Cyberattack and the risk to wire transfers
by Jason B. Hirsh and Kathryn C. Nadro
Business email accounts are increasingly susceptible to scams around wire transfers, creating cybersecurity breaches that often lead to litigation and cost businesses dearly. A United States Federal Bureau of Investigation (FBI) report noted that its business email compromise (BEC) complaint centre received complaints with losses exceeding USD 2.4 billion in 2021.
A typical wire transfer scam works like this: A bad actor intercepts a conversation between individuals communicating by email about a scheduled transaction and modifies wire instructions so the payment, which may be substantial, ends up with the bad actor instead of the intended recipient. Before anyone notices the fraud, the money is long gone.
How can businesses avoid a catastrophe involving BEC fraud? Below are some best practices for minimising risk and creating more secure wire transfers:
- Confirm wire instructions orally by phone with a known and verified contact at a known and verified phone number. Do not provide any sensitive information or wire instructions in response to a received call — always dial the known number yourself.
- Verify instructions thoroughly. Never confirm wire instructions via email.
- Use a secure communication channel and two-step verification. Two-step verification means providing partial wire instructions via encrypted secure platforms and requiring a phone call to receive the complete wire instructions.
- Carefully confirm all details. Double- and triple-check bank names, routing numbers, SWIFT codes, account numbers, and all other related wire transfer information for accuracy.
- Watch for red flags. Be cautious if someone requests an urgent or last-minute change to previously provided instructions. Even a plausible-sounding email with unexpected changes should be vetted and verified. Scrutinise emails with poor grammar, unexplained urgency, or misspelled email addresses.
- Conduct internal reviews. Within your organisation, separate the responsibilities for initiating, authorising, and reviewing wire transfers. Document and review each transaction before submitting the wire request.
- Confirm receipt. Ask the recipient to confirm via phone that they have received the funds immediately after the transfer is completed.
- Train your team. Educate employees on recognising and preventing wire fraud, phishing, and BEC schemes. Conduct periodic security awareness programs.
- Implement cybersecurity measures. Keep software, firewalls, and anti-virus tools updated to prevent hacking attempts. Avoid conducting business, especially any access to banking portals, on unsecured public Wi-Fi networks, and always use multi-factor authentication. Strengthen information security policies and procedures, including incident response plans.
By implementing these safeguards, a business can reduce the risks associated with BEC fraud and wire transfers.
Jason Hirsh is a Partner with Levenfeld Pearlstein, and is the Practice Group Leader of the Litigation Group. Jason’s practice involves business litigation, including litigation of wire-transfer and ACH fraud-related disputes and consulting regarding such matters.
Katie Nadro is a Partner with Levenfeld Pearlstein in the Corporate Group, where she advises clients on cybersecurity, data privacy, and artificial intelligence matters.
/https://storage.googleapis.com/ggi-backend-prod/public/media/7386/923587f9-f21d-4907-ac37-008e16b9ed5e.jpg)
/https://storage.googleapis.com/ggi-backend-prod/public/media/4471/Logo_Levenfeld-Pearlstein,-LLC.png){kind=logo}
/https://storage.googleapis.com/ggi-backend-prod/public/media/7272/c8a18d03-0e7a-4395-9958-a785c3aaa5a7.jpg)
/https://storage.googleapis.com/ggi-backend-prod/public/media/7301/042e0cc0-1dd0-4d35-b44f-fd456e2c3c9c.png)
/https://storage.googleapis.com/ggi-backend-prod/public/media/7273/b47ff612-731b-4957-aac2-f7c5afa8c07c.jpg)
/https://storage.googleapis.com/ggi-backend-prod/public/media/7270/1b9e5c9b-f261-4a88-8db8-bb4b20486510.jpg)