Over the past couple of months, while many of us were getting used to remote working and video conferences in a transition to the new normal, a particular group of criminals have also been adjusting their strategies. Threat actors have always kept a keen eye on popular headlines to craft their persuasive messages, and COVID-19 has provided a tempting topic to kick off their campaigns.
In addition to the ample fodder for malicious messaging, the shelter-in-place orders in response to the COVID-19 pandemic have provided increased opportunities for online crime. This is due in part to the increased exposure that many people have when working from home, where their data can no longer be protected by corporate cybersecurity systems.
And finally, to set the stage, this pandemic may have also come at an extremely bad time for some. For those in the process of moving, buying a home, or making any other emergency purchases, many have now decided to wire the money virtually. These factors and others have created an increased risk of falling victim to wire transfer fraud. While wire transfer fraud is not a new phenomenon, it has unfortunately become more frequent. In 2017 alone, victims of Internet fraud reported more than $1.4 billion in losses. This type of fraud has been on the rise since at least 2017 and is quickly becoming one of the most common forms of cyberattack.
How Wire Transfer Fraud Works
What we’ve seen since the pandemic took hold in the United States is an increase in attempts to commit this fraud, perfectly in alignment with the shift in business and finance communications in the “work-from-home” era. In order to protect yourself against wire transfer fraud, it helps to understand how this type of fraud generally occurs.
When buyers make a large purchase via wire transfer, this is often accompanied by a flurry of activity. If you are buying a house, for instance, the weeks before the actual money transfer will be extremely busy, with emails flying back and forth between realtors, lenders, escrow officers, lawyers, and possibly others. Threat actors will typically start their criminal activities by accessing these email exchanges and monitoring them closely.
They then wait for the best time to attack. In the days before the sale, they may email the buyer, having carefully disguised themselves as the escrow officer, and request the down payment be sent to a different account. The threat actor may try to explain why wire transfer account information has changed by fraudulently saying the company has changed banks or a similar reason. With a convincing, urgent message, the buyer may comply, and their money may be willfully given under false pretenses.
Wire Transfer Fraud in COVID-19
Falling victim to this type of fraud usually requires making a large purchase or dealing with investments, but this is not a hard limit. In most attacks, a threat actor will need to gain access to private information, and then will have to make their request for money sound legitimate. There are ways of limiting their ability to do both — requiring only a healthy dose of skepticism with every message and awareness of potential risks.
The landscape as it stands now is in a threat actor’s favor — financial decisions are being made from the comfort of personal home internet connections and security is far more lax that it normally would be within an office environment. Threat actors still have access to their robust, and often automated tools, so their arsenal hasn’t necessarily changed at all during the pandemic. This offers them leverage when crafting persuasive messaging or even gaining direct access to bank account information through technical means.
Watch Out for Phishing Attacks
Despite headlines about increasingly sophisticated forms of cyberattacks, the truth is that many successful attacks are still instigated in exactly the same way they have been for decades: via a phishing email.
It’s crucial that phishing emails are identified as soon as possible. If there is a sudden change in the email address of someone you are communicating with, call them before you transfer any money. If someone is pushing you to make a payment quickly, this should also raise a red flag. And if there is a strange file attached to an email that the sender is urging you to open, don’t: many phishing emails are designed to infect your computer with malware that can then monitor your personal correspondence.
Monitor Your Transactions
Ensure that you have as much oversight on your accounts as is practical, especially in the run-up to a large purchase. Many banks now offer programs in which you can inform them that you are about to make a large wire transfer, and ask them to monitor your accounts for any suspicious activity that could herald an imminent attack.
If you run an online business, it’s even more critical that you are able to monitor your accounts for any suspicious activity: fraudulent payments can often get lost in the flood of small, everyday transactions that you are making. Using receipt-tracking software is a good idea, as is using an eCommerce platform that allows you to verify the identity of your business partners and customers.
Practice Cyber Hygiene
All types of wire transfer fraud, from the most basic to the most complex, rely on collecting personal and sensitive information. This fraud can fundamentally stop at an early stage by denying criminals the ability to collect information.
There are several ways to do this. Secure messaging apps are becoming a popular way to protect sensitive information, and secure email is also growing in popularity. Tetra recommends using a Virtual Private Network (VPN). A quick look at the foremost VPN providers in use today sheds light on how they work: they essentially provide a private network within a public internet, guarded by usual credentials of a username and password most commonly, thereby giving you an extra layer of protection against threat actors and wire fraud.
In addition, you should also recognize that the social networks you use can be a source of information about you. If you are bragging about your upcoming house purchase on Facebook, for instance, you are far more likely to attract the attention of fraudsters.
Take Action Immediately
Luckily, most large financial organizations are well versed in how to deal with the consequences of a successful fraud attempt. The best response to a fraud attempt is something that should be considered long before a transfer begins. The current advice is to contact your local FBI office. The FBI might be able to help return or freeze the funds. It’s also crucial that you tell your bank if you think you have been the victim of an attack, even if this was not successful. Large banks now have investigative teams that will seek to find the threat actors and protect others against them.
The risk of wire transfer fraud has increased over the past few months, but this is in alignment with the other notable changes in the way we handle business and finances as a whole. It is fair to say that the COVID-19 pandemic may lead to lasting changes in this regard, making wire transfers all the more common, and all the more targeted by threat actors in the future.
If you regularly use wire transfers, either as part of your business or not, it’s crucial that you know how to spot the signs of a wire transfer fraud attempt in progress, and how to protect yourself against this dangerous form of fraud. Learning how to stay safe while working from home is a good first step in scaffolding home security, but our best advice stays true — maintain a healthy level of skepticism when handling funds online, and stay aware of the tactics that have carried out this crime since long before COVID-19.