Get the facts about the latest social engineering fraud targeting businesses.
There is a new technique being used by criminals to obtain large wire transfers of cash from businesses. The technique goes by many names: “CEO fraud”, “business email compromise”, “wire transfer scam” but the essential elements are the same. An email is sent appearing to be from a senior executive within a business to an accountant or financial officer. The email requests that funds be transferred to a third party by wire. The transaction is usually marked urgent, and the source of the email appears by all accounts to be legitimate. Names, titles, signatures, corporate logos and letterhead may all conform to what would be expected from a request sent by the CEO. But every part of the email is fake, part of a carefully constructed ruse which has to date defrauded North American businesses of hundreds of millions of dollars.
How the scam works and how to avoid it
The wire transfer scam works by convincing the recipient of the instructions that they are communicating with a trusted party with authority to order the funds transferred. To accomplish this, scammers must perform extensive research on their target, including the names and titles of senior executives and the management structure of the business, right down to the appearance of a CEO’s email signature.
The scam may involve hacking as well too, compromising the email system of the firm to send emails from users real accounts, but this is not always the case. Often, simply sending emails from a domain that LOOKS at first glance to be correct may be sufficient. The request is always presented as urgent, perhaps necessary to close an overseas business deal or settle a debt. The aim is to persuade the recipient to carry out the transfer as quickly as possible without checking the veracity of the instructions, and once executed, the chance of recovering the wired funds is almost non-existent.
The first and most important step in preventing your business from being victimized is to be aware of these kinds of scams, and to treat any requests that appear similar to the above descriptions with extreme suspicion. Other steps include:
- Beware of any instructions sent by email that differ from normal business practices. Calls for secrecy or urgency should automatically be considered suspicious.
- Use two-factor authentication. Confirm any written instructions to transfer money with the originator directly. If possible ensure a face to face confirmation. Never transfer money to an unknown third party without this confirmation.
- Examine the email address of senders closely. Did the email really originate from your companies domain? Double click on the address in the From section? Does it conform to the user’s read address?
- Wire transfer scams may be immediately preceded by virus or malware infections. If there is a recent history of a computer being infected by a virus, it may be a warning sign.
- Be on the look-out for other forms of social engineering, such as calls or emails that enquire about the corporate hierarchy, executive’s whereabouts etc. These may be attempts to research a target by scammers.
- Ensure the SPF (Sender Policy Framework) settings for your domain are correct and enforced. This will block most of this type of traffic from getting to your mail server however if your clients do not also have correct SPF set then they will not be able to email you.
The technological means of these scams will differ, but in every case the success of the scam relies on persuading an individual to carry out an action which the scammers could not do themselves. Education, judgment, and the adherence to strict business practices are the best defense against exploitation.
Sean Kirby is a Client Support Specialist at Triella, a technology consulting company specializing in providing technology assessments, consulting, maintenance services and CIO-related services to small and medium sized firms. Sean can be reached at 647.426.1004. For additional articles, please visit http://www.triella.com/publications. Triella is a Citrix Partner, VMware Partner, Microsoft Small Business Specialist, Microsoft Silver Partner, Dell Preferred Partner, BlackBerry Alliance Partner and Authorized Worldox Reseller.
© 2016 by Triella Corp. All rights reserved. Reproduction with credit is permitted.