What Is Wire Transfer Fraud?
The term comes from the original version of this crime which used wire transfers, or the transfer of funds between banks across telegraph wires and shortly thereafter phone lines. Wire transfer fraud has grown to include any bank fraud that involves electronic communication mechanisms instead of face-to-face communication at a financial institution. It also involves the fraudulent attainment, by way of false pretense, of banking information to gain access to another person’s bank account.
This kind of wire transfer fraud attack against businesses and other organizations (municipalities and schools have been hit hard by this kind of attack) has become a significant threat in the world of cybercrime.
Much of business today is conducted remotely, either over the phone or (more often) through email, so without that face-to-face verification of someone’s identity, attackers can trick either party in a transaction into transferring money to their bank account instead of the intended recipients. They can also deceive a party into thinking that a transfer of funds is necessary when it is not by providing fraudulent bank account information.
Wire Transfer Fraud vs. Business Email Compromise
Wire transfer fraud sounds a lot like a business email compromise (BEC) attack, and they are both similar and different. A BEC attack can include a wire transfer fraud, but a wire transfer fraud can happen without impersonating or taking over the email of an executive.
In addition, wire transfer fraud can also be considered a form of social engineering, where a bad actor manipulates or lies to a user to get them to complete a task, like wire money to a fake bank account.
Wire Transfer Fraud Examples
1. The CEO’s Urgent Request to Wire Money
An email shows up in the CFO’s inbox. The email is from the CEO who says that earnest money for the new purchase must be transferred by the close of business today or the deal will fall through. The email provides account information for the money transfer and includes a personal apology for the “fire drill” but, “you know how these things can fall apart.”
The director proceeds with sending money only to find out that the email was not sent by the CEO and that the money was sent to a fraudulent account and is now gone. The request came in on a Friday and it wasn’t until Monday that the truth of the situation came to light. This was a publicly traded company and there was a public record of a letter of intent to purchase the company. The attacker created a very targeted and very realistic-looking email that seemed plausible given this specific information.
2. The Sneaky Reroute
A company’s remote location uses Microsoft’s remote desktop protocol (RDP) to allow the central office to remotely log into its systems for administrative purposes. This access was not locked down to specific source IP addresses and was available to the entire Internet. Exploiting an unpatched vulnerability on the system, an attacker was able to take control of the workstation.
Once on that system, they worked their way through the network to the workstation of someone in the finance department. They checked the email on the host periodically and watched activity until they saw a large transfer was being arranged to an overseas factory (they were on the system for over 6 months waiting for something interesting to happen that they could exploit). They altered the account information in the form that was emailed to point to another, fraudulent account.
The money was transferred (over $1.5M) and no one noticed until the supplier called and asked when that money was going to be transferred. By then the attacker was long gone with the wired money and the account was closed.
How to Prevent Wire Transfer Fraud
- Create and follow written procedures for transferring money within or outside the organization
- Develop strong email security, including identity and access management techniques, to prevent BEC attacks
- Always double-check a message. If there’s an email from the “CEO” then call the CEO and verify
- Employ security awareness trainings to help users understand how they could be targeted
How Arctic Wolf Can Help Prevent Wire Transfer Fraud
Arctic Wolf® Managed Detection and Response utilizes continuous monitoring to detect breaches and threats as soon as they occur. This includes if vulnerabilities are exploited and if a threat actor is sitting within the system or making lateral movements within a network.
Arctic Wolf® Managed Risk works with organizations to identify gaps and harden their environment, this includes email security, identity and access management security, as well as vulnerability management.
Arctic Wolf® Incident Response helps organizations stop attacks and restore their operations with speed and precision. Incident Response leverages an elastic framework that enables rapid remediation to any cyber emergency at scale.
