Wire fraud & business email compromise

Business email compromise (BEC) and fraudulent instruction are accomplished by either phishing an executive and using compromised email credentials or by spoofing a legit email address from a look-alike domain name. Either way, the intent is to induce an employee to act quickly to make a wire transfer, payment, or transfer sensitive data to cybercriminals.

All employees involved with wire transfers should receive training on these scams and the procedures for handling internal wire transfer requests.

These scams typically involve an executive-level employee’s email or phone number that has been compromised or spoofed through a phishing attack. The fraudsters create an email or text appearing to be sent from the executive to another individual within the organization requesting a payment — typically wire transfer.

A few simple action steps that can help protect your credit union is to have employees confirm the legitimacy of the request by verifying with the C-suite executive and authenticate using a different communications channel (out-of-band authentication), such as verifying face-to-face with the requestor or calling the requestor’s phone extension or cell phone.

Implementing dual control — using two or more employees — can provide additional checkpoints to ensure requests and payments appear and are transacted legitimately.

It’s important to educate your members — especially business members — about the possibility of this scam and how to protect themselves. Consider adopting a written wire transfer agreement for business members due to the size of their potential wire transfer requests. In the absence of a signed wire transfer agreement, require business members to request large dollar wires in person.

Remember, the member could be liable for the loss of funds, so it’s critical they know how to spot the warning signs for this type of fraud.

A common approach associated with real estate wire scams has a member/purchaser receiving an email with bogus instructions, shortly before the loan closing. You should establish procedures to call the title company/closing agent using a reliable phone number on record to verify the legitimacy of wire transfer instructions received by email or fax. Additionally, some establish a passcode in advance to be used in conjunction with the callback and verification process.

Educating members upfront can be extremely helpful. Provide reminders such as:

• Warning them to be wary of any last-minute wire transfer changes
• Suggesting they gather all telephone numbers for agents, title company, etc. at the signing of the purchase contract and compare any changes shortly before closing
• Calling to confirm any wiring instructions
• Avoiding sending financial information through email

Asking members if they have received the wire instructions via email and if so, did they verify instructions with the closing agent using a verified telephone number can be helpful.