Protecting Against Wire Fraud and Man in the Middle Schemes

Robinson+Cole Data Privacy + Security Insider
Contact

The scammers continue to find easy ways to dupe unsuspecting businesses into sending information or money to them. It used to be that we had to address vast fraud schemes with phishing emails requesting the W-2s of employees. That is child’s play now as most companies are aware of the scheme and don’t fall victim to it.

Similarly, in the past year, we have seen a dramatic increase in wire fraud and man in the middle schemes. These schemes usually start with a sophisticated phishing email that an employee clicks that looks like it is from a trusted vendor, who has spoofed the signature line of the vendor and asks the employee to pay the outstanding invoice.

During the email trail, which can go back and forth on multiple occasions, the intruder will tell the employee that when they pay the outstanding invoice, the vendor has changed its bank account and wiring instructions, or is switching from the old paper check system to ECH and to use the wiring instructions in the email.

The money is wired per the email instructions to a legitimate bank in another state (that the hacker has opened online with someone else’s identity) and by the time the company finds out, the account has been drained. Sometimes the account can be frozen (usually within three days), but it is rare that the company knows in time to notify the bank and request that the account be frozen.

In this day and age, wiring instructions provided by email should never be trusted. If anyone requests payment to a new bank account or through ECH, major red flags should go up. Any requests should be confirmed in another way to properly authenticate the request, such as a telephone call to a known contact.

The hackers spoof the signature line of a known contact and put their own email and telephone number in the signature line, so when the employee calls to authenticate the instructions, the hacker is on the other end of the line. Those checking authentication should not email the hacker back through the existing email chain, but should start a new chain to the trusted contact, and not call the telephone number in the signature line, but the telephone number that the employee looks up separately in existing contacts or on the company’s website.

You all know that my mantra these days is for employees to be “wicked paranoid.” Those handling wires in your company should be aware of these schemes, be educated about them to be prepared for them and be wicked paranoid.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Robinson+Cole Data Privacy + Security Insider

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide