Cyber crime is not new. However, this scheme of deception is on the rise in terms of the number and sophistication of crimes. The International Yacht Brokers Association recently circulated an urgent email. Several of their members had wire transfers hijacked by cyber-thieves. The thieves hacked into broker networks, traced emails regarding a specific transaction, and sent fraudulent wire transfer instructions to fund the thieves’ account.
Attempts at cyber wire fraud globally, via emails purporting to be from trusted business associates, have surged in the past year. According to the U.S. Federal Bureau of Investigation, “this is not a volume play; it’s a carefully researched play”. Attacks are not random. Cyber criminals know all about your company and choose it as a target.
In fact, the FBI has said that about one in four U.S. victims respond by wiring money to fraudsters. Cyber criminals are also attacking other countries, including Australia, Britain, France and Germany. It will require universal diligence to curb their crimes.
For example, the U.S. Department of Justice said in March that it had charged a Lithuanian man with orchestrating a fraudulent email scheme that tricked agents and employees of two U.S.-based Internet companies into wiring more than $100 million to overseas bank accounts.
Cyber crime often uses similar schemes to defraud unsuspecting people.
Most insidious are emails that look like they are from senior corporate executives, business suppliers, or known clients who regularly request or send payments.
Criminals may purchase a domain name that looks like your company’s, but actually it is one character off. Then, pretending to be the CEO, they send email directives to company executives instructing them to make wire transfers.
Employees recognize their account representative’s name and email address, see the vendor’s branding in the email, and submit the invoice for payment. It is the most common procedures that are not suspected. However, if they had looked very carefully, that email was actually from firstname.lastname@example.org instead of email@example.com.
Red Flags that Signal a Cyber Crime
Washington State’s Office of the Attorney General published the following “red flags”:
- You are asked to wire money.
- You are sent a check in connection with a payment request. Con artists often win their victims’ confidence by sending a fake check for more than the amount of purchase or to cover so-called processing fees, shipping costs or other expenses. It may be a cashier’s check, personal check or money order. They instruct the victim to cash the check or money order and send them a portion of the money by wire. Read more about fake check scams.
- The contact indicates a confirmation code or money transfer control number (MTCN) is needed before your money can be withdrawn. This is a blatant lie. Once you wire money, it can be picked up immediately.
- A caller or email appears to originate from overseas. The email message may be full of typing errors.
- The person communicates via TTY service. The hearing impaired uses TTY. Cons prefer the service because it disguises thick accents and makes calls untraceable. Follow-up correspondence is by email.
- Everyone must be sure to use a STRONG unique password for your email accounts, not simply one you can ‘remember’. Having your email provider blacklist brute force attempts against your server will also slow down these attempts.
- Validate new payment instructions received via email—even if the email is internal.
- Pickup the phone, whenever possible, and speak directly with the individual requesting a funds transfer.
- Contact the vendor or client directly to confirm any requests for payment method changes, validating the changes are legitimate before processing.
- Review all payments carefully before they are sent. Ensure all correspondence is validated and documented in a unified way.
Select Yachts Requests…
Any of our clients and associates who receive bank transfer instructions by email to please call our office to confirm these instructions. Use only our published phone number. Speak to the person with whom you’ve been working. Using the phone number quoted in an email may be part of a scam.
If you think you have been a victim of wire transfer fraud, you should file a complaint with the Federal Bureau of Investigation, Internet Crime Complaint Center. The Internet Crime Complaint Center identifies and publishes current and ongoing Internet schemes with detailed descriptions.