You wake up to an email from your favorite major music streaming service. It asks you to sign in to the streaming service to confirm your interest in your favorite band’s upcoming performance in town.
It seems weird but you’re groggy and click through, entering your credentials but finding a dead-end on the next screen. Heading back to the email, you start suspecting things aren’t what they seem, and this email that came from a streaming service is a little… Phishy.
Sorry, the pun was too obvious, but while this plot may feel like it’s straight out of a Hollywood film, the reality is a new wave of “social engineering” as a way to access credentials has given cybercriminals a whole new way to work smarter and not harder.
With a 105% increase in ransomware attacks from last year alone, it’s safe to say your credentials are at risk. Digital communications are fantastic, but hackers are leveraging the same platforms for their own benefits. In this blog, we’ll cover one of the biggest dangers to businesses doing work online, wire fraud, and how to prevent your team from falling victim to a wire fraud attack.
“You know what, Toby? When the son of the deposed King of Nigeria e-mails you directly asking for help, you help. His father ran the freaking country, okay?” – Michael Scott
Michael Scott may have been way off base for email security, but his experience with cybercriminals is a fairly common one in the States. And while we’d like to believe this experience is exaggerated for TV, the reality is things are infinitely more targeted now than they ever were during the “spray and pray” days of early online scamming.
As mentioned before, social engineering is today’s in-vogue way to create spoofed emails and other targeted messaging that effectively scares or confuses the recipient into clicking. As a practice, social engineering relies heavily on human error. Verizon’s DBIR suggests 85% of all breaches were due to similar accidents, which means educating your staff and yourself is of the utmost importance. We’ll look more at that in a second.
So what does wire fraud have anything to do with this?
First of all, to make sure we’re talking about the same thing, wire fraud is defined by Investopedia as “a type of fraud that involves the use of some form of telecommunications or the internet. These can include a phone call, a fax, an email, a text, or social media messaging, among many other forms.” Basically, criminals attempt to trick people into sending their money to the wrong place.
And unsurprisingly, like a moth to a flame, criminals are drawn to where large sums of money exist. Think of it as the Wild West, but instead of robbing mail wagons laden with cash bonds and gold, these digital transactions are intercepted through phishing emails and other disguised digital takeovers.
Attackers use tactics like email impersonation – also called email spoofing, a phishing tactic used to create an email with a forged from-address – and targeted phishing – also known as spear phishing, where fraudsters target a specific individual or group, sending similarly deceptive emails. The scam has continued to grow and evolve over time with small, medium, and large businesses and even personal transactions all being targeted.
From May 2018 to July 2019, there was a 100% increase in identified global exposed losses, with crimes reported in all 50 states and 177 countries, including fraudulent transfers which were sent to at least 140 countries totaling over $26 billion in losses. According to the National Association of Realtors, 13,638 people were victims of wire fraud in their sector in 2020, a 17% increase over 2019, with aggregated losses of more than $213 million.
The ‘why’ of preventing wire fraud should be fairly obvious – losing money and data and time is all very bad! But there are plenty of other treacherous problems that await an organization that hasn’t followed through on creating a robust security plan. While many organizations that fall victim end up blaming their financial institutions, money being sent somewhere, for any reason, is basically impossible to recover once it’s put behind an account wall.
Besides the obvious blame on the hacker, liability is difficult to ascertain once a wire fraud transaction occurs since no one is actually at fault. Additionally, liability insurance is vague until specific situations arise, and coverage may not extend if the policy holder’s team acts on fraud perpetuated towards customers, investors, counterparties, advisors, and other outside email accounts.
Because liability is unclear, everyone involved in any kind of digital transaction – from the client and their team to your employee and company – must take precautionary measures to avoid wire fraud. While you may spend significant amounts of time and resources on cybersecurity training, those square in the sights of digital criminals (like real estate and financial firms) should be doing more to identify potential cyber-attacks and act quickly in the event one occurs.
We’ve written extensively on things like two-factor and multifactor authentication (2FA & MFA) and their ability to prevent breaches. When looking for ways to prevent wire fraud, you won't find a solution that is as convenient and as secure as MFA. While 2FA limits your ability to prove you are who you say you are, MFA includes more biological characteristics that are essentially impossible to forge.
Companies involved in high-priced financial dealings like private equity firms and venture capital groups, and even the smallest mom-and-pop shops, can integrate MFA and other biometric tools within everyday workflows with ease. These tools don’t just help eliminate wire fraud, but they also retain a seemingly endless supply of digital defense tools that require little to no additional digital knowledge from your team.
Phishing emails and other attempts to gain access to your data become more and more sophisticated every day. From the early King of Nigeria spray-and-pray methods to today’s hyper-targeted spear-phishing attempts, it feels like there is no end to the barrage of attempts criminals will make to take what others have created. But with some simple steps and a basic understanding of the potential attack – and the support of some pretty great IT professionals – your team can put up one heck of a fight.
To learn more about how your team can avoid effectively and securely onboard and offboard employees, contact us, give us a call at (864) 552-1291 and we'll help you evaluate capabilities and options. Also, sign up for PTG Tech Talk and consider following us on LinkedIn, Facebook, and Twitter!