< Back
Wire Fraudsters Hope You’ll Give Them a Happy Holiday
Post on November 20th, 2024

The holiday season is here! While wire fraud can happen anytime, year-end transaction deadlines and holiday busyness can give wire fraud perpetrators an opportunity.    

We reported on hackers facilitating wire fraud by gaining access to business email accounts, then posing as the transferor in a transaction, to request the wiring instructions be changed to send the funds to the hacker’s account. Hackers are getting more sophisticated.  

In the latest version of wire fraud using business email access, the hacker gains access to the business email and is in on the transaction from the outset. The hacker sends an email giving the “known and trusted” phone number to use for verification purposes. Then as the transaction is about to close, the hacker requests the wiring instructions be changed. When the false “known and trusted” phone number is called, the hacker verifies the fraudulent wire transfer, and the funds go to the hacker’s account.  

Be on the lookout for these fraudsters. Add an independent verification procedure to the “Call and Verify” with the “known and trusted” phone number. Remember – assume all changes to wiring instructions are FRAUDULENT until verified by an independent verification source.   

Other types of scams also increase at this time of year due to holiday gifting, travel and celebrations. Think before clicking on links, responding to unknown email senders, or checking progress of a package you don’t recall ordering.   

Follow these best practices to prevent wire fraud:  

  • DESIGNATE  certain employees to send wire transfers
    ALL other employees are prohibited from wiring funds  
  • TRAIN all employees who handle wire transfers
    New employees should train immediately!  
  • ESTABLISH  a “Known and Trusted” phone number to use for verification   

Set up an independent verification phone number  

  • USE Multifactor Authentication to access all IT systems
    Change passwords regularly   
  • SECURE EMAIL to filter our phishing emails  
  • ENCRYPT email or use secure fax for wire instructions  
  • ALWAYS VERIFY all wire transfers by calling the “Known and Trusted” phone number and independent verification
    This includes initial set up, modified, or changed instructions  
  • ASSUME all changes to wiring instructions are fraudulent until verified.
    Carefully examine emails for slight alterations
    Look for spelling, grammar, and punctuation errors  
  • DO NOT use contact information, email or phone number from the email requesting funds 
  • DON’T RUSH!  Take time to check and verify  
  • ADOPT a Wire Fraud Reduction Policy
    Have all employees who can wire funds review policy annually   
  • CONSIDER  additional cyber insurance. Basic cyber coverage may not be adequate.
    Contact OSBA Insurance Agency for information to obtain a quote.   
  • VISITOBLIC Cyber Toolbox to access information on
    Top 5 Ways to Protect against BEC
    Training courses for lawyers and staff
    Sample Wire Fraud Reduction Policy  

As always, if you have any questions, please contact us here at OBLIC. We can help you prevent wire fraud and cybersecurity problems.  

Gretchen K. Mote, Esq.
Director of Loss Prevention
Ohio Bar Liability Insurance Co.
Direct:  614.572.0620
[email protected]
Merisa K. Bowers, Esq.
Loss Prevention Counsel
Ohio Bar Liability Insurance Co.
Direct:  614.859.2978
[email protected]

 

This information is made available solely for loss prevention purposes, which may include claim prevention techniques designed to minimize the likelihood of incurring a claim for legal malpractice. This information does not establish, report, or create the standard of care for attorneys. The material is not a complete analysis of the topic and should not be construed as providing legal advice. Please conduct your own appropriate legal research in this area. If you have questions about this email’s content and are an OBLIC policyholder, please contact us using the information above.