Data Privacy and Security Client Alert – Wire Transfer Fraud
Wire Transfer Fraud: Confirm Before You Wire
Wire fraud is not a new crime. Many before today and many after today will continue to engage in this criminal activity. But it has taken a new twist in the age of our reliance on electronic communications.
We have seen bad actors spoof emails and send instructions from what appears to be an executive to an administrative assistant or the accounting department with instructions to wire thousands of dollars to a particular account. If the wire is sent, the funds are unlikely to be recovered unless the FBI is notified within a very short period of time after the wire is initiated. You may have little recourse in recovering from your financial institution because your account agreement likely contains language allowing them to rely upon your instructions.
More recently, the bad actors are injecting themselves into transactions, such as real estate transactions and commercial transactions between sellers and buyers. If a hacker is able to obtain the credentials of a lawyer, real estate agent, or company insider and this is not difficult for hackers who are adept in using various phishing techniques and social engineering skills then the hacker has access to details about the transaction, such as the parties involved, their email addresses and the property or assets to be sold.
If the hacker has access to a partys email, then he can easily set up email filtering rules that direct emails intended for that party directly to the hacker, and the intended party may never see incoming emails from a client. The hackers lack of access to a partys email system is not necessarily a problem, as he can spoof the email so that it appears to come from the lawyer, agent, or involved party. At first glance, a spoofed email appears to show the name or email address of a legitimate party, however the actual address of the sender is different from the name that appears in the email header. When the email recipient replies, the reply goes directly to the hacker.
So what about the money? Once the hacker has access to the parties, however obtained, he just lies in wait, waiting to strike at the time when the parties provide wiring instructions or are told to wire funds. The hacker interjects with his wiring instructions and the funds are soon on the way to his account.
If you think it cant happen to you, please think again. A justice on the New York Supreme Court recently fell victim to this scam in the course of selling her apartment and buying another. Upon receiving an email containing wire instructions that she thought was from her lawyer, she wired $1,057,500 to an account. The funds were then forwarded to Commerce Bank of China. The matter continues to be under investigation.
In our haste to close one transaction and move to the next, our reliance on electronic communications may be a downfall. Parties rush to respond to emails, finalize the last minute details, have documents signed, and get the transaction in order to close, all by way of electronic communications. When the time comes to wire funds it is a best practice to actually pick up the phone and confirm the wiring instructions. This can save all of the parties involved from a lot of headache, not to mention potential legal action and liability.
Kaufman & Canoles remains available, even on short notice, to assist with your data privacy and security matters. In the event of a potential breach of sensitive or confidential information, or if you have any questions, please do not hesitate to contact our Data Privacy and Security Practice Group. We can be reached by phone on our hotline at (844) 417.3309 or by email at firstname.lastname@example.org.
The contents of this publication are intended for general information only and should not be construed as legal advice or a legal opinion on specific facts and circumstances. Copyright 2020.