written by Kami Bailey
Banks and their customers are increasingly being victimized by e-mail compromise fraud schemes involving wire transfers. According to the Financial Crimes Enforcement Network (FinCEN), there have been approximately 22,000 reported cases of e-mail compromise fraud schemes since 2013 involving $3.1 billion.
In a special Advisory to Financial Institutions, FinCEN detailed how these schemes work. Cybercriminals use social engineering or computer intrusion techniques to compromise victims’ commercial and personal e-mail accounts to obtain sensitive bank account information.
Once they have this information, criminals send fraudulent wire transfer instructions to the bank that look like they came from the victim. The instructions direct the bank to wire money to the criminal’s account, commonly located in foreign countries.
The best way for banks to detect and prevent these fraud schemes is to initiate strong callback procedures, pay careful attention to e-mail addresses and grammatical writing errors, and to carefully review and verify all wire transfer instructions. Bank’s should pay special attention to international wires requested via e-mail.
The Advisory also listed a number of red flags that could indicate this type of fraud, such as the following:
- Transaction instructions include a different language, timing and amount than previously verified instructions.
- The beneficiary’s account information is slightly different from the information contained in previously verified instructions.
- Transaction instructions contain trigger language like “Urgent,” “Secret” or “Confidential.”
- The e-mail account from which transaction instructions originate is slightly different from a known customer’s e-mail account — for example, Johnfirstname.lastname@example.org instead of John_doe@abc.com.
- Transaction instructions direct that payment be made to a beneficiary the customer has no payment history or documented business relationship with.
If your bank has been victimized by an e-mail compromise fraud scheme, you can file a complaint with the FBI’s IC3 by visiting http://www.ic3.gov. Keep in mind that you may also have Suspicious Activity Report (SAR) filing obligations.
Please contact us if you have more questions about these fraud schemes and controls to have in place to detect and prevent them 417-881-0145.