Contrary to what you see in movies, people do send wire transfers for legitimate reasons. I mean, if you just went by what Hollywood depicts, you’d think wire transfers were the preferred method of payment for evil villains—villains who use wire payments to collect ransoms or conceal funds in offshore bank accounts.
While Hollywood can occasionally misrepresent how wire transfers are used, they are correct on one thing: criminals do use wire transfers. But, they use wires in a much different way than you might think, and they are successfully duping companies out of thousands of dollars—sometimes hundreds of thousands of dollars.
In many industries, sending wire transfers is fairly commonplace. Title companies, insurance companies and construction companies send wire transfers all the time…and sometimes for sizeable amounts. The high dollar amounts, the immediacy with which funds are transferred, and the sometimes less complex cyber safeguards at smaller businesses have created a lucrative market for cyber criminals.
Instead of physically breaking into a business to steal funds, today’s criminals are defrauding companies by tricking them into sending money directly to bank accounts that they (the criminals) have access to. If your company sends wires (or any electronic payments, for that matter), here are three things to keep in mind any time you send money for payment.
1. Know who you’re doing business with.
As e-commerce continues to grow, more people than ever before are buying and selling with organizations they don’t really know. Some of this is a necessary reality in today’s world. But, for any company with whom you’re sending large sums of money via wire transfers or ACH payments, the more you can get to know the people you’re doing business with, the better.
2. Always verify the information.
If someone is asking you to send them a wire, carefully consider how that information was transmitted to you. For instance, did the request originate via email? Were you expecting to receive the request? One common tactic used by today’s cyber criminals is to send a fake email that appears to come from a vendor you normally do business with:
Hi, I’m Amy, and I’m your new account representative with [Insert Vendor Name Here]. We recently changed banks, and effective [Insert Date Here], we will no longer be able to accept payments in our old account. Please modify your payment information in accordance with the attached instructions.
This is a form of spear phishing, and if you take the email at face value, the next time you pay an invoice to this company, you’re going to be in for a rude awakening. Surprise! Amy doesn’t actually work there, and the account information she gave you is bogus. When you receive a communication like this, go one step further and call the company (using the phone number published on their website) to confirm that the information you received is authentic.
Our reliance on email as a form of communication has also led to an increase in the number of criminals hacking email accounts at businesses. These criminals will target specific people (controller, CFO, etc.) at a company, hack their accounts, and wait for them to send wiring instructions to their customer(s). The criminal, who has access to the hacked email account, will then follow up by sending a second set of instructions, this time with alternative payment information. In that case, the email might look like this:
Hi, John! Sorry for sending multiple emails, but I accidentally attached the old wiring instructions in my last email. Please disregard my previous email and use the attached instructions, instead. Thanks!
If you receive a second set of payment instructions, it always deserves an extra level of scrutiny.
3. Treat a wire transfer the same as you would cash.
Wires should come with a warning label. Why? Well, because once a wire is sent, the likelihood of ever reclaiming those funds is pretty slim. Cyber criminals, once they’ve received a wire, will quickly move those funds into another account, or they’ll send the money out of the country via Western Union (or some other similar service).
In the event that you discover you’ve sent a wire to a criminal, your bank will likely do everything it can to get the money back, but unfortunately, the odds aren’t in your favor. That’s why it’s so important to constantly be on the lookout for warning signs of fraudulent wire requests.
Wires offer great convenience to businesses—they are the fastest form of payment in today’s B2B landscape. Some industries rely on wire transfers as their primary means of sending and collecting payment. But, that convenience also comes with risks. And, by keeping these three principles in mind whenever you send electronic payments, you’ll greatly reduce your susceptibility to fraud.
About the Author:
Mary St. John is a treasury management representative at Central National Bank and has been with the bank for more than 25 years.