Community Banking
The Dangers of Emailed Wire Transfer Requests
written by Kami Bailey
Banks and their customers are increasingly being victimized by e-mail compromise fraud schemes involving wire transfers. According to the Financial Crimes Enforcement Network (FinCEN), there have been approximately 22,000 reported cases of e-mail compromise fraud schemes since 2013 involving $3.1 billion. In a special Advisory to Financial Institutions, FinCEN detailed how these schemes work. Cybercriminals use social engineering or computer intrusion techniques to compromise victims’ commercial and personal e-mail accounts to obtain sensitive bank account information. Once they have this information, criminals send fraudulent wire transfer instructions to the bank that look like they came from the victim. The instructions direct the bank to wire money to the criminal’s account, commonly located in foreign countries. The best way for banks to detect and prevent these fraud schemes is to initiate strong callback procedures, pay careful attention to e-mail addresses and grammatical writing errors, and to carefully review and verify all wire transfer instructions. Bank’s should pay special attention to international wires requested via e-mail. The Advisory also listed a number of red flags that could indicate this type of fraud, such as the following:
- Transaction instructions include a different language, timing and amount than previously verified instructions.
- The beneficiary’s account information is slightly different from the information contained in previously verified instructions.
- Transaction instructions contain trigger language like “Urgent,” “Secret” or “Confidential.”
- The e-mail account from which transaction instructions originate is slightly different from a known customer’s e-mail account — for example, [email protected] instead of [email protected].
- Transaction instructions direct that payment be made to a beneficiary the customer has no payment history or documented business relationship with.
If your bank has been victimized by an e-mail compromise fraud scheme, you can file a complaint with the FBI’s IC3 by visiting http://www.ic3.gov. Keep in mind that you may also have Suspicious Activity Report (SAR) filing obligations. Please contact us if you have more questions about these fraud schemes and controls to have in place to detect and prevent them 417-881-0145.

View Similar Blogs
Other blogs about cybersecurity and your business
Our Cost Accounting Services and How They Lead to Actionable Profit Strategies
Do you understand how costs affect your business strategy? The Whitlock Co. leverages our cost accounting expertise to help you analyze expenses. We give you the data you need to make...Minimize Errors, Maximize Accuracy With Our Accounts Payable and Receivable Management Services
The Whitlock Co. provides expert guidance to help businesses make informed decisions about their financial health. One thing we do is optimize accounts payable and receivable management and make...Understanding Our Audit and Assurance Services
When The Whitlock Co. performs audit and assurance services for your business, we deliver a thorough evaluation. This enhances trust and reliability in your financial reporting. The goal is to...