Wire Transfer Fraud: prevention, best practices and recovery

IN THIS ARTICLE
Table of Contents
Like it? Share it

A 125-year-old US company lost $17,2M through wire transfer fraud. Scoular, which trades in grains and storage, repeatedly fell victim to wire transfer scams. Unfortunately,  fraud recovery wasn’t an option for them. It’s a reality for many: in 2022, 56% of US companies were targeted by at least one fraud attempt. When you fall victim to a wire transfer scam, how can you recover your funds? Read on to find out.

Trustpair protects you against wire transfer fraud by continuously controlling payments before they’re executed and blocking any suspicious transactions. Request a demo to learn how you can block payment fraud!

Nouveau call-to-action

Wire transfer fraud: definition and prevention strategies

Wire transfer fraud: how does it work?

Wire transfer fraud is a popular type of payment fraud. In happens when fraudsters ask you to send money to their bank account under false pretenses. It’s a form of online theft that usually uses spoofing (or identity theft).

They do it by impersonating someone you trust, like a supplier, or people with innate authority, like a representative from a government agency or the CEO of your company.

Scamming scenarios are often elaborate and convincing: for example, they ask you to urgently wire money to an account to finalize a strategic deal. There is often an element of pressure to it, so their unsuspecting victim doesn’t take the time to rationally think about what’s being asked.

In 2015, Xoom lost more than $30M through CEO fraud. One of their financial executives got tricked into transferring this money to an account, thinking their boss was asking for it.

Wire transfer fraud works because of its immediacy. Once the funds have been transferred, they land almost immediately in the malicious hacker’s account.

Although traditional wire transfers take 1 to 2 business days, the recent move towards instant payment methods means the funds can be credited in a matter of seconds.

Wire transfer scam: what to do when it happens?

When you discover the fraud, it’s a race against time to start the fraud recovery process. You need to act fast before:

  • The funds are transferred to other bank accounts,
  • Withdrawals are done to begin laundering the money,
  • The funds are converted to cryptocurrency.

If any of that happens, you are even less likely to recover funds.

Of course, imposters know that, so they try to slow down your response time even further. They commit wire transfer scams on a Friday afternoon and even go as far as contacting you pretending to be your bank investigating the matter — giving them further time.

Wire transfer fraud: what are the prevention strategies?

We’ve seen it: recovering funds from this type of fraud is complicated and without any guarantees. What you can control, however, is ensuring that you adopt adequate fraud prevention measures to avoid wire transfer fraud. It’ll save you from future financial (and reputational) losses.

Increase your safety measures and internal controls

Working with your IT team, you can start improving your cybersecurity protocols. That looks like:

  • Setting up strong password requirements so hackers cannot guess or hack them too easily.
  • Adopting multi-factor authentication to ensure the person logging into your network and key software has authorization to access it.
  • Requesting your employees never reveal any personal information like their phone numbers or social security numbers to any unknown or phony-looking sender.

Besides direct cyber security, it’s important to adopt better safety processes.

Adopting the concept of segregation of duties in your departments ensures no one person has too many responsibilities. It’s harder for online scammers to be successful when several people are involved. Furthermore, it’s a good way to prevent and reduce internal fraud risks.

When it comes to fraud detection, the 4-eye principle will also work in your favor. Requiring a minimum of two people (so, four eyes) to verify your transactions and other key operations reduces the risk of fraud.

Last but not least: make sure your team receives regular and up-to-date security awareness training. It should be given several times a year by security experts, and include real-life examples of the most recent scams. Teach your team to spot phishing emails, to watch out for too-good-to-be-true offers, or what to do when they have a scam artist over the phone (hang up!).

The more effort you put into your prevention, the more fraud-aware your team will be. Your employees are a good barrier against fraud — but they’re not infallible.

Use anti-fraud software

Fraud prevention software like Trustpair is an important element of your fraud prevention (and detection) plan.

Humans are, after all, quite vulnerable to mistakes as well as social engineering tactics. Often, the breach comes from someone from your team who didn’t think twice about a dangerous action they were taking.

42% of employees admitted taking dangerous action online according to the State of the Phish report (actions like clicking on a malicious link, or downloading viruses).

To protect yourself against cyber attacks and social engineering attacks, it’s necessary to use anti-fraud software.

Indeed, fraud prevention and detection software are more efficient in preventing wire transfer fraud and have access to data your employees cannot access on their own.

Trustpair has access to hard-to-find international databases that ensure even your international wire transfers to your overseas suppliers are secure. Our solution continuously audits your third-party account number in real time. We use three-way matching to ensure the funds you send always reaches its intended beneficiary. Each request for a banking information change is thoroughly analyzed before the banking details are changed. Fake account numbers and suppliers won’t go through!

