John Lost 223K from a Wire Fraud Scam: Learn how to Protect Your Business

Carmine J. Corridore

Carmine J. Corridore

Carmine Corridore is a seasoned professional in the I.T. industry with over 30 years of experience. He has held various positions from field tech, team lead, service manager, project manager, and Director of I.T. Currently, he serves as the Client Facing Chief Strategy Officer and President of Underdog Cyber Defense. Carmine is a Rotarian and serves on the local chamber board and several committees. Carmine believes in giving back to the community, and he accomplishes that through donations and sourcing local talent and goods. Carmine is Credentialed and Certified in Cybersecurity.

Book a 15 Minute Strategy Session

Gone in 20 Hours! – How this business lost 223 thousand dollars from a wire fraud scam.

Wire Fraud and Business Email Compromises (BEC) are becoming widespread and are the biggest business threats. Learn from John as I tell his story.

John works in an accounting firm of a small business. As part of his duties, he has access to sensitive banking and financial information for his company. I would describe John as careful, diligent, and intelligent. He is the type of person who measures twice and cuts once. Two hundred and twenty-three dollars is not a normal amount that John’s company would wire. 

So how did John send a series of wires that totaled Two hundred and twenty-three dollars to the wrong company?  

John’s Story

John is an average person; he goes to work every day and lives a modest life. John cares about the company he works for, and he loves what he does. His day is somewhat the same every day. 

It was a Tuesday at 10:30 A.M. when an email came in from the controller about a wire change with a link to a document. Nothing was different about the request; these things often happened. Knowing the request came from the controller, he opened the document attached to the email. Then, following the instructions, he went to the bank website. He entered his credentials and logged in. 

Unknown to him then, the sender was not his boss and the document contained a key logger that recorded all his keystrokes and a piece of remote software that allowed them access to his computer. A wire fraud happens that quickly. 

Wire Fraud/Business Email Compromise

Are you asking, “How did the hackers trick John?” It’s a great question. Business Email Compromise (BEC) is a sophisticated form of fraud. Criminals compromise legitimate business email accounts through various hacking schemes, including social engineering and malware. Once an account is compromised, the hacker inserts themselves into the email chain to learn “normal activities” and who to contact. They also observe to see if they are detected before they perform any activity. Once they have enough information, the scammers use privileged information to convince business email compromise (BEC) email recipients that the transfer instructions are legitimate. 

Are you asking, “If they have compromised an email account, wouldn’t the sender notice email communications showing up?” That is also an excellent question. You are really on the ball. 

The hackers are clever; they hide their tracks very well. They can create rules that move these conversations to a folder the compromised sender may not visit often, such as an archive. They will also delete their emails from the sent folder. 

Imagine a hacker sending dozens of emails to employees, clients, or vendors on your behalf and having conversations all without you knowing. Scary right?

Wire Transfers Initiated:

That was it; John gave them everything they needed. The hackers got into the bank’s website and began sending a series of wire transfers. By the end, $223,000 had been sent to an offshore bank.

Wire fraud-related Business Email compromise (BEC) affects all sizes of businesses and government agencies. The current global daily losses due to BEC are estimated at approximately eight million dollars. 

What would you do if your business lost 10,15,50, or 100 thousand dollars? 

The Next Day…

John’s boss(Frank – The controller) enters his office with the FBI. John looks confused but also a bit nervous. The controller begins, “John, we have logs from the bank that you made a series of wire transfers to an offshore bank account.” John’s face went pale, and he fell back into his seat. John responded with a little shudder, “Frank, you asked me to change some wire information yesterday for one of our vendors, but that was all I did, I swear.”

A bit bewildered, Frank responded, “I have no idea what you are talking about.” as the rest of the conversation unfolded, John, Frank, the FBI, and the rest of the business found out their email system was compromised, and they fell victim to wire fraud.

It’s been 6 Months!

The company learns that the hackers have been in their email system for 6 months. The hackers watched, discovered, and collected information. Not only did they target John, but several vendors and clients that utilize wire transfers were contacted, and all were asked to transfer payments to an offshore bank. All became victims of wire fraud.

Morale of the Story

The story is sad but, unfortunately, becoming more common. So, what can you do to protect your business better?

  • Better Email Protection: You need an email filtering system with AI and machine learning. That can “think on its feet.” 
    • One that can detect compromised and impersonated accounts.
    • It can also analyze the links for malware.
    • Quarantine Risky emails for review.
  • Security Awareness Training: Helps you and your employees identify fraudulent emails and best practices.
  • Policies: Have better policies in place on how to handle requests and changes. 
  • MFA and Better Passwords: Implementing MFA impedes hackers from compromising an email account. They can’t get past the MFA code even if they know the username and password.
  • Team to Monitor: You need a dedicated team like Underdog Cyber Defense to watch over your systems. You need a team dedicated to monitoring the tools, reviewing logs, and auditing policies. 

