JULY 31, 2022
Original publication: August 5, 2020
Phishing emails could be described as the pestilent occurrence of the modern workforce. As we ditched the typewriter for the computer, and faxes for emails, one unexpected (yet always prevalent) consequence, was spam.
According to Verizon’s 2019 Data Breach Report, 32% of data breaches in the U.S. involved phishing. These emails typically look as though they’ve come from your boss , asking for your personal phone number, password, or at times, a money wire transfer.
Wire Transfer Fraud
Shark Tank’s Barbara Corcoran fell victim to a money wiring scam earlier this year.
The phishing email, sent to Corcoran’s bookkeeper, was made to look as though it came from Corcoran’s assistant — with the exception of one misspelled letter. The email contained a fake invoice from a legitimate German marketing agency, FFH Concept GmbH, asking for $388,700.11 for real estate renovations.
According to Forbes, the scam was discovered because Corcoran’s assistant was copied in the reply to the invoice. Although, by that time, the transfer had already been made.
Fortunately for Corcoran, the bank that the bookkeeper used to wire the money froze the transfer before it was ever deposited in the scammer’s bank account. This was the best-case outcome for Corcoran, though not everyone is so lucky.
An Almost Irreversible Scam
According to an article from the Wall Street Journal, The FBI received reports of nearly $1.8 billion in losses from this type of scam in 2019, up from about $1.3 billion the year prior.
Arguably, the main problem with wire transfer frauds is the inherent difficulty involved in retrieving the stolen money.
Since countries like China (where a majority of transfers are sent) fall outside of U.S. jurisdiction, it becomes almost impossible for banks to recover losses once the wired money is deposited in the scammer’s bank account.
Although, wealthy CEOs and big companies aren’t the only ones who should be cautious of this type of cyberattack. These scammers cover the gamut when it comes to who they target. Victims include “the elderly, college students, nonprofits, religious organizations, celebrities, CEOs of companies,” FBI Supervisory Special Agent Zacharia Baldwin said in an interview. “It could be anybody.”
On Red Alert
Mitch Zahler, Head Information Security Officer at fintech platform Even Financial (a SOC 2 Type 1 certified company), said human nature and advances in technology have combined to make this scheme a particularly effective one for scammers.
“Successful phishing scammers exploit social engineering and rely on the fact that their victims likely want to be helpful and responsive when a request is made of them over email,” he said. “It’s easy to rush past the steps of ensuring the email is legitimate or giving the sender a call to confirm it’s legitimacy—especially when, at first glance, the email appears to be coming from your boss and is asking for immediate help.”
When it comes to phishing emails, the FBI suggests being suspicious of any email that requests personal information, to avoid filling out forms that ask for your personal information, to compare the link you are directed to with the link provided in the email, and contacting the actual business that “sent you the email” to make sure it was actually from them.
Zahler echoes that advice, particularly the use of the “Trust, but Verify” method.
“When you receive an email that looks to be coming from a legitimate account, it’s still best to verify with the recipient through other communication means to ensure it is legitimate,” he said. “Especially when it comes to actions such as wiring funds.”
Photo by Stephen Phillips – Hostreviews.co.uk on Unsplash