For many Winston-Salem businesses, sending or receiving money via wire transfer is a common occurrence. Wire transfer is a method of moving money electronically that is fast, relatively inexpensive, unrestrained by geography, and results in the availability of funds within hours after confirmation of the transaction. Use of wire transfers in business is routine worldwide; in 2016, the Fedwire Funds Service – a wire transfer system operated by the United States Federal Reserve Banks – reported approximately 148 million wire transfers valued at over 766 trillion dollars system-wide.
Traditionally, wire transfers were considered secure as well. However, in recent years, the proliferation of wire fraud has cast some doubt on this assumption. Wire transfer fraud schemes typically involve a criminal hacking into and monitoring a business’s electronic information (i.e., email, terms regarding purpose of wire, wire transfer instructions, etc.). The criminal then uses this information to divert the wire transfer to a separate bank account. By the time the intended parties to the wire transfer transaction learn of the fraud, it is often too late to recover the lost funds.
Victims of wire transfer fraud range from small businesses to large corporations, and according to the Federal Bureau of Investigation (FBI), wire transfer fraud is on the rise. In its Public Service Announcement Alert Number I-050417-PSA, the FBI reported a 2,370% increase in actual and attempted wire transfer fraud schemes from January 2015 to December 2016. In the second half of 2016 alone, more than 3,000 businesses and individuals were the targets of wire transfer fraud in the United States, with potential losses in excess of $346 million dollars. Fortunately, the threat of wire transfer fraud can be significantly reduced if a business knows what to look for, and if it implements sound policies with regard to how wire transfers are approved.
How Criminals Obtain Sensitive Information
Criminals may seek electronic information to aid in wire transfer fraud in a number of ways.
* Email Compromise. This usually involves the hacking of public domain email accounts (i.e., Gmail, Hotmail, Yahoo, etc.) or the creation of a similarly named account through which the criminal may communicate (i.e., aduke@xyzcorp.com versus aduke@xywcorp.com).
* Malware. The term is short for malicious software, and includes computer viruses, ramsomware, spyware and adware placed on a computer without the user’s consent. One purpose of malware is to steal a computer user’s personal or business information, such as passwords and financial information.
* Phishing. Begins with a seemingly authentic email from a financial institution, credit card company, government office or other legit business. The email requests that the recipient respond to the phisher by providing personal or financial information, and provides a link to a fake web site to collect such information. The link may also install malware on the recipient’s computer.
Watch Out for these Wire Transfer Red Flags
One classic case of wire transfer fraud occurs prior to closing a buy/sell transaction. Through email compromise or otherwise, a criminal has obtained information regarding the parties to the transaction, the parties’ contact information and wire transfer instructions. At the eleventh hour (when everyone just wants the deal to close), the criminal may email the person responsible for sending the wire and request a last-minute change to a different bank account. Weary from overwork, or perhaps just not paying attention, the person responsible for sending the wire follows the new instructions and wires funds to the different bank account. At this point, the wire transfer fraud is complete, and the funds are gone, likely forever.
In addition to last-minute changes, pay special attention to these other red flags, which should raise suspicion in a wire transfer situation:
* A rush request due to an emergency, or other demand that the transfer take place immediately.
* An inability to reach the person requesting funds by phone.
* Awkward phrasing, poor grammar, incorrect punctuation or odd capitalization in written communication.
* A request that is out of the ordinary or not in keeping with established practice for the person or business requesting funds.
* An incorrect email address.
Best Practices to Prevent Wire Transfer Fraud
Develop and adhere to company-wide policies designed to increase employee awareness and to the prevention of wire transfer fraud that incorporate some or all of the following best practices:
* Requests for changes, immediate action, or lack of availability by phone should be met with intense scrutiny.
* Implement a two-step verification process for all wire transfer communications. Require that employees verify wiring instructions by phone with an identified person on the other side of the wire transfer prior to initiating the wire.
* Do not email wiring instructions. Use regular mail, phone or fax instead.
* Scrutinize all email correspondence regarding wiring funds.
* Do not use public domain email accounts for business purposes. Establish company domain email accounts instead.
* Use encrypted email for correspondence of sensitive information.
* Be careful of what is posted to social media, both on behalf of the business, and the individual employees of a company. Think twice before providing details on out-of-office replies, job descriptions and organizational chart information.
* Delete unsolicited spam email. Do not open spam email or click on links provided in suspicious emails.
* Implement two-factor authentication for employee email.
* Know your customers, their reasons for initiating or requesting wire transfers, and their habits regarding such wire transfers
If you suspect your business is the victim of wire transfer fraud, contact your financial institution immediately, and request that it contact the financial institution to which the subject wire transfer was sent. If your financial institution declines to contact the recipient, you should contact the recipient institution, notify it of the suspected fraud, and request that it not further transfer the funds. In some cases, funds wired fraudulently can be returned. However, an ounce of prevention is worth more than a pound of cure when it comes to wire transfer fraud. Pay attention to red flags and implement policies designed to prevent wire fraud. Most importantly, before any wire transfer is initiated, stop, review and confirm that the information and the situation is consistent with your policies, and only then release funds.
About the Author – Adam Duke
Adam Duke is a practicing attorney at Bell, Davis, & Pitt, a law firm in Winston-Salem. His practice concentrates on banking and financial services, commercial real estate, and construction law. Adam earned his law degree from the University of North Carolina School of Law, and he gives back to the community by serving on the Winston-Salem Leadership Council of the Children’s Home Society of North Carolina.