In September, the City of Fort Lauderdale lost $1.2 million after wiring money to a fraudster posing as a legitimate construction company that had completed work for the city. In this business email compromise (BEC) scheme, the city received an invoice that looked identical to previous invoices from the contractor, and the fraudster followed the same processes that the legitimate contractor had followed in past transactions.
Criminals often use convincing ploys to trick employees into revealing financial information or transferring funds. Once an employee has sent money, it may be impossible to recover the funds. Companies of all sizes must be vigilant – it’s not just big companies and government agencies that are targeted.
In March, a small business owner in Cypress, Texas, lost nearly $200,000 in a wire transfer scam. It started when he received text messages and then a call about a purchase. He thought he was speaking to his bank’s fraud division. The caller already knew some of his information, and he verified additional details. This was all the scammer needed to authorize four wire transfers, draining the company’s account.
Business Email Compromise Schemes
In BEC schemes, criminals pose as legitimate business contacts – such as vendors or supervisors – to trick employees into making wire transfers. These ploys are frequently carried out via email. The FBI says BEC scams have been reported in all 50 states and can target companies of all sizes – from small, local businesses to large corporations.
BEC scams are both common and expensive. In 2022, the IC3 received 21,832 complaints involving BEC scams. The adjusted losses totaled more than $2.7 billion.
New Technologies Make Scammers Even More Convincing
Scammers are very persuasive. They often know enough about the target to seem legitimate. Plus, they frequently create urgent scenarios to pressure the target into acting quickly.
Now, technology is making these scams even more convincing. According to Bank of America, deepfakes use artificial intelligence to create videos, audio, and other media that are difficult to distinguish from authentic media. Scammers use deepfakes to make their BEC and wire transfer scam requests seem as if they’re coming from legitimate sources. This happened in 2020, when scammers used audio deepfake to steal $35 million from a bank in Hong Kong.
Even personal phone conversations are risky. In September, MGM Resorts International was hobbled by a high-profile security breach. Las Vegas Review-Journal reports that hackers claim to have gained access to company systems through a simple phone call in which the hacker impersonated someone in authority and convinced an employee to grant them access.
Protect Your Business
Wire transfer fraud risks and other hacks keep growing. Even if your business doesn’t use wire transfers, a criminal could access your financial accounts and use a wire transfer to drain your funds. To protect your business, you must stay vigilant.
- Be skeptical of anyone who calls, emails, or texts you about fraud. This is a common scam tactic. Instead of responding, contact your financial institution directly using the contact information you have for the institution.
- Create a standard process so that you and your employees can verify the authenticity of requests and updates. According to the FBI, BEC scams can involve scammers posing as vendors you’ve worked with before. The scammers send an email containing what they claim is the vendors’ updated contact information. Another scam involves a scammer posing as your CEO. The scammer will ask an assistant to purchase gift cards for employee rewards. Before sending funds, providing sensitive information, or updating the contact information you have on file for a vendor, verify the request. For example, if your CEO requests a transfer, call or talk in person to the CEO before acting.
- Be cautious. Scammers may spoof legitimate phone numbers and email addresses. Plus, they may already have some information about you, your business, and your financial accounts. Don’t accept these facts as evidence that you are dealing with a legitimate source.
- Train your entire team. Educate your workforce on how to spot phishing attempts, avoid malicious links, verify requests, and hang up on scammers.
- If you suspect a scammer is targeting you or if a fraudulent wire transfer occurs, contact your financial institution immediately. You may be able to freeze your account or stop the transfer from going through – but only if you act quickly.
- Carry insurance. Cyber liability insurance can provide you with coverage for wire transfer fraud. Check your policies to determine if you have coverage and what your limits are.
Wilson, Washburn & Forster is a boutique, independent insurance agency, in business since 1961. We have expertise and connections in cyber liability insurance and risk management. Our experience, claims handling, service, and community commitment is unrivaled.
Contact us today at 786-454-8384 for a complimentary analysis of your current insurance program by an insurance specialist.