Wire Fraud is the largest and single most damaging financial fraud in the US today. And according to the FBI’s latest reports, business related email losses are accelerating due to Business Email Compromise – the scourge of fraud prevention managers everywhere.
Reports of wire fraud to the FBI and local law enforcement agencies has doubled in the last year and experts estimate that only a fraction of total losses and attempts are being reported.
$20 Billion Annual Estimate for Business Email Compromise
In the last half of 2016, $2 Billion dollars in Wire Fraud was reported by US businesses, which experts believe probably only represents about 20% of the total.
Shockingly, that means that the current rate of wire fraud to small businesses alone is running at $20 Billion annually. To put this in perspective, the rate of wire fraud to small business is getting close to surpassing card fraud in the US.
Fraudsters Side-Stepped Bank Controls
The biggest red flag to banks for fraudulent wire transfers has always been international wire transfer request. But in 2016, the trend changed as fraudsters realized they could better disguise their fraudulent request by using domestic mule accounts which would blend into normal request far more easier.
But more importantly, it helped them avoid bank controls which were far more stringent on international request. This shift helped fraudsters dramatically increase their success rate and helped fuel the dramatic increase in wire fraud.
In 2015, some banks were reporting they were able to stop 100% of their wire transfer fraud by looking at 2 things
- Was the Wire Transfer International?
- Was the Wire Transfer Being sent to a new recipient on the account?
Those two factors alone were often what some banks used as simple rules to avoid wire fraud. But fraudsters quickly sidestepped those controls by focusing on domestic transactions instead.
FBI’s Top 10 Recommendations for Businesses To Prevent Fraud
The FBI also published 10 Recommendations to help small businesses stop wire fraud.
- Avoid Free Web Based Email Accounts – They are targets of fraudsters an easily exploited
- Don’t Post Executives Email Addresses Publically – Fraudsters use that information.
- Don’t Post Organizationally Structures Publically – Fraudsters use that for social engineering
- Use Out of Band Authentication for Email Transfers – This can stop the fraud after it is initiated
- Report and deleted all spam and suspicious phishing attempts – They can proliferate on your company email systems.
- Do not Reply, Forward back to Recipient Executive – The fraudsters will use misspelled emails to divert emails. On wire request, hit forward and manually type in the email of the recipient.
- Use Intrusion Detection System – These systems can detect fraudulent email requests by analyzing the originating domains to sure they are not spoofed versions of real emails.
- Do 2 Factor Authentication on All Vendor Location Changes – Fraudsters are merely changing the banking account orders on wire transfers and not setting up new vendors.
- Pick up the Phone – Calling an executive directly to confirm is far more effective than emailing.
- Know the Habits of your Customers – Use common sense an investigate things that look out of the ordinary and out of pattern.