Thought Leadership

Wire Transfer Scam Alert

Be aware that WIRE TRANSFER EMAIL SCAMS are becoming more and more prevalent.  These scams often imitate legitimate businesses or people and according to the FBI have cost US victims approximately $180M*.

These emails appear to be from an individual or business you’re familiar with but aren’t;  They originate from a criminal who is using a valid, but intentionally misleading email address to trick you into divulging your bank account numbers, passwords and other private information–up to and including transferring funds to an unknown and unauthorized recipient.

These email addresses are familiar at a glance.  For example, you may regularly receive emails from john.doe@comfortblanket.net.  A criminal will approximate the address by slightly altering it.  In this case – john.doe@cornfortblanket.net appears to be correct but any messages, replies or subsequent messages from/to this address are actually coming from and being read by someone who is trying to steal something from you.

Since human error is the single highest contributing factor to the success of these scams, the best way to combat them is to raise awareness and educate your staff.  Awareness will do more to protect your business than any IT department, bank or law enforcement agency could ever do

Also, be sure you have a good anti-virus installed and keep it up to date.  They can’t prevent these emails from getting through, but they can stop malicious code from being installed as a potential result of opening an attachment from a bogus address.

Protect yourself:

Be attentive to the email addresses you open
Follow your instinct –  If it doesn’t look right, check it out
Educate and raise awareness with your staff about security best practices
Question all email requests that seem to be out of the ordinary through another channel (phone call, face-to-face, separate text message)
Periodically monitor account balances
Consider using two-party authorization for wire transfers

If you receive one of these emails:

Delete it immediately and notify others in your organization

If you actually divulge information:

Notify your financial institution, IT support staff, and law enforcement immediately

  • Industry

  • Category

  • Regulation

  • Solution