Wire transfer fraud is estimated to be the fastest growing cyber-crime (according to the US Internet Crime Complaint Center). It targets individuals and businesses of all sizes. In 2017, the FBI received more than 301,000 complaints with more than $1.4 billion in damages!
If you think your business is too small to be a target, think again. According to the Ponemon Institute’s Report “2017 State of Cyber-security in Small and Medium Sized Businesses”, small businesses are increasingly the prime target for cyber-attacks since they often lack the resources for adequate training and protection. That same report confirmed that only 51% of small businesses allocate funds toward cyber-security and a full 6% of those small businesses victimized are unable to recover from a cyber-attack, ultimately going out of business.
Wire fraud can take on many forms. At its most basic level, it is described as anything transmitted electronically via interstate wires with the intent to defraud a recipient. These attacks can come by email, phone, TV, radio and even text messages.
One of the oldest and most common scams involves the poor prince from a foreign land who needs to find somewhere to safely secure his vast royal fortune and is willing to pay a handsome financial incentive to whomever provides the necessary bank information. Over time, this scam has evolved to include any number of sad stories involving individuals desperate for help in securing their riches.
And along the way the technology has also advanced. In some of the more current attacks, for example, the recipient doesn’t even need hand over bank credentials. The more sophisticated email phishing scams persuade recipients to click a seemingly innocent link or install/download an infected attachment. Once infected, the victim’s network will then be scoured for financial information.
Phishing emails targeting businesses have gotten especially sophisticated and often fool all but the best-trained employees. Credible-looking emails can trick a company into paying fraudulent invoices, for example. In other cases, the hacker accesses a corporate database and creates false invoices that are then sent to customers. Companies that have been targets of such deceit have described the emails as especially well written without the misspellings and punctuation errors that previously triggered many popular email filters.
Also of alarm is the escalation in the number of fraudsters targeting HR departments by either convincing employees to unknowingly change their direct deposit banking information to an offshore account or convincing payroll managers to change information about where to direct employee paychecks. In April of this year the IRS issued a warning to businesses noting an uptick in a wide range of fraud attempts involving payroll information.
Within the past year, the FBI additionally warned of an increase in email compromise scams targeting the real estate industry. Cyber-criminals recognize that real estate transactions typically involve large amounts of money. In a typical scam, a title officer may receive a phishing email that looks legitimate and leads the officer to unknowingly allow a cyber-criminal to access his/her computer system. Then, at the opportune time, an email is sent to a buyer or lender directing funds to be wired to the cyber-criminal's bank account.
There are some steps that you can take to protect yourself against phishing attacked and wire fraud. Here are five helpful tips to consider:
- Be on the lookout for inconsistencies in email addresses. If you don’t recognize the email address, or you notice an unexpected change in the address of someone you’ve been working with, call the person to verify. However, do not call any numbers listed in the email you are questioning.
- Don’t fall for the “sense of urgency.” Cyber-criminals often use a sense of urgency to instigate a wire transaction, so be extra cautious with requests that appear sudden and under a tight deadline.
- Employee training and vigilance are key to avoiding loss.Procedures should be regularly reviewed and updated with regard to how to verbally confirm wires and handle requests for change of bank details.
- Some organizations use multi-factor authentication in sending or receiving payment information or a change to payment information.
- Some insurance products can address wire transfer fraud losses, but many do not provide coverage for the wired amounts, so it’s important to understand your coverage and exposure.
Bottom line: you can’t be too careful. Make sure your IT department is up-to-date on the latest scams and that you’re judiciously investing in protective technologies that are up to task of defending against the latest online fraud technologies.
The information and recommendations contained herein is compiled from sources deemed reliable but is not represented to be accurate or complete. In providing this information, neither Cortland Bank or its affiliates are acting as your agent or is offering you any tax, accounting or legal advice.