Cybercrime Frauds Involving Email and Funds Transfers
Cybercriminals are creative, and a rampant fraud to be aware of involves the use of compromised or spoofed email accounts. This is sometimes called “business email compromise”, “CEO fraud”, “CFO fraud” and more. I wrote a longer article about it a while back titled “The Cybercrime Scheme That Attacks Email Accounts And Your Bank Accounts” which you can find on my website or at the HuffingtonPost. I also wrote about it in my book, Cybersecurity for the Home and Office.
This horrible cybercrime has victimized many people and businesses. For individuals, it has stolen their life savings and results in stress and feelings of hopelessness. For businesses, it can be a devastating loss that creates a risk of failure.
This crime occurs when cybercriminals impersonate others, either by compromising (“hacking”) their email accounts, or by establishing new, similar sounding email accounts, or both. Then they trick recipients into wiring funds so that they wind up in the criminal’s hands. This is one type of “social engineering” or con-artistry.
First, here are ways we can prevent this crime:
You and all of us, as individuals and businesses:
- Secure email accounts with strong unique passwords and two-factor authentication. My articles and book have details.
- Verbally confirm any funds transfer instructions, or changes to those instructions. Do not rely upon emailed instructions. Sending a bank wire? Have a phone conversation to confirm all instructions.
- Don’t become a money mule. Know who you are doing business with, know your client, know your business partners, know where the money is coming from and going to. If it seems suspicious, investigate. Don’t forward the funds.
- Businesses should develop and improve their cybersecurity, information security, and anti-fraud program.
- Warn customers about this fraud before they send funds. Ask the customer: “Did you speak by phone with the person who sent you these wire instructions?” Tell the customer “There is a rampant fraud called business email compromise. Please read John Bandler’s article on the subject.” (I’m kidding about the last part but it would work).
- Detect, shut down, and do not forward funds relating to “money mule” accounts. Money mule accounts receive fraudulently induced wires, then forward them out of the country.
Attorneys: Secure your email accounts, warn clients about this fraud, advise clients to verbally confirm any funds transfer instructions. Especially in connection with real estate transactions.
Real estate agents, vendors, and suppliers: Ditto.
- Work more of these cybercrime investigations, follow the money, indict, apprehend, and extradite more of those committing it and profiting from it.
- Provide victims with a seamless reporting process for cybercrime, and promptly investigate and follow up on these reports. Crimes that are not properly investigated cannot be solved.
Second, if this crime happened to you,
- Work fast to try recover the money, or stop it before it leaves this country.
- Call the FBI, local police, and report to the FBI’s IC3 website. Be politely persistent.
- Call your bank, ask them to stop and trace the funds. Ask them to confirm they are in contact with law enforcement.
- Consider hiring someone to help you.
Perhaps understandably, many victims of this crime simply want their money back, and are less interested in how it happened, where the money went, and various details of the crime. Having lost money, few are anxious to spend more money investigating the theft. That said, it is hard to know the path forward without knowing the facts. For me, the details of these cybercrimes are fascinating. I also believe they contain clues and evidence that are essential for making future decisions.
Cybercriminals are always evolving. Prevention is always better than the cure — it is better to avoid the problem than deal with the aftermath. Cybersecurity is important for all of us, our families, and our professional lives. My book is comprehensive and can help you understand technology, the privacy and cybercrime threats, and how to secure yourself and your business.