Perhaps the biggest case of wire fraud (ever) happened just two years ago; it was a “deepfake” audio scam that cost the victim company over $35 million. Imitating the likes of international branch managers and US lawyers, it only took a single employee to believe the fraudsters’ heist and transfer the money. Wire fraud is a huge problem for companies today. This piece explores three examples of wire fraud and spotting the red flags.
Find out how you can prevent it from being successful, such as blocking suspicious payments to unknown third parties with Trustpair. Contact an expert to learn more!
How does wire fraud work?
To give a quick definition of wire fraud, it fraud refers to the use of electronic communications in an attempt to deceive. That means the use of telephones, computers or other electronic devices to further the fraud. The perpetrators aim to gain something (typically money or data), and it’s the communication method that distinguishes wire fraud from other types of fraud.
If wire fraud is attempted over email channels, these are known as phishing emails. This was the most popular type of fraud in the United States last year, and it’s probably because on average, victims lose around $150 million annually.
Phishing relies on social engineering techniques to fool the victim into believing that an impersonator is the real deal, instead of hacking. In a business setting, phishing fraudsters could pretend to be a supplier, IT support, or even a fellow employee! It works by the impersonators spoofing a real email address and then emailing the victim, asking for information or payment.
Alternatively, when wire fraud is perpetrated over the phone, it’s known as vishing (voice phishing) or smishing (SMS phishing). This works in the same way as above, except the fraudsters swap email for phone.
It’s important for your people to know about social engineering attacks and how phishing fraudsters operate so that they can spot the red flags! So keep reading to see how real companies were caught out by wire fraud, and how to prevent it.
What are 3 examples of wire fraud?
Wire fraudsters use phishing, vishing, and smishing as the channels for their fraud. But they also impersonate key figures to make the entire scam seem legitimate. Three examples of wire fraud are:
- CEO fraud
- Vendor fraud
- Third party fraud
CEO fraud is the impersonation of a company’s CEO or another senior executive (in this case the fraud name is “whaling”). The wire fraudsters use the internet to research their target, and then create counterfeit, spoofed email addresses with something similar.
For example, if the real email is firstname.lastname@example.org, the fraudsters might use email@example.com. Only a small difference – and one that many busy workers might not notice, but it signifies that the real Tom Smith might not be on the other end.
During CEO fraud, the scammers contact somebody else inside the organization – this is typically an employee with responsibility around payments or information. In their pretending to be a senior executive, they request a payment to a new supplier.
Specific to CEO fraud, the social engineering techniques used are urgency and mimicking.
By putting pressure on the victim to urgently fulfill their request, the scammers are more likely to get away with it. In some cases of spear phishing, the fraudsters also hack into the systems to replicate exactly how their target speaks. All of these things add up to make the ruse feel more realistic, and to get the victim to comply.
A real case of CEO fraud happened to Upsher Smith Labs in 2014, resulting in a loss of around $39 million. Here, the fraudsters impersonated the CEO and CC’d in an email from a fake lawyer. They targeted the accounts payable controller – requesting nine separate payments, and this individual paid eight without questioning anything.
Alternatively, vendor fraud is the common name for the impersonation of suppliers. Here, the fraudsters get an idea of your real vendors and pretend to be them, in order to get an invoice payment diverted into their own account.
The wire communications come in when the fraudsters first reach out – as this typically happens over email or telephone. One famous case of vendor fraud occurred at the New Jersey Municipal’s Office between December 2017 and February 2019.
A disgruntled employee actually committed the crime – falsifying records of two ‘vendors’ and submitting invoices worth a total of $74,000. The perpetrator got away with the scheme for so long due to lax internal controls and a disregard for the segregation of duties within the finance department.
Unsurprisingly, the average cost of vendor fraud is approximately $280,000 per event, so it’s clearly something that US-based businesses will want to protect against.
Third party fraud
Third-party fraud is similor to vendor fraud, but instead of suppliers, the scammers are impersonating other partners of your business. For example, third-party fraud could include:
- Energy suppliers
- Accounting software
- IT security teams
- Subscription-based services
The wire communication is typically email-based, with common scams asking employees to ‘verify their identity’ or ‘reset their password’. Here, the victims will be redirected to a spoofed website, where they’ll input their credentials for the fraudster to capture.
In 2020, cybercriminals took advantage of Twitter employees with this very method. The scam artists impersonated IT administrators and asked the employees to share their credentials for identity verification purposes.
Importantly, the timing of this attack was one of the key reasons for its success – as this scam happened just as work-from-home policies were introduced during the pandemic. So, the employees had little reason to doubt the legitimacy of these spear phishing emails.
Still, the handful who fell for the scam ended up having their accounts compromised by the cyberattackers, who found their way into the admin panel and started posting from high-profile celebrity accounts (like Elon Musk). The scammers asked for donations to a Bitcoin investment scheme and gained approximately $180,000. Twitter also suffered from a 4% drop in its share price due to the incident.
Learn all there is to know about payment fraud in our latest fraud report!
How can you prevent wire fraud?
Wire fraud prevention is all about managing the communications – as it’s these electronic channels that make the difference. Some of the measures that businesses can implement include:
- Multi-factor authentication
- Limit publicly-available information
- Payment account verification software
Multi-factor authentication, also known as 2FA, is the ability to verify a person’s identity online. It works because the individual is required to have at least two of the following three factors:
- Knowledge: such as a password
- Possession: such as access to a phone number for a passcode
- Inherence: biometric features such as face ID or a fingerprint
It’s a strong fraud prevention method because it’s location-independent, and blocks external access from fraudsters with hacking or other complex security skills. In fact, up to 80% of all cyber breaches can be prevented by using two-factor authentication.
Limit publicly-available information
As part of each of the wire fraud examples mentioned, impersonation has played a key part. But in order to make these ruses more realistic, the fraudsters have to find out about the real and legitimate suppliers, employees, and third parties associated with any company first.
Some good practices include creating a social media policy to ensure that no work-related sensitive data gets shared online. Or, prevent employees from sharing their professional email address on a personal profile.
It’s important to think like a hacker – so give the organization a Google and see what comes up.
Organizations might want to audit what they already have online and clean up their digital footprint. For example, if your business website lists the individual information of all team members, it might be worth removing this information. What benefit do they really bring, except for providing cyberattackers with enough information to create their scheme?
Payment account verification software
In some cases, the wire fraudsters’ attack is strong enough to get past the channels of email and telephone. But if this happens, there are still actions that a business can take to protect its finances.
By relying on account validation software like Trustpair, organizations can monitor their payments more closely. By continuously controlling these payments in real-time, it means that any request to a suspicious or unknown third party is blocked, automatically.
As a final step against wire fraud, it’s certainly one of the most robust types of security for your finances. Get your demo of Trustpair to feel the benefits on your business.
Wire fraud is an incredibly dangerous scam that might result in scammers having access to your company’s finances or data. Attackers use social engineering to fulfill their schemes, and companies can prevent wire fraudsters by limiting their public information, implementing two-factor authentication, and using a payment verification platform like Trustpair.