Next Steps: 

 If you don’t want your business to fall victim to wire fraud or business email compromises, call us today or book a meeting for a no-obligation consultation. Let us help you make the right decisions. 

author avatar
Carmine Corridore

Monroe County, Pennsylvania (PA)

Analomink – Appenzell – Arlington Heights – Arrowhead Lake – Barton Glen – Bartonsville – Blakeslee – Blakeslee Estates – Blue Mountain Pines – Bossardsville – Brainerd Center – Briar Crest Woods – Brodheadsville – Buck Hill Falls – Camelot Forest – Canadensis – Castle Garden – Castle Rock Acres – Chestnuthill Township – Coolbaugh – Coolbaugh Township – Coveville – Craigs Meadow – Crescent Lake – Cresco – Delaware Water Gap – Dotters Corners – East Stroudsburg – East Swiftwater – Easton Anglers – Echo Lake – Effort – El-Do Lake – Eldred Township – Emerald Lakes – Fernridge – Fiddletown – Forest Glen – Foxtown Hill – Frutchey – Gilbert – Gravel Place – Hamilton Square – Hamilton Township – Henryville – Indian Mountain Lake – Jackson – Jackson Township – Jonas – Kahkhout Mountain – Kellersville – Kemmererville – Kingswood Estates – Kresgeville – Kunkletown – Lake Naomi Estates – Little Summit – Locust Lakes Village – Long Pond – Lower Tannersville – Marshalls Creek – McIlhaney – McMichael – Mechanicsville – Meisertown – Merwinsburg – Middle Smithfield Township – Minisink Hills – Monroe Lake – Monroe Township – Mount Pocono – Mount Zion – Mountain Top Estates – Mountainhome – Mushroom Farms – Neola – North Water Gap – Oak Grove – Paradise Crossing – Paradise Township – Paradise Valley – Parkside – Penn Estates – Pleasant Valley Estates – Pleasant View Lake – Pocono Country Place – Pocono Farms East – Pocono Heights – Pocono Lake – Pocono Laurel Lake – Pocono Manor – Pocono Pines – Pocono Playhouse – Pocono Summit – Pocono Summit Estates – Pocono Township – Polk Township – Poplar Bridge – Pocono Township – Price Township – Preserve – Red Ledge Manor Estates – Reeders – Resica Falls – Robin Hood Lakes – Ross Common – Ross Township – Rossland – Sandhill – Saylorsburg – Sciota – Scotrun – Shawnee on Delaware – Shoemakers – Sierra View – Ski Haven Lake Estates – Skytop – Smith Gap – Smithfield Township – Snow Hill Falls – Snydersville – Spruce Hill – Stillwater Lake Estates – Stillwater Lakes – Stormville – Stroud Township – Stroudsburg – Sun Valley – Swiftwater – Tannersville – Tobyhanna – Tobyhanna Township – Tunkhannock Township – Turn Villa – Wagners – Wagners Forest Park – Warnertown – Weir Lake – Wigwam Lake Estates – Wilderness Acres – Winona Lakes – Wiscasset – Wooddale.

Alburtis – Allen Junction – Alton Park – Allentown – Ancient Oaks – Arlington Knolls – Balliettsville – Best Station – Bethlehem – Bittners Corner – Breinigsville – Bungalow Park – Catasauqua – Cedarbrook County Home – Cementon – Center Valley – Centreville – Chapman – Chestnut Hill – Claussville – Coffeetown – Colesville – Coplay – Corning – Crackersport – Custer – DeSales University – Dewey Heights – Diebertsville – Dillingerville – Dorneyville – East Allentown – East Fogelsville – East Texas – Egypt – Emerald – Emmaus – Emmaus Junction – Evergreen Park – Farmington – Fogelsville – Fountain Hill – Friedens – Friedensville – Fullerton – Gauff Hill – Germansville – Greenawalds – Griesemersville – Guth – Guthsville – Haafsville – Haines – Hanover Acres – Hawktown – Helfrichsville – Hensingersville – Hillside – Hilltown – Hokendauqua – Home Park – Hosensack – Hynemansville – Ironton – Jacksonville – Jordan Valley – Juniper Circle – Kaywin – Kernsville – Krassdale – Krocksville – Kuhnsville – Lanark – Laurys Station – Leather Corner Post – Lehigh Furnace – Lehigh Gap – Limeport – Litzenberg – Lochland – Lockridge – Locust Valley – Lynnport – Lynnville – Lyon Valley – Macungie – Mechanicsville – Metamora Station – Meyersville – Mickleys – Mickleys Gardens – Midway Manor – Milford Park – Minesite – Mosserville – Mountainville – Neffs – New Smithville – New Tripoli – Newhard – Newside – Newtown – North Coplay – North Fogelsville – Notre Dame Hills – Old Zionsville – Orefield – Ormrod – Overlook Springs – Park Way Manor – Parkside Courts – Peters Store – Pleasant Corners – Powder Valley – Raberts Corner – Raubs Mills – Rextown – Rising Sun – Ritterville – River View – Rockdale – Rosemont Terrace – Ruchsville – Ruppsville – Saegersville – Saucon Valley – Saucon Valley Terrace – Scheidy – Scherersville – Schnecksville – Schneidersville – Seiberlingville – Seiple – Seipstown – Shankweilers – Shimerville – Sigmund – Slateville – Slatedale – Slatington – Spring Creek – Steinsville – Sterlingworth – Stetlersville – Stiles – Stines Corner – Summit Lawn – Switzer – Trexlertown – Trout Creek – Unionville – Vera Cruz – Vera Cruz Station – Walbert – Waldheim Park – Wanamakers – Weidasville – Weilersville – Weisenberg – Wellington – Welshtown – Wennersville – Werleys Corner – Wescosville – West Catasauqua – Westwood Heights – Wilbur – Williamstown – Woodlawn – Zionsville

more insights

Book a 15-Minute Strategy Session!

Are you ready to take the next step toward your business’s cyber security? Contact us today with any questions you might have or to request a no-hassle strategy session — we’re ready to fight for you!

New Look. New Name. New Focus.

Underdog Cyber Defense, formerly know as Underdog Computer and Network Solutions LLC., has rebranded to communicate that we are now focusing our exceptional IT and network capabilities on the vast challenges associated with Cyber Security.