Community Banking

The Dangers of Emailed Wire Transfer Requests

written by Kami Bailey

Banks and their customers are increasingly being victimized by e-mail compromise fraud schemes involving wire transfers. According to the Financial Crimes Enforcement Network (FinCEN), there have been approximately 22,000 reported cases of e-mail compromise fraud schemes since 2013 involving $3.1 billion. In a special Advisory to Financial Institutions, FinCEN detailed how these schemes work. Cybercriminals use social engineering or computer intrusion techniques to compromise victims’ commercial and personal e-mail accounts to obtain sensitive bank account information. Once they have this information, criminals send fraudulent wire transfer instructions to the bank that look like they came from the victim. The instructions direct the bank to wire money to the criminal’s account, commonly located in foreign countries. The best way for banks to detect and prevent these fraud schemes is to initiate strong callback procedures, pay careful attention to e-mail addresses and grammatical writing errors, and to carefully review and verify all wire transfer instructions. Bank’s should pay special attention to international wires requested via e-mail. The Advisory also listed a number of red flags that could indicate this type of fraud, such as the following:

  • Transaction instructions include a different language, timing and amount than previously verified instructions.
  • The beneficiary’s account information is slightly different from the information contained in previously verified instructions.
  • Transaction instructions contain trigger language like “Urgent,” “Secret” or “Confidential.”
  • The e-mail account from which transaction instructions originate is slightly different from a known customer’s e-mail account — for example, [email protected] instead of [email protected].
  • Transaction instructions direct that payment be made to a beneficiary the customer has no payment history or documented business relationship with.

If your bank has been victimized by an e-mail compromise fraud scheme, you can file a complaint with the FBI’s IC3 by visiting http://www.ic3.gov. Keep in mind that you may also have Suspicious Activity Report (SAR) filing obligations. Please contact us if you have more questions about these fraud schemes and controls to have in place to detect and prevent them 417-881-0145.

Whitlock 3

View Similar Blogs

Other blogs about cybersecurity and your business

  • Business owner calculating revenue

    Our Cost Accounting Services and How They Lead to Actionable Profit Strategies

    Do you understand how costs affect your business strategy? The Whitlock Co. leverages our cost accounting expertise to help you analyze expenses. We give you the data you need to make...
  • Accounts Receivable and Payable Concept With Sticky Notes

    Minimize Errors, Maximize Accuracy With Our Accounts Payable and Receivable Management Services

    The Whitlock Co. provides expert guidance to help businesses make informed decisions about their financial health. One thing we do is optimize accounts payable and receivable management and make...
  • Two Businesswomen Consulting Financial Numbers

    Understanding Our Audit and Assurance Services

    When The Whitlock Co. performs audit and assurance services for your business, we deliver a thorough evaluation. This enhances trust and reliability in your financial reporting. The goal is to...