Wire Fraud – The Front Line

Wire fraud, by definition, is the name given to any type of financial fraud involving telecommunications or information technology. It is being increasingly used by cybercriminals to deprive individuals and organisations of funds via mail or wire communication.

We are regularly instructed to investigate ‘man in the middle’ wire fraud attacks as a result of an organisations email systems being compromised.

A typical wire fraud request will often appear at a time when the victim is already expecting to transfer money as part of a regular transfer (house purchase, stock transfer, large bill payment) but will ask for the amount to be transferred to a different account. The request is usually submitted via a fake email from an address that looks very similar to the expected address with maybe 1 or 2 characters different or sent from an alternative email client with the address ‘spoofed’ to appear as expected if the user simply reads the ‘reply-to’ field.

In some instances, the email is actually sent directly from the client’s real email address because their own email servers have been compromised. When this happens, the hacker will often look through old emails and sent items, paying particular attention to the content and aesthetic of the email and the writing style of the sender. By looking at email trails between the supplier and the customer, it is very easy to pick up the processes that the organisation follows in terms of how goods are ordered and the payment protocols that are followed. The hacker will then lay dormant in the email account until a transaction is due. They will then mimic the email, send it on the supplier’s behalf, but make changes to the payment details so that the money lands in the hacker’s account instead.

What is surprising is that banks do not cross-check beneficiary names with account numbers. The name that appears on the bank transfer could be the correct name (i.e where you think the transaction is destined) but the sort code and account number could be for someone completely different. The bank will ignore the name, even if it does not match, and will transfer the money based on the sort code and account number alone.

After looking through the evidence once these frauds have been triggered we often wonder why the warning signs were not spotted, for example:

  1. The first indication is the style of language, the ‘tone of voice’ within the email differs from that expected.
  2. Then the number of grammatical mistakes increases (perhaps because the fraudster’s first language is not always English).
  3. Often the VAT/Tax calculation is incorrect due to unfamiliarity with the local legislation.

Then is the real giveaway, the later request to provide different bank account details than originally expected.

Based on IT Group’s recent experiences with organisations targeted with wire fraud, the following lessons can be learned:

  1. Securing your email account is critical. Make sure to use strong passwords, or better still, two-factor authentication to access your email accounts. Don’t let fraudsters know your business.
  2. When communicating about a money transfer always check the email headers and don’t rely on what is shown in the ‘reply-to’ field as this can be easily spoofed.
  3. Independently verify the beneficiary’s bank account details by calling the bank directly. Don’t accept a letter from them that simply displays a company logo – we see these fraudulent documents all of the time.
  4. Speak to the beneficiary on the telephone by contacting them on a number that you can independently verify by a longstanding source.