Close up of hands working with a laptop and smartphone, with superimposed graphics of email icons and red warning exclamation points
Close up of hands working with a laptop and smartphone, with superimposed graphics of email icons and red warning exclamation points

Don’t let it happen to you: Behind the scenes of a recent wire fraud scam

Protect yourself by learning from this recent real-world scenario

Closing a deal is exciting, complicated, and often time-sensitive. This means it is a prime opportunity for even the most vigilant professionals to fall prey to fraud. Let’s look at a recent incident from the market and learn what pitfalls to avoid.

The Situation

Company A and Bank A were entering the final stages of an acquisition of a business being sold by Investment Bank B. The deal was going to close on a Friday. The full teams from each bank had emailed several times over the course of the week with no complications. On Friday, the wires went out, confirmation numbers were received and sent — everything went according to plan. Then, around 5:30 p.m. on the following Monday, Bank A received a call from the buyer (Bank A’s client). The wire had never come through.

The Set-Up

At some point during the week, Investment Bank B fell victim to Business Email Compromise, or BEC. While it is impossible to know, the compromise likely occurred through phishing. Phishing attacks take many shapes, but they all start the same general way:

  • The target receives an email or text from someone they know (or don’t know) asking to click on a link.
  • The message looks authentic and can convey a sense of urgency.
  • After clicking the link, the target may be asked to provide confidential information such as banking information, a password, or other content, which is then provided to the criminals.
  • In this case, it’s likely that the link was infected and installed malware (malicious software) on the victim’s device without their knowledge. Some malware will record sensitive information whenever entered during daily activity, but it can also monitor the victim’s email, to the point of sending fraudulent emails from the victim’s authentic email address without the victim’s knowledge.

This means that the victim continued with their daily work, unaware of their vulnerability. When the time came to close the deal, the criminals were able to intercept Bank B’s email containing the authentic wire instructions, then send a different email from the same account. The fraudulent email contained wire instructions that directed all funds to an account set up by the fraudsters instead of the intended business account. Because the instructions arrived from the same email account that had been communicating throughout the week, Bank A followed the false instructions with no suspicions.

The Precautions

This is an example of a highly sophisticated scam, but there are still ways to safeguard against it and others like it.

Illustration of graduation cap or mortarboard

1. Education

Make sure your employees and partners are regularly trained on how to identify phishing emails. Protecting yourself from business email compromise is the first step to help avoid falling victim to fraud schemes. Explore tips and information on our Commercial Fraud and Online Safety Resource Hub.

Illustration of smartphone with padlock on screen

2. Anticipation

At the beginning of the deal process, select a few key contacts on every team. Save their phone numbers so that you have them available for any future verification needs. Consider also setting up confirming questions, phrases, or passwords to ensure you are communicating with the intended person.

Illustration of pen making checkmarks in boxes

3. Preparation

While it is common for the final week of a deal to be a flurry of final steps, set aside one hour on the day before closing for a video conference call with personnel you have worked with previously throughout the process. During this call, have them verbally confirm wire instructions and account numbers so that you know what to expect on the final day.

Illustration of shield with checkmark

4. Verification

Wire instructions may still be emailed on the day of the closing, but now you have verbal instructions from the previous day comparisons. If there are variations, do not respond to an email for clarification. Pick up the phone and call a trusted individual using the phone number you saved in Step 2.

The Resolution

In our real-world scenario, the receiving bank selected by the criminals flagged it as suspicious; the funds were frozen before the fraudsters could get them, and they were returned. Should you find yourself in a less fortunate situation, time is of the essence.

Ideally, your Fraud Department will have clear policies and procedures to help you get in touch with the right people, including the FBI. If you do not have such internal resources, head straight to the Internet Crime Complaint Center (IC3), the central hub for reporting cyber-enabled crime, run by the FBI. File a complaint online at IC3.gov as soon as possible. If you can get in touch with a Financial Crimes Manager within your local FBI office and have them on it within the first 48 hours, you can greatly increase the likelihood of retrieving the fraudulent wire.

Conclusion

Falling victim to fraud can happen to anyone, so the best protection is education. Develop and maintain a robust fraud awareness program for your organization, and make sure all employees participate — it only takes one compromised email to weaken an entire system. For wire transfers specifically, the most important thing you can do it to make it standard practice to verify in-person or via video call all planned wire instructions and account numbers before it is time to transfer funds. Education and preparation can be the best protection for you and your hard work.