The fake wire transfer scam

Every organisation communicates with one or multiple third parties (e.g., partners, clients, suppliers, etc.) in order to run operations. Cybercriminals take advantage of that exchange to gain profit: through persuasion, threat or any other form of pressure, they try to convince the victim that they either need to execute an unplanned and urgent transfer or to give away confidential information. Their objective is to convince the victim that an immediate action is needed to close or unlock an ongoing, critical operation. On top of that, they try to persuade the victim not to share this request with anyone else due to its sensitivity. Usually, the cybercriminals impersonate one of the organisation’s third parties, so the victim thinks that the request is legit. However, the bank account is not the one associated with the third-party and if there are no checks of the accuracy of data nor an approval process in place, the victim cannot identify that the request is fake. This scam can also happen through the impersonation of a CEO or director (i.e., CEO fraud) or of technical support (i.e., fake technical support scam).

How to protect against fake wire transfer scams?

1. Raise collaborators’ awareness on scams that aim to steal confidential information

An organisation’s collaborators are its first line of defence. Everyone needs to be made aware on how to identify scams and fake message in order to adopt the right reflexes. There are several ways cybercriminals try to steal collaborators’ credentials in order to get access to an organisation’s resources. A very common way is to use a phishing email, through which cybercriminals try to convince their victim to share passwords or confidential information. It is thus important to have regular informative sessions to train the collaborators about not sharing too much on social media and not clicking on a link or opening a file without analysing where it comes from first.

2. Establish and share clear procedures on the authentication of people requesting a transfer and on the approval to execute a transfer

No matter who is requesting information, collaborators should be aware of the policies in place regarding data classification, information transfer and sharing and acceptable use of information. In addition, having an official approval process for wire transfers lowers the chances of falling for this type of scam as someone along the process will always realise that the request is illegitimate and that nothing should be transferred. Finally, a process to verify the identity of the sender should also be in place by, for example, checking their name or bank account against an existing internal inventory or trying to contact them through another mean. Any changes requested to this existing inventory should be approved hierarchically, this means following the security and payment rules to the letter (e.g., having payments above a certain amount signed by several employees). Lastly, never describe the payment procedures in your company to strangers, i.e., keep all these procedures for internal use.

3. Pay attention to what you post online

Social media and an organisation’s website offer a wide customer reach. However, it is not possible to always fully control the audience that has access to the information and posts shared. Personal or confidential information shouldn’t be shared on those platforms, as they could be used for malicious purposes, such as identifying which collaborators work in the finance department and would be more likely to be able to make a transfer.

4. Secure the access to your accounts

Accounts are an entrance door to an organisation’s whole environment. They thus need to be protected by using strong passwords that are different for each account. A strong password is

one of at least 12 characters and has a combination of upper and lower cases, numbers and symbols. In combination with a strong password, Multi-Factor Authentication should also be enabled wherever possible. Multi Factor Authentication requires a user to provide at least two different methods (e.g., passwords and PIN code, PIN code and a code received via text) to verify their identity and grant them access to the resource they are trying to reach.

1. Report the incident immediately to your IT responsible

2. Warn your colleagues that they might be getting a message from someone impersonating a specific client or provider but that they should not trust it.

3. Change all the passwords that were given (if any) on all the accounts they are being used.

4. If the scam was about bank details, immediately contact the finance responsible to inform them of the incident. If you notice that money has been stolen from your bank account, be sure to file a complaint with the police.

5. If you are the responsible of that bank account, call Card Stop on +32 78 170 170 and make sure to check your account statements. If you identify any suspicious activity, immediately call your bank so they can help you out.