Trustpair blocks any fraudulent transaction before it is sent to unauthorized third parties. Our software includes a machine learning component that:

  • Detects suspicious patterns,
  • Blocks the correspondent transfer and
  • Raises the alert.

Using Trustpair means completely eradicating the risk of fraud in your company — so you never have to deal with wire transfer fraud recovery!

Fraud can have disastrous consequences on companies and employees. Lee-Ann Perkins, experienced treasurer in the US, shares her own story in our latest video series.

New call-to-action

What are the steps to recover funds from wire transfer scams?

Let’s start with the bad news: with this type of fraud, fund recovery is never guaranteed. If you’ve been scammed, it’s highly unlikely you’ll ever see this money again, and your odds diminish with each passing hour.

However, when you’re a victim of online fraud, there is little you wouldn’t try to save your company. Here are the steps to take to try and get your funds back:

Contact your bank

The first thing to do when you become aware of the transfer fraud is to contact the financial institution you used to send money.

Call your bank and ask them to initiate a SWIFT recall. Explain you’ve been the victim of transfer fraud and that you need to freeze the wire transfer.

From there, there are two scenarios:

  1. If the funds haven’t left your account yet, you might be able to stop the transfer and not lose your funds.
  2. If the funds transfer has already been deposited to the payee’s account, however, things are not looking good for you. The cybercriminals may already have moved the money to another bank account.

It’s still worth asking your bank to call the recipient’s bank fraud department so they can freeze their account. If the money was indeed transferred to another account, then you need to contact the third correspondent bank.

You have to call each intermediary bank personally to explain the situation and freeze the whole chain of accounts in the different financial institutions.

Remember to make a list of your phone calls with the time you called and the details given — it’s a tedious task that can quickly get overwhelming.

Contact law enforcement

Then (or in parallel), you have to contact law enforcement to report the internet fraud. There are several legal entities to contact for the wire transfer fraud recovery process:

  1. The Internet crime complaints center. They’re a division of the FBI in charge of Internet crimes. Explain the situation and give them all the scam details. Send them a copy of the scam emails and text messages (or a transcript of the phone call in case of vishing) with the wire instructions. They’ll issue you an IC3 number.
  2. Local authorities. With your IC3 number, contact your local FBI agency, or your local police department. They’ll tell you which process to follow and what to expect next.
  3. Federal Trade Commission. Reporting fraud to the Federal Trade Commission is helpful so they know the latest scams around. They’ll also be able to offer some practical help and guidance on your next steps.

Of course, you’ll want to involve your lawyers or your legal department. It’s helpful to nominate a few trustworthy people to help with recovering your funds from bank transfer fraud.

Identify the breach

Recovering your funds from payment fraud can take a while. There are a lot of actors who need to get in touch, all with different internal processes. Check in regularly with the relevant organizations, but also be patient.

While you’re waiting, there is more work to do!

If you haven’t already, contact your IT security team. They’ll probably have started acting on your contingency plan, but double-check that all your passwords have been changed and your security reinforced. Make sure the perpetrators cannot strike twice (they often do).

It’s also essential to find where the breach originated. Once more, your IT team should have its own protocol to follow in case of a security breach. They’ll have made a mirror copy of your system when the breach happened, so they can find the leak — like malware on one of your employee’s devices.

According to our recent survey on payment fraud, when companies are targetted with fraudulent attacks:

  • 55% of them see a change in suppliers’ credentials for legitimate payments. That means hackers infiltrate your network to manually change the bank account number and receive payments intended for real suppliers (which is called vendor impersonation fraud).
  • 33% are done through Business Email Compromise (BEC) and phishing. Criminals hacked into your business email to carry out wire transfer fraud, which compromised your security. Learning about these two types of cyberattacks is key for fraud prevention, so it doesn’t happen again.

fraud study us

Key Takeaways:

  • If you’ve been a victim of fraud, it’s almost impossible to recuperate your funds. The recovery process is a race against time that requires patience.
  • Adequate protection against payment fraud is the smart choice. Using anti-fraud software like Trustpair completely eradicates the risk of fraud.

You’d like these articles

FAQ
Frequently asked questions
Browse through our different sections and find the answer to your question.

It’s almost impossible to recover money from wire transfer fraud. By the time you realize what’s happened, fraudsters are usually long gone.

If you catch the transfer before it’s been debited from your account and sent to your scammers, yes. But in most cases, it’s too late to reverse the transfer, and your funds are gone for good.