Cybercriminals are getting more aggressive in targeting your money through wire transfer requests. The number of attempts is on the rise, and scammers are getting bolder and more sophisticated in their efforts to trick you into wiring funds.
Increasingly, the tool of choice for these criminals is email.
“Many of the cases we are seeing involve social engineering or phishing for confidential information,” said Briane Grey, senior vice president and corporate security manager for City National Bank.
Scammers may pose as a colleague, client, or someone you or your company has done business with recently, in an attempt to get your confidential account information, or convince you to wire funds. In some cases, if they have access to your mail or invoices, they may pretend to be a vendor asking for funds to be wired to a new account.
One type of scam that affects law firms, for instance, is the classic debt collection scam. It starts when a law firm is approached by a new client to assist in collecting a debt. However, before the law firm commences collection, a “cashier’s or corporate check” arrives paying the debt. The firm deposits this check in its trust account, deducting its fee, and then wire transfers the balance to its new client, thinking that the funds are good. Shortly thereafter, the check bounces, the trust account is overdrawn, and the wired funds are gone, with little chance of recovery.
Here are some other red flags that should raise suspicion in a wire transfer request:
Red Flag #1: The sender places a “rush” request.
“Often, the scammer will feign an emergency,” Grey said, “and insist that the transfer take place immediately.” Resist the hustle. Make sure your bank uses verbal verification before processing a transfer.
Red Flag #2: The sender refuses phone calls and insists on communicating via email only.
“Sometimes the person requesting the transfer will claim an inability to be reached now, but will promise to confirm at a later date,” Grey said. “Your bank should treat this as the implausibility it is and insist on hearing directly from the person requesting funds.”
Red Flag #3: The sender uses odd or incorrect words, spelling or phrases.
“While some fraudsters can pass for polished business communicators, many cannot,” Grey said. “It might be bizarre phrasing, awkward English, poor grammatical choices, incorrect punctuation, or simply weird spacing or capitalization. These all suggest that you may be dealing with someone other than a legitimate contact.”
Red Flag #4: The nature or the amount requested is unusual or inconsistent with previous practice.
“If the request is out of the ordinary – especially if it’s way out of the ordinary – that’s a reason for your bank to question it,” Grey said. “We watch the patterns associated with our accounts and keep an eye out for larger-than-normal amounts or requests to transfer money to new locations.”
Red Flag #5: The return email is incorrect.
“This is a five-alarm warning to any financial institution,” Grey said. “There should be a ‘no-exceptions’ practice with every wire transfer request to examine closely and double-check return email addresses. It can be just one letter off and you’ll know you’re being ‘spoofed.’”
Grey also says individuals and business owners should watch out for large monetary requests that ask to be “coded” to a department within the company, or requests accompanied by detailed instructions with return addresses that are incorrect or have one or more extra letters added – all further indications of spoofing.
“Be vigilant, use common sense and take a detailed approach,” Grey said. “Above all, insist on verbally verifying requests before you wire the money. Fraudsters are getting bolder and the amounts are getting bigger. Take the steps you need to take to keep from becoming the latest victim.”