Wire Transfer Fraud: Cyber Criminals Becoming More Sophisticated

How easy do you think it would be for your company to unwittingly wire a few million dollars to criminals on the other side of the globe? Based on a few recent cases we’ve seen, it’s pretty easy to get hit by wire transfer fraud if your company isn’t prepared.

Don’t Trust the Email Address

Email spoofing is essentially a forged email address. On the surface, it looks identical to a real address and can be used to get information from someone. Let’s say you regularly communicate with John, a vendor representative. John’s actual email address is john@abcompany.com, and you receive daily emails from him but rarely talk by phone. One morning, his email address pops up on your screen. John’s email—or so you think—says they’re using a new bank and provides updated wire transfer instructions. It even asks about timing of payment on two open invoices, adding an air of legitimacy. The new bank account is in a foreign country, but this is a vendor who does business internationally, so it doesn’t set off any alarm bells. You make the change to wire instructions, and accounting authorizes release of the funds the next day. It’s only when the real John calls a few weeks later asking why payment hasn’t been made that you realize your company has fallen victim to a cyberthief likely working from some remote location on the other side of the world.

Cyberthieves can hack into vulnerable systems, monitor email traffic and even access files on a network. Using spoofed email addresses, they insert themselves at an opportune time and pose as someone who leads you to believe you’re actually emailing your supplier, banker or whomever. We’ve seen cases where two people believed they were talking to each other about a transaction, when both actually were exchanging emails with the cyberthief using spoofed email accounts.

The losses can be devastating. Once the wire is sent by a bank, there’s almost zero chance of recovery. The challenges of recovering funds wired to a bank in a third-world country are immense. Although sometimes litigated depending on the facts and circumstances of a particular case, banks are unlikely to provide a safety net or receive reimbursement in such situations.

Keys to Prevention

First, don’t immediately trust any email asking you to change payment terms. Maybe a vendor previously paid by check emails you to say they want to be paid by wire, or they instruct payment to a new bank. Pick up the phone and call the person who sent the email and verify the request. Never send banking credentials or any other sensitive information.

Here are some warning signs an email might be spoofed:

  • Poor grammar and several misspelled words
  • Increasing urgency or repeated requests for payment
  • Requests for prepayments in exchange for large discounts
  • Requests for changes to a bank account in a foreign country
  • Anything else that seems out of character

Cyberthieves literally work around the clock to refine their techniques, preying not only on weaknesses in a company’s security but on weaknesses in human nature as well. There’s too much potential gain for them with little chance of being caught, and their methods are only likely to improve. Make sure to stay vigilant.


Jeffrey works with a wide variety of clients and organizations providing fraud prevention, fraud investigation, fraud risk assessments and assurance services. He has investigated allegations of improprieties in a variety of companies and organizations, including privately held companies, financial institutions, cooperatives, governmental entities and not-for-profit organizations. Jeffrey also works with clients to develop organizational procedures that can help prevent future fraudulent activity. He provides support to attorneys on litigation issues that involve accounting, auditing and other financial issues and has provided testimony in trial, deposition and grand jury settings.

Jeff Roberts – who has written posts on BKD Forensics.

Leave a Reply

Your email address will not be published. Required fields are marked *