Wire Transfer Fraud: A Threat to Businesses Owners

In February 2018, a New York-based victim of a business email compromise (BEC) filed a complaint with the Federal Bureau of Investigation (FBI)’s Internet Crime Complaint Center’s Recovery Asset Team (RAT) upon receipt of a comprised email they received from their closing agent during a real estate transaction. This had started a wire transfer of $50,000 to a fraudulent bank account also located in New York. Fortunately, the FBI’s IC3 RAT team was able to work with the bank and the victim to help them recover the funds. However, this story points to a big threat to business owners: wire transfer fraud.

In their 2018 Internet Crime Report, the FBI states that BECs are “scams targeting businesses working with foreign suppliers and/or businesses regularly performing wire transfer payments.” Both businesses and individuals are targeted, and they cite both manufacturing and construction industries as those most frequently targeted. Why? They are typically slower to adopt cybersecurity policies, making them more susceptible to threats.

How does it work? Don’t ever underestimate hackers. They are usually watching a business (and its employees) for some time, learning patterns for wire transfer requests, reviewing outgoing communications, etc. From there, they will target a business or a vendor that works with that business to compromise a business’ email and either initiate or request a fraudulent wire transfer.

What can a business do? Training employees in cybersecurity is an important first step. Don’t just train once, but train frequently, so that information is retained and reinforced. One very important topic is social engineering which, according to Webroot, is “the art of manipulating people so they give up confidential information.” It can come in the form of an email from a friend or another trusted source and the messages contain a link or download, may seem legitimate at first, and they could ask for a variety of things such as urgent help, a charitable donation, or to notify you that you’ve won a fictitious award or prize. The idea is to bait a user into giving away sensitive information. Educate employees on what this looks like, show them how to report suspicious incidents, and make sure this information is reiterated frequently.

Of course, cybersecurity insurance is important and recommended, as it helps a business recover from a security breach or other cyber event.

For more information on Rose & Kiernan’s cybersecurity risk management, please contact us at techrisksolutions@rkinsurance.comClick here to learn more about cybersecurity insurance.

Post a Comment

Your email address will not be published. Required fields are marked *

Related Posts

New York State CVA lookback window extended
New York State’s New SHIELD Act: What Businesses Need to Know

In July 2019, Governor Andrew Cuomo signed the law, known as the Stop Hacks and Improve Electronic Data Security, or SHIELD, Act.

Read More

cloud-based email compromises
A Key Cybersecurity Threat: Banking Trojans

A banking Trojan is a type of malicious computer program that is designed to gain access to confidential information stored or processed through an online banking system.

Read More

ransomware attacks
A Ransomware Attack on a Local Business Reminds Us of the Importance of Cybersecurity

A recent story ran in the Albany Business Review that talked about a local company, Dimension Fabricators, and how they were hit with a ransomware attack.

Read More