Check and Wire
Transfer Fraud

In the past few years, the frequency of internet and wire transfer fraud has significantly increased. Individuals and businesses are being victimized by perpetrators of internet crime. “Phishing,” “whaling,” “vishing” and “tabnabbing” can result in serious financial hardship to you and/or to your business.

• Phishing is the attempt to acquire such sensitive information as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

• Whaling is a type of fraud which targets high-profile end-users such as corporate executives, politicians and celebrities. The goal of whaling is to trick someone into disclosing personal or corporate information through social media, email and content spoofing efforts.

• Vishing is the act of using the telephone/voicemail in an attempt to scam the user into surrendering private information which will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he or she will profit.

• Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the fraudulent site is genuine.

These are some of the schemes which scammers are using today to capture personal and/or business credentials and to get access to bank accounts. Once an individual falls victim to a scam, the scammers involved in the underground economy unleash various forms of “malware” (malicious software) designed to leverage the individual victim’s internal control weaknesses and the weaknesses in the wire transfer and Automated Clearing House (ACH) processes – the mechanisms which allow banks and other financial institutions to process checks and other forms of payment.

Many of these schemes originate in Eastern European countries. The most common scam is the bogus email which an individual receives from his or her “bank” asking that individual to verify his or her credentials because of some suspected fraud. Examples of such phishing email messages are as follows:

“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identify.”

“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

This is the “call to action” scam during which the individual victim fears that his or her account may have been compromised and, accordingly, the individual victim responds. This can also be done via a voicemail or “vishing,” as it is called. The individual victim is directed to what appears to be the website for his or her bank and, by logging in, the individual victim unwittingly activates one of the many forms of malware (viruses, worms, spyware, etc.), such as the Zeus Bot or SpyEye Bot, which actually takes the individual victim to a foreign website.

An example of a frequent wire fraud scheme is when an individual enters wire information, where the wire transfer instructions are supposed to direct funds to Party A at Bank A, and identify Bank A’s routing number. The malware changes the instructions from those which were entered to those of the scammer. The wire is transmitted by the individual victim with the understanding that it has gone to Party A, but instead it has gone to the scammer. The scammer then moves the money out of the country. By the time the fraud is detected, it is too late.

In calendar years 2014 and 2015, in Kane County alone, over three dozen wire transfer frauds occurred in connection with residential closings, victimizing clients, their attorneys and local title companies. During that same period, a large wire fraud involving the net proceeds of a residential sale in excess of $2,000,000.00 occurred in New York. Wire transfer fraud has continued to be a significant problem in 2016, despite efforts by banks, title companies, attorneys and others.

Scammers can also befriend unsuspecting victims via postings on social networking sites such as Facebook, MySpace and Twitter. Clicking on links from unfamiliar websites can also result in serious fraud. When a victim “befriends” one of the scammers or opens an attachment in an email, the scammer unleashes one of the Bots mentioned above. New Bots are so sophisticated that most antivirus software companies have been unable to detect many of them. Businesses still using Windows XP are also easy prey for Bots. The Bot lies in wait on an infected computer. When the user accesses a bank website for a financial transaction, the Bot becomes activated. These Bots record all information relating to account access and transmit the information back to the scammer. The scammer then duplicates the wire module page of the particular bank and re-transmits it back to the infected computer. The next time the user logs onto its bank website to send a wire, the bogus wire module page takes over. To the user it looks like the real thing, but there are usually subtle differences. The user then enters the necessary information to send the wire, including the routing information. The Bot malware is then activated and changes the wire recipient information to a bank other than the intended bank. The user is unaware of the change. After the user submits the wire instructions to its bank, the user’s bank unknowingly wires the funds to the altered recipient. There has been little or no success in catching these wire transfer scammers.

The following protective actions should be taken by you to prevent these fraudulent schemes:

Do not respond to an email which appears to be from your bank or from an organization which you trust which requests your personal or financial information. Legitimate businesses and banks do not ask for this information via email or text. Delete these emails immediately.

Be cognizant of scams where a scammer engages you to represent him/her and sends you a very large retainer check drawn on a foreign bank for services to be rendered. Two or three days later, the scammer asks you to wire a portion of the retainer to his/her business partner overseas. By the time you determine that the foreign check you received is fraudulent, your money is gone.

Do not allow access to social networking sites from computers in your business office. Any individual with access to your business bank account’s website must not be allowed to use social networking websites such as Facebook, MySpace and Twitter. Consider examining recent computer history to see if these sites are being accessed and add content filtering security to your network.

Do not allow any employee to download any information from unknown, non-business related websites.

Reconcile your bank account and credit card statements promptly and check for unauthorized charges. If your statement is late by more than a few days, call to confirm your billing address and account balances.

Use trusted security software and have it set to update automatically.

When effecting a wire transfer, note the following:

(i) Pay particular attention to the wire module web page. If you notice even subtle differences, contact your bank immediately and definitely do not send a wire using your computer. Do it the old-fashioned way and send your bank a fax of the wire instructions. At the time of this writing, the scammers have not corrupted facsimile transmissions. In addition, banks and title companies have resorted to the use of encrypted emails, and this method should be chosen by you when possible;

(ii) Ensure that two people are always involved in the wire process, one to originate and one to approve and release. Know what your bank agreements say as well. Banks are now changing their agreements by requiring two people to be involved in the process, and if you choose to have only one person, you are responsible for any fraud which occurs;

(iii) Review the information on your bank’s website as it relates to the wire as soon as possible after sending to ensure that it went to the correct party. Typically once the wire is gone, it cannot be retrieved. However, the funds may be retrievable if you quickly notify your bank so that your bank can call the receiving bank and notify them of the fraudulent transaction. Once the money leaves the originating bank, it is next to impossible to get it back;

(iv) Know and understand your banking agreements. Banks are not responsible for fraudulent wires – you are – and, as such, you bear the liability of the loss.

How do you know if an email you receive is legitimate? Following are a few tips to help you decide whether to delete an email or not:

• Misspellings. Watch for misspelled words within the entire body of the email. This is an indication that something is amiss (i.e., “www.bankofarnerica.com” should really be “www.bankofamerica.com”).

• Sender. Make sure you know or can identify the sender. Confirm that the sender is not a suspicious domain (i.e., “micorsoft-support.com” should really be “microsoft-support.com”).

• Number of Recipients. Check to determine if the email was sent directly to you or to a number of other people who you personally do not know? If you do not recognize the other recipients, delete the email. Also, be alert for emails which are sent to your specific email address but also to other variations of your email address (i.e., JohnSmith@sbcglobal.net, JohnathonSmith@sbcglobal.net, JSmith@sbcglobal.net).

• Attachments. Never open an attachment unless you are certain of the sender and that the attachment relates to the general email message. If the sender asks you to open up an attachment to avoid a negative consequence or to gain something of value, such an email should be considered fraudulent and deleted immediately.

• Date/Time. Look at the date and time an email was sent. If you would normally receive emails from the sender during regular business hours and the email was sent at 3:00 A.M. on a Sunday, this is a “red flag” that the email may be fraudulent.

• Instinct. If the sender is asking you to open an attachment which seems odd or illogical, or asks you to look at a picture which is attached, and your instinct tells you that something is not right, follow your instinct and delete the email.

To be forewarned is to be forearmed! (2016)