Protecting Against Wire Fraud and Man in the Middle Schemes
The scammers continue to find easy ways to dupe unsuspecting businesses into sending information or money to them. It used to be that we had to address vast fraud schemes with phishing emails requesting the W-2s of employees. That is child’s play now as most companies are aware of the scheme and don’t fall victim to it.
Similarly, in the past year, we have seen a dramatic increase in wire fraud and man in the middle schemes. These schemes usually start with a sophisticated phishing email that an employee clicks that looks like it is from a trusted vendor, who has spoofed the signature line of the vendor and asks the employee to pay the outstanding invoice.
During the email trail, which can go back and forth on multiple occasions, the intruder will tell the employee that when they pay the outstanding invoice, the vendor has changed its bank account and wiring instructions, or is switching from the old paper check system to ECH and to use the wiring instructions in the email.
The money is wired per the email instructions to a legitimate bank in another state (that the hacker has opened online with someone else’s identity) and by the time the company finds out, the account has been drained. Sometimes the account can be frozen (usually within three days), but it is rare that the company knows in time to notify the bank and request that the account be frozen.
In this day and age, wiring instructions provided by email should never be trusted. If anyone requests payment to a new bank account or through ECH, major red flags should go up. Any requests should be confirmed in another way to properly authenticate the request, such as a telephone call to a known contact.
The hackers spoof the signature line of a known contact and put their own email and telephone number in the signature line, so when the employee calls to authenticate the instructions, the hacker is on the other end of the line. Those checking authentication should not email the hacker back through the existing email chain but should start a new chain to the trusted contact, and not call the telephone number in the signature line, but the telephone number that the employee looks up separately in existing contacts or on the company’s website.
You all know that my mantra these days is for employees to be “wicked paranoid.” Those handling wires in your company should be aware of these schemes, be educated about them to be prepared for them and be wicked paranoid.