Skip to main content

Techniques to Stop Wire Transfer Fraud

January 12, 2016

I continue to hear stories about companies being scammed by what the FBI is calling “business email compromise (BEC) attacks” or “CEO fraud attacks.” Krebs on Security highlighted data from a recent FBI report that estimates $1.2B has been lost to these types of scams in the last couple of years. This deceptive con is not your typical phishing attack. There are no malware infused attachments, embedded links that take you to harmful web sites nor panic inducing statements such as, “You must validate your social security number immediately or the IRS will freeze your bank account.” Instead, these attacks attempt to gain your trust and confidence by mimicking seemingly normal business communications between executives in the hopes of tricking you into transferring money to the attacker’s account. We refer to these types of phishing attacks targeted against senior executives of a company as “whaling” attacks (aka the “big fish”). 

One common scenario involves a highly confidential acquisition. The CFO receives what looks like a valid email coming from the CEO about a pending acquisition, typically involving a company overseas. The attack is timed to coincide with the CEO being out of the office. The message instructs the CFO to expect a phone call from an outside legal firm that is handling the transaction. The message includes details about the firm. The email is light on specifics but warns the CFO that they are not to discuss this deal with anybody else. Sure enough, the CFO receives the phone call as predicted from the designated contact person not realizing the caller is part of the scam. The CFO is given just enough information for the deal to sound plausible and then is instructed to transfer a reasonable sum of money to an account. The CFO even receives a follow-up email or phone call to verify the transaction completed successfully and is told that additional information will be forthcoming. 

Spam filtering and email authentication technologies can reduce but not eliminate this old school trick. To further protect yourselves, add one or more of the following people and process control strategies to you arsenal:

  1. Learn to recognize your fellow executive’s communication styles. Many of us are creatures of habit and have a certain style when communicating with our peers. Pay close attention to the format and tone of the email in addition to the actual words used. Are the grammar, greeting, signature and voice consistent with prior correspondences? If something doesn’t feel quite right, trust your gut instincts and seek additional information before taking any actions you may later regret. Use other communication vehicles besides email such as voice, text and in-person whenever possible.
  2. Implement dual custody procedures. Dual custody is a common anti-fraud technique that requires two people to complete a transaction, particularly those that exceed a certain dollar threshold. One person initiates a financial transaction but a second person is needed to approve or finalize it. Ideally, the second person will complete their part of the transaction from a second computer and account to further reduce the risk of a compromised device or account being used for the attack.
  3. Include a trusted third party in the process. Add a third person to the communication channel. This person does not need to know the details of the transaction only that such a transaction is occurring at this point in time. In our example, the CFO could verify that an acquisition is actually underway by checking with a pre-designated person such as the general counsel or the CSO who has already been alerted by the CEO about the pending transaction. 
  4. Educate your employees on how to identify and respond to attacks. Teach your executives about these types of wire transfer attacks. Use news articles as case studies and conduct table-top drills on how to respond to them. Involve your financial institutions in your efforts since they may be able to help stop fraudulent transactions before they are processed should one be initiated by mistake. Since attackers are constantly adapting their techniques, your education efforts must be more than a one-time endeavor.

Don’t rely solely on your technology to protect yourself from wire transfer fraud attacks. Be vigilant and ensure your executive team is prepared to recognize and respond appropriately.

Related Blogs

November 25, 2014

'Tis the Season for Phishing

It’s that time of year again, the holiday season. A time filled with friends, family, good food, and celebration. But of course it has its downsides a...

See Details

December 13, 2012

Preparing for the Next Spear Phishing Attack

If you need proof that any organization can be hacked, even the most secure ones, just do an Internet search for “spear phishing attacks.” You might b...

See Details

March 08, 2017

Be on Alert for Phishing Scams during Tax Season!

Once again tax season is upon us, and with it brings increased phishing attempts targeted at obtaining tax information from both for-profit and non-pr...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy


July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

June 26, 2014

Three "E"s of Modern Email Security for Phishing: #2 Employee Focus

The first "E" of modern email security for phishing is Enhanced technology that works to limit the delivery of phishing emails to users within your or...

See Details

January 14, 2016

Financially Motivated Whaling Attacks

On any given day, many people receive hundreds of emails. But when an employee receives an email from their CEO, CFO or another senior executive, they...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.