Gone in 20 Hours! – How this business lost 223 thousand dollars from a wire fraud scam.
Wire Fraud and Business Email Compromises (BEC) are becoming widespread and are the biggest business threats. Learn from John as I tell his story.
John works in an accounting firm of a small business. As part of his duties, he has access to sensitive banking and financial information for his company. I would describe John as careful, diligent, and intelligent. He is the type of person who measures twice and cuts once. Two hundred and twenty-three dollars is not a normal amount that John’s company would wire.
So how did John send a series of wires that totaled Two hundred and twenty-three dollars to the wrong company?
John’s Story
John is an average person; he goes to work every day and lives a modest life. John cares about the company he works for, and he loves what he does. His day is somewhat the same every day.
It was a Tuesday at 10:30 A.M. when an email came in from the controller about a wire change with a link to a document. Nothing was different about the request; these things often happened. Knowing the request came from the controller, he opened the document attached to the email. Then, following the instructions, he went to the bank website. He entered his credentials and logged in.
Unknown to him then, the sender was not his boss and the document contained a key logger that recorded all his keystrokes and a piece of remote software that allowed them access to his computer. A wire fraud happens that quickly.
Wire Fraud/Business Email Compromise
Are you asking, “How did the hackers trick John?” It’s a great question. Business Email Compromise (BEC) is a sophisticated form of fraud. Criminals compromise legitimate business email accounts through various hacking schemes, including social engineering and malware. Once an account is compromised, the hacker inserts themselves into the email chain to learn “normal activities” and who to contact. They also observe to see if they are detected before they perform any activity. Once they have enough information, the scammers use privileged information to convince business email compromise (BEC) email recipients that the transfer instructions are legitimate.
Are you asking, “If they have compromised an email account, wouldn’t the sender notice email communications showing up?” That is also an excellent question. You are really on the ball.
The hackers are clever; they hide their tracks very well. They can create rules that move these conversations to a folder the compromised sender may not visit often, such as an archive. They will also delete their emails from the sent folder.
Imagine a hacker sending dozens of emails to employees, clients, or vendors on your behalf and having conversations all without you knowing. Scary right?
Wire Transfers Initiated:
That was it; John gave them everything they needed. The hackers got into the bank’s website and began sending a series of wire transfers. By the end, $223,000 had been sent to an offshore bank.
Wire fraud-related Business Email compromise (BEC) affects all sizes of businesses and government agencies. The current global daily losses due to BEC are estimated at approximately eight million dollars.
What would you do if your business lost 10,15,50, or 100 thousand dollars?
The Next Day…
John’s boss(Frank – The controller) enters his office with the FBI. John looks confused but also a bit nervous. The controller begins, “John, we have logs from the bank that you made a series of wire transfers to an offshore bank account.” John’s face went pale, and he fell back into his seat. John responded with a little shudder, “Frank, you asked me to change some wire information yesterday for one of our vendors, but that was all I did, I swear.”
A bit bewildered, Frank responded, “I have no idea what you are talking about.” as the rest of the conversation unfolded, John, Frank, the FBI, and the rest of the business found out their email system was compromised, and they fell victim to wire fraud.
It’s been 6 Months!
The company learns that the hackers have been in their email system for 6 months. The hackers watched, discovered, and collected information. Not only did they target John, but several vendors and clients that utilize wire transfers were contacted, and all were asked to transfer payments to an offshore bank. All became victims of wire fraud.
Morale of the Story
The story is sad but, unfortunately, becoming more common. So, what can you do to protect your business better?
- Better Email Protection: You need an email filtering system with AI and machine learning. That can “think on its feet.”
- One that can detect compromised and impersonated accounts.
- It can also analyze the links for malware.
- Quarantine Risky emails for review.
- Security Awareness Training: Helps you and your employees identify fraudulent emails and best practices.
- Policies: Have better policies in place on how to handle requests and changes.
- MFA and Better Passwords: Implementing MFA impedes hackers from compromising an email account. They can’t get past the MFA code even if they know the username and password.
- Team to Monitor: You need a dedicated team like Underdog Cyber Defense to watch over your systems. You need a team dedicated to monitoring the tools, reviewing logs, and auditing policies.
Next Steps:
If you don’t want your business to fall victim to wire fraud or business email compromises, call us today or book a meeting for a no-obligation consultation. Let us help you make the right decisions.