Most businesses use wire transfers to move funds electronically between different accounts. They are used to pay bills, fund contracts, purchase inventory, buy equipment, and pay employees, using a bank account number, the bank’s routing number, and an authorization. If a scammer is able to obtain that information, he can attempt a fraudulent wire transfer to move the victim’s funds into his own account. Once the money is transferred, it cannot be reversed.

How Wire Transfer Fraud Happens

Relentless in their pursuit of other people’s money, cyberthieves constantly work on improving their tools and methods for stealing bank and other account login information. Their most common method for stealing from businesses is business email compromise (BEC), also known as email phishing. They send emails made to look authentic coming from a legitimate source, such as a financial institution, supplier, or colleague. The emails typically include urgent requests for funds or information directing the recipient to click on a link.

Once you click on the link, you are sent to fake website masking as the real thing for an account you may have. As you log on, the phisher tracks the keys you type to steal your log-on information. Any information you enter is also captured. With that, the phisher can access your account to steal your money or run up purchases on your dime.

Phishers are getting very good at masking their emails to make them look more authentic. They can even personalize them with information about you or your firm they gather online. Because they can send thousands of phishing emails daily, they know someone will eventually bite.

You are the First Line of Defense

Businesses can mitigate the threat of wire transfer fraud by recognizing a phishing attack when it occurs and taking the proper action. Your first line of defense is your employees, who have been educated to understand the risks and vulnerabilities and how to respond to any wire transfer request.

Be vigilant for phishers: It’s sometimes difficult to tell a phony email from the real thing. Each email should be thoroughly scrutinized for irregularities such as misspelled names, email addresses and domain names with numbers or letters out of place, and salutations that include the recipient’s first and last name or email address. Anything that appears questionable should be flagged for review by a supervisor.

Be wary of urgent requests: Phishers always inject a sense of urgency in their emails to spur their victims to action. Always be suspicious if you are asked to make a quick decision.

Verify the authenticity of any funding requests: It’s possible that a supplier’s or colleague’s email account has been compromised. Every funding request should be verified by personal contact with the sender, utilizing known phone numbers from your contact list.

Take prompt action: If you think you have encountered a phishing attack, contact your supervisor immediately. You should also contact your financial institution to warn them of the attack. You should also report it to the FBI Internet Complaint Center, the Federal Trade Commission spam unit, and the Cybersecurity and Infrastructure Security Agency.

Although banks are also becoming more sophisticated in detecting and preventing wire transfer fraud, each business must be its own first line of defense in stopping it at the source. Make it a priority to educate all employees on how to prevent wire transfer fraud.