Pondurance CEO Doug Howard recently had the opportunity to talk with friend and Pondurance business partner, Rick Borden, on the topic of fraudulent wire transfers. Rick is a Partner at the law firm Frankfurt Kurnit Klein + Selz, specializing in cybersecurity and privacy and the Pondurance and Frankfurt Kurnit teams collaborate when one of Frankfurt’s clients suffers a cybersecurity breach and requires the help of a seasoned incident response (IR) team to help them navigate their way through the breach with minimal damage. Frankfurt Kurnit provides legal counsel and guidance throughout the process; Pondurance IR experts provide response expertise and work to get the affected organization back to normal operations.
Doug and Rick got together to talk about fraudulent wire transfer—what it is, how it can happen and what organizations can do about it—because it’s a topic that often flies under the radar but is imminently preventable. Fraudulent wire transfers accounted for losses of almost $2.4 billion in 2021 and both businesses and individuals are targets, so this is not a trivial scam. Doug and Rick focused their discussion on businesses, but the recommendations for actions that can be taken to try to stop or minimize the damage from such an attack can be applied to anyone or any organization that falls victim.
What is wire transfer fraud?
Wire transfer fraud is especially frustrating when it happens because it means that someone in an organization has been manipulated into triggering a false wire transfer, thinking it’s a legitimate request. It’s usually the result of a social engineering hack that has involved the use of business email compromise, phishing or some other cyberattack tactic. Lurking in an organization’s IT environment and monitoring email communications, for instance, a bad actor can learn about the person or people they want to compromise and the business they want to steal from and then opportunistically trick their victim into initiating a wire transfer.
Appropriate financial controls + a strong cybersecurity infrastructure are critical
This particular type of scam is really a financial control issue because it’s the finance team that’s targeted in such an attack—they’re typically the only department with individuals who can initiate funds transfers. But bad actors are only able to orchestrate a fraudulent wire transfer because they’ve gotten into the organization’s IT systems and have been able to watch, study and learn what they needed to learn to trigger the desired actions.
Like having an incident response plan to address cyberthreats, finance teams within organizations must have well documented plans in place for what to do if they fall victim of wire transfer fraud. Understanding the steps to take and who to call if a fraudulent wire transfer has been initiated can literally be the difference between keeping or losing all of the funds in question and suffering the ripple effects of such a loss.
The most important phone calls you can make
The most important tool if you think your organization has been tricked into initiating a fraudulent wire transfer? The telephone. Picking up the phone and calling the bank processing the wire transfer should be call number one; if you’re lucky and your timing is good, the bank may be able to put a hold on the transfer until you validate whether it’s legit or not.
Call number two? Law enforcement. The FBI can be tremendously helpful if you’ve fallen victim to this scam. Besides getting their help potentially stopping the fraud in its tracks, the fact that you’ve engaged with law enforcement immediately demonstrates that you’ve been proactive in dealing with the situation, and this can only provide assurances to your executive team and board that you’ve done everything possible to mitigate impacts.
We encourage you to watch the video of this discussion between Doug and Rick to dive deeper into this important topic. You’ll learn more about:
- The tactics bad actors use to infiltrate an organization and to get someone on the finance team to initiate a fraudulent wire transfer.
- What you can do if you realize—too late—that the wire transfer you just initiated is a fraudulent request.
- Prevention measures: How to prevent your organization from falling prey to this type of attack.
- The resources you should immediately call upon if you’ve experienced wire transfer fraud.
Read Doug’s article in Forbes on this topic, titled Wire Fraud Is An Epidemic: Take These Three Steps To Protect Your Company From Cybercriminals. It also provides a good overview of fraudulent wire transfers and actions organizations can take if they’ve been scammed.
The resources Doug and Rick discuss in the video include:
- The 2021 FBI Internet Crime Report
- The FBI Internet Crime Complaint Center IC3 for filing a complaint
- The Directory of FBI field offices nationwide
If you ever do fall prey to wire transfer fraud, and after you’ve called the bank and law enforcement agencies, call in the experts at Pondurance and Frankfurt Kurnit Klein + Selz for the incident response and legal guidance that you’ll need to get through the situation.