The Federal Bureau of Investigation (FBI) has recently reported a rise in wire transfer fraud from spoofed emails, called business email compromise (BEC), where the victims receive emails made to look like they came from trusted business associates. Reports of the crime have come from all 50 states and 131 countries, and these fraudulent funds have gone to 103 countries, primarily China and Hong Kong, as well as the United Kingdom.
Between October 2013 and December 2016, there were 40, 203 incidents of BEC, and over $5.3 billion in exposed dollar loss. However, experts believe that only 20% of cases were reported to the FBI and that the total actual losses could be up to twice the amount that the FBI reported.
Fraudsters are becoming increasingly successful in conducting wire transfer fraud because their tactics are becoming more and more sophisticated. There is now in-depth background research involved to make sure the right people are targeted, ideally individuals who deal with the financials of the company. As Proofpoint Inc. researcher in business email compromise, Robert Holmes, explains, “This [wire transfer fraud] is not a volume play; it’s a carefully researched play.” In some cases, employees have been tricked into providing to fraudsters sensitive information, such as tax reports, not realizing their emails were spoofed.
It is important for small businesses to take some steps to ensure they are not a target of wire transfer fraud. The FBI published ten recommendations for this, and below is a list of a few of them that can be implemented right away:
- Do not post details about your workplace structure, job duties and out-of-office contact information on social media or your company website;
- Do not “Reply” to your emails, but rather “Forward” them to the intended recipients by manually typing in their email addresses or selecting them from your email address book to ensure the correct email addresses are being used;
- Pick up the phone and call the email sender to confirm the legitimacy of the wire transfer request;
- Report and delete all spam and phishing emails;
- Avoid using free webmail web services to conduct business transactions. These can be imitated easily.
- Know the habits of your clients and business partners and be aware of sudden changes in their routines.