any wiring instructions. She called her bank in a panic to recover the funds, but the bank informed her that she was too late and most of the money had already been transferred out of the country and was unrecoverable.

What Happened?

Weeks before the transfer, Lily had fallen victim to a phishing email, which compromised her mailbox. Though the phishing email had nothing to do with her home purchase, when the attackers accessed her account, they noticed her email chain with the realtor and decided to intercept the escrow payment. As the payment deadline approached, they created a fake email address that closely resembled her realtor’s, copied their email thread into a new message, and sent Lily fraudulent wiring instructions. Once Lily sent them the funds, they swiftly transferred the money through multiple banks and out of the country, making recovery impossible.

How Can You Protect Yourself?

While attackers are becoming more sophisticated, there are several steps you can take to protect yourself:

  1. Verify Wire Instructions via Phone: Always independently verify any payment instructions received via email by calling a trusted source. After the transfer, call again to confirm it was received. Be sure to use a previously known phone number, not one found in email, such as a business’ main line from their website.

  2. Recognize impersonation. When you receive important information or requests, always double check the sender’s email address. Often, bad actors will use a similar, but not identical, address to make it look like they are the real sender ([email protected] instead of [email protected]). This isn’t always the case, though. If the realtor was the one who was compromised in the example above, the email Lily received would have looked completely legitimate. That’s why you need multiple forms of verification, like voice verification.

  3. Protect Your Communication Method (Use MFA): Many wire fraud attacks begin with email compromise. Preventing email compromise can reduce the likelihood of fraud. Enable Multi-Factor Authentication (MFA) tied to a secure app like Google Authenticator. This ensures a bad actor can’t access your account unless they physically have your phone or trick you into giving up the code on your phone, so protect those codes!

  4. Educate Your Employees: If your business handles wire transfers, ensure your team is trained to recognize phishing and impersonation attacks and implement a comprehensive wire transfer procedure. Regular training and well-crafted procedures help employees identify fraud attempts before they succeed.

Too Late! What Now?

If you fall victim to wire fraud, the FBI recommends taking these two steps immediately:

  1. Contact Your Bank: Call your bank and request a “recall or reversal” of the wire transfer and a Hold Harmless Letter or Letter of Indemnity. This formal request asks the recipient bank to freeze the funds and assures them they won’t be held liable for receiving fraudulent funds.

  2. File a Complaint with the FBI: Visit www.ic3.gov to report the fraud. The FBI may assist in recovering your funds.

Also, notify all parties involved in the transaction and involve your IT security team to investigate whether your account is compromised. Sometimes, the victim of the wire fraud isn’t the person whose account was compromised—anyone in the email chain could have been the information leak.

Closing Thoughts

Wire fraud, often facilitated through phishing and impersonation, poses a significant financial threat. However, by remaining vigilant and implementing preventive measures like verification protocols and employee education, you can reduce the risk to yourself and your business. If your organization needs assistance in establishing these protocols, educating your staff, or responding to an incident, Element is here to support you in any way you need.

Referenced: FBI 2023 IC3 Report

https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf

Anthony Sixta https://www.linkedin.com/in/anthony-sixta-9a8866133/
Previous

Element Technologies Recognized with 2024 Corporate Partner of the Year Award
Next

Element University Fall 2024 Newsletter