Don’t lose money to wire transfer fraud

When Barbara Corcoran (star of Shark Tank) recently lost almost $400,000, the crime of wire transfer fraud grabbed the news spotlight. What struck Ms. Corcoran was a plot that mixed phishing, wire transfer fraud, and social engineering.  When a cyberattacker impersonated Corcoran’s assistant by spoofing her email address, the bookkeeper suspected nothing amiss, then honored an email request to transfer funds to the attacker’s bank account.

What is wire transfer fraud, exactly?

Wire fraud happens when an attacker defrauds someone of money by impersonating someone else (social engineering), then funds are usually taken directly from a victim’s bank account. These days, wire fraud is often committed via email—as in the case with Corcoran’s assistant and bookkeeper—but the attacker’s initial contact could arrive by phone call, fax, text message, or over social media.

Am I at risk of wire transfer fraud? 

In short, yes, even if you’re not famous, and even if you don’t transfer money this way. Wire fraud is a common occurrence—the FBI estimates that the U.S. alone lost about $1.9 billion in 2019. Particularly susceptible are the elderly, college students, and those who have wealth or celebrity. Attackers target those who either seem more vulnerable than the general population or those people who could result in a big payout. In my day-to-day conversations with customers, however, I see all types of people experiencing wire transfer fraud.

Preventing wire transfer fraud isn’t hard.

It takes a few easy steps that many people just don’t know, and at Rubica we want you to know as many helpful details as possible when it comes to protecting your identity and your resources. This unfortunate event highlights the importance of taking cybersecurity seriously, and in this case thinking critically of all the people in your chain of communication.

So, how do you prevent wire transfer fraud?

1. Set pre-verification protocols with your bank.

Wire transfer protocols verify payment details over the phone before funds are sent. Most banks offer a service where they are required to call you back to verify any transactions initiated by email. This is the most important strategy you can implement, as it ensures all parties involved in each transaction play their part in order for the money to be transferred securely. If anyone in the chain breaks wire transfer protocol, then at least one person in the chain should become alert and start asking precise questions.

2. Password-protect changes to your account.

Implement a secret verbal code or passphrase to your bank account, making it a required match in order to make any account changes. Remember your password hygiene, though, and make this something private – not the names of pets, relatives, or anything that can be discovered about you on social media.

3. Protect accounts with multi-factor authentication.

Rubica has seen cases where the attacker targets the email of someone along the email chain, allowing the attacker to use their email address to request the fraudulent transfer. This makes it harder to catch when you are looking at the address to see if you’re emailing the right person. I always recommend having multi-factor authentication (MFA) in place because that way an attacker can’t get to the account in the first place, not having the secondary devices needed to pass MFA verification.

4. Re-think your security questions.

If the security questions are rigid and set to easily-guessed data, use an alias. Rather than giving the correct answer to the question of your mother’s maiden name, purposely give a false answer or even a set of answers tied to a fake person. Memorize Wonder Woman’s full name, address, pets, and high school she graduated from (or a similar “person”). This makes it less likely that the answer will be guessed or discovered online—and these are answers only you would know because you made them up.

5. Scrutinize email addresses.

Always be on the lookout for a spoofed email address. In the case of Corcoran’s assistant and her bookkeeper, none of their email addresses were hacked. Instead, the assistant’s email address was merely spoofed. When the bookkeeper saw the email and did not notice that the address was just one letter off, she assumed that it was coming from the right person. It’s a crucial check step for you and your team.

Be suspicious of each detail, no matter how small, and take extreme ownership of your security.  And don’t forget, Rubica does than monitor your traffic to prevent data theft. You can call us for no charge to ask cybersecurity questions and prevent your accounts from compromise in the first place.