The Division of Consumer Services is concerned with the significant increase in wire transfer fraud cases. According to the FTC, consumers lost over $10 billion to fraud in 2023.1 Bank transfers and payments accounted for the highest aggregate losses reported in 2023 ($1.86 billion).2
What Is A Wire Transfer?
A wire transfer is an electronic method to send money from one bank account to another. They can be domestic (between two U.S. accounts) or between a U.S. and an international account.3 It is a convenient and relatively quick way to transfer funds. Unfortunately, these same factors make wire transfers a preferred method of criminals.
Business Email Compromise
One scam that often makes use of fraudulent wire transfers is Business Email Compromise (BEC). In a BEC scam, the criminal sends his target an email that appears to be from someone the target knows, making a seemingly legitimate request.4
BEC scams can be extremely sophisticated, making it difficult for potential victims to recognize that they are being targeted. A BEC scam targeting a company may look like this:
- The criminal researches the company’s publicly available information to gain useful intelligence, such as the names, email addresses, and other personal information of high-ranking employees and executives.
- The criminal, pretending to be one of the high-ranking employees or executives, emails the target, requesting an urgent wire transfer to a bank account controlled by the criminal.
- The target, believing the email to be a legitimate request, initiates the wire transfer.
Criminals have various means to achieve their goals in a BEC scam. Spoofing is a common way criminals trick victims into believing their emails are coming from a known source. Often, the criminal will change just one character in a legitimate email address. For example, sally.smith@acmecompany.com versus sally.smith@acmecompany.co.
Also, malware can be used by criminals to infiltrate the company’s network and gain access to emails and other information. The criminal can then use that information to learn how and when to send payment requests, use an approved template for payment requests, and even mimic an executive’s communication style. It is even possible for the criminal to send email from an employee’s email account, so that they no longer need to spoof the email address.
How To Avoid Becoming A Victim of Wire Transfer Fraud
There are several non-inclusive steps you can take to prevent becoming a victim of wire transfer fraud:
- Look for red flags, such as unexpected changes in payment instructions, urgent or last-minute requests, unknown email address, URL, spelling used in any correspondence.
- Always verify payment or purchase instructions with the person making the request using a trusted, known phone number or in person if possible (extremely important!).
- Use multi-factor authentication (MFA). CISA advises to implement strong phishing-resistant MFA, such as FIDO/WebAuthn authentication. If implementation of phishing-resistant MFA is not feasible, consider using number matching MFA to block mobile push bombardment and SMS-based attacks.5
- Use secure communication channels; encrypt your email.
- Educate and train employees.
- Implement cybersecurity best practices.
Updated Information Security Resources Webpage from DFI
The Division recently updated information security resources on the Department’s website. Licensees are encouraged to review the best practices and additional resources. These materials can provide valuable guidance on maintaining and enhancing your information technology and security posture in accordance with industry standards and regulatory expectations.
3 What is a wire transfer? | Consumer Financial Protection Bureau