Everything A Business Needs To Know About Wire Fraud
Wire fraud is one of those things you never think would happen to you, but it’s much more common than you might think. According to the FBI, Americans lost more than $4.1 billion from cybercrimes in 2020, which is a 69% increase over 2019. The most common cybercrime is business email compromise (BEC), including wire fraud.
Not only is wire fraud a prominent problem, but it’s also nearly impossible for businesses and individuals to recoup their money after it’s stolen. The best way to avoid becoming a victim is to have a thorough understanding of wire fraud, how the actors operate, and the common warning signs.
According to the US Department of Justice, wire fraud is, by definition, a scheme to defraud by means of false pretenses using the interstate wire communication system. In other words, wire fraud is when a criminal tricks someone into sending money via wire transfer.
The reason wire fraud is so popular amongst internet thieves is that it’s easy, instantaneous, and almost impossible to reverse. Once a wire is initiated, the money leaves one account and moves to another instantly, regardless of bank account or location. That means the thieves will have your money long before you realize it was a trick, and there’s very little you can do to get it back. Think of it almost like electronically sending cash.
Not all wire fraud is the same. Online criminals are clever when it comes to stealing your business’ money, and they usually attack in one of three ways:
● Phishing – The criminal pretends to be a legitimate person within your business, or a partner company (like a CEO, manager, or banking institution) and convinces the victim to provide their banking information or run a wire. Phishing attacks usually occur over email but can be done via telephone, texting, and instant messaging as well.
● Ransomware – The criminal infects your system with software that encrypts all your files. They then request payment (via wire transfer) to unlock them. They literally hold your systems hostage.
● Malware – Software that infiltrates your systems and steals private data like personal information, emails, banking details, online passwords, etc. The thief can then access your bank information and initiate a wire directly or use the information to convince the victim of their legitimacy during a phishing attack.
The most common type of wire fraud attack is a combination of malware and phishing. Criminals will access your systems via malware and read through your emails and calendars to pick up details about your business. Then, they’ll pose as either a banking institution or upper-level manager (typically a CEO) and send emails to someone who has access to the company bank accounts, asking them to wire money for an urgent business need.
This type of attack is especially successful because most employees will follow orders from a superior without much question—especially if it’s urgent, like during tax time or making major purchases.
Cybercriminals might be tricky, but there are usually telltale signs that something isn’t quite right. Here are some of the most common wire fraud warning signs to watch for:
● Wrong account numbers – The numbers in the request don’t match your accounts.
● Requests to change bank account information – If a client asks to change bank accounts to one with which you don’t typically do business.
● Any request for information – Banks and legitimate entities will NEVER request information via email. If you get an email asking to confirm your account information, it’s definitely a scam.
● Strange behavior – For example, if your CEO randomly asks you to send a wire transfer, even though that’s not something they typically do. Also, keep an eye out for changes in nicknames. For example, if a coworker goes by Nick and the email says Nicholas, it could be a red flag.
● Slight differences in email addresses – Email addresses might be slightly off. For example, @bankofthepacific.com vs. @bankotfhepacific.com. Some fraudsters are extra clever and use symbols like “α,” as in @bαnkofthepacific.com. It’s spelled right and looks natural, but it’s not a real email address.
● Poor syntax or grammar – Cybercriminals are often from overseas and not native English speakers. Obvious grammar mistakes (especially from a high-level manager or banking institution) are a major red flag.
Wire fraud professionals are always coming up with new ways to get your money, so keep an eye out for these common red flags to protect yourself and your business from online threats. Make sure to educate your employees about all the red flags and what to do if they see something suspicious.
The best way to protect yourself from wire fraud is to stop it before it happens. If you have the right safeguards in place, wires are a quick, efficient, and safe way to move your money and pay vendors. Here are a few ways you can preemptively strike back against cybercriminals and protect your business:
● Train employees not to click on unknown links and emails – Clicking on links or downloading attachments from unknown emails is an easy way for malware and ransomware to infect your systems. If you don’t know the sender, it’s best to avoid clicking anything inside the email until you verify their identity.
● Hover over links – By hovering your cursor over links before you click, you can see the entire URL of the site you’re about to visit. Make sure it leads somewhere you want to go before you click on it.
● Two-person verification for wires – Create a process in which two people are needed to initiate a wire transfer. That way, even if one falls victim to a scam, there’s someone else there to watch their back.
● Review wire limits annually – Talk to your bank every year to review your wire limits. Keep them as low as possible without affecting your business needs, so you can’t accidentally transfer a huge sum to a scammer.
● Confirm information with the client – If a bank, coworker, or client asks for a wire transfer via email, call them to verify. Confirming the request using a different form of communication is a good way to make sure everything is authentic.
● Educate your team - Your employees are your first line of defense against wire fraud. Train them how to identify the signs and protect themselves from online threats. It only takes one uninformed employee to leave your business vulnerable.
To make sure everyone on your team understands how to identify and prevent wire fraud, it’s a good idea to test them occasionally by sending out fake emails that use some of the common warning signs. If too many employees follow the instructions on the fake email, you know it’s time for another training. The more you keep your employees involved in the process of identifying wire fraud, the safer your business will be.
If you do fall victim to wire fraud, contact your bank immediately! There’s a very small window in which you may get your money back, but you have to act fast—and even then, there are no guarantees. Beyond that, there’s not much you can do. That’s why it’s essential to train your team and watch for the warning signs to prevent wire fraud before it can impact your business.
If you have any questions about wire fraud, how to protect your business, or want to review your wire limits, reach out to us! We’re glad to help.
Co -written by:
VP, Regional Business Development Officer
Lesa is passionate about developing a full banking relationship with her clients and assisting them to achieve their financial success through customized banking solutions. Visit Lesa's personal contact page HERE!
VP, Treasury Management
Marc is located in Beaverton and partners with the Bank’s commercial lending teams from Portland, Vancouver, Salem, and Eugene. Visit Marc's personal contact page HERE!
Have Questions? Our Bankers are here to help!
Whatcom/Skagit Commercial Lending Team
South Sound Commercial Lending Team (Olympia)
Vancouver Commercial Lending Team
Portland Commercial Lending Team
Salem Commercial Lending Team
Eugene Commercial Lending Team