Wire Fraud And You: A Basic Primer For Common Sense

I tried, guys.  I really tried to get away from it, but every time I think I’m out, it just sucks me right back in.  I don’t know if it’s because I live with a nerd, or if the day job is just saturated with paranoia.  But I just can’t stop talking about online security. It’s the #1 sensation that’s sweeping the nation, and there’s no getting away from it.

It’s one of the top industries out there, and it’s growing. We apparently still click on random phish that we shouldn’t, even with all the education in the world.

A couple of weeks ago, the day job sent me to a continuing education seminar. (Yay for time outside the office!  Yay for learning new things!) The topic of the day: cybersecurity and wire fraud. If I haven’t mentioned it yet, I work a day job in an industry where we send a lot of emails.  Like, a LOT of emails.  And we deal with money.  Quite a bit of money. And sometimes, we have clients send us that money in the form of a wire.  It’s simple, it’s easy, and it’s fast. It’s great!

You know who else thinks it’s great?  Scammers and hackers! Because if they can insert themselves into the conversation and get you to send your money to them, instead of to the legitimate business, that’s an easy payday!

“But Justine,” you say.  “Does that really happen?  I pay attention to my emails, and I know not to finance the lifestyles of any Nigerian princes.”

“Cause I’m like, all secure and sh*t. Check out my chains.”

That’s great–you’re ahead of the game.  But let’s face it. There are some super-clever people out there constantly devising new ways to pick your pocket in a digital fashion, and they can be so smooth about it, you don’t even notice until it’s already happened.  And it’s happening a lot. FOR EXAMPLE:

Wire Fraud In The Neighborhood

CNBC reported in late 2018 about wire fraud targeting the real estate market.  The story has been picked up by several news outlets and trade organizations, including title companies, the National Credit Union Adminstration, Imagine that you’ve spent years saving up to buy a house to raise your family in, and you’re finally there.  You’ve found the house of your dreams, you’ve been careful with your money, you’ve negotiated the repairs with the sellers, and you are ready to send the down payment and go to closing.  You’ve had all the details ironed out for a week or so.

You’re all ready for these sweet digs to be all yours.

The day you go to send the down payment, you get an email from your real estate agent or the attorney’s office, with new wiring instructions that detail where to send your money.  No problem, at least you know where to send it–so you send the wire to the new location. Except all that money that you’ve saved up to buy that dream house has now been sent into the void, because those “new” wiring instructions were actually “fake.”  You just gave your life savings to a complete stranger.

Even better, the bank followed your instructions!  You were the one who told them to send the money directly to the scammer!  And by the time the mistake is caught, it’s too late. You can’t call the wire back, and the scammer has absconded with your life savings.

But wait–it looked so convincing.  They knew that you were buying a house, what the new address was, who you were working with, that you were due to send the payment, and (in many cases) they even knew exactly how much the payment was supposed to be.  How did they know all this? How does this kind of a scam even work?

How It Works:

Every case is different, but on some level, this is the basic way it works.

  • Someone in the transaction (it only takes one) might be careless with their email.

If one person in the email chain has their password set as “password1234,” it can be easy for someone on the outside to insert themselves into the conversation.

  • Scammer tracks the info

That outside party doesn’t even have to send any emails in the beginning.  They just sit back and watch the conversations swirl in and out of the inbox, gathering all the details, making themselves the expert in the transaction.

  • Scammer emails you at just the right time

Right when things are ready to go, you get an email.  It may be from that trusted email address, or it will look like it comes from that trusted email address, with instructions on how to proceed.  Except instead of sending the money to your lawyer’s bank in South Carolina, it ends up in a random bank in California–and by the time you realize the mistake, that money is *poof* gone.

The dastardly plan doesn’t even have to be that sophisticated.  There have been reports of faxes (yes, faxes–apparently those are still out there somewhere) being manipulated to look like they’re coming from a legitimate source.

That’s Freaky.  What Can We Do?

Call and Confirm When Sending Money

Well, if you’re about to wire money to someone, always call and verify the wire instructions.  And don’t call the phone number in the emails you have–independently confirm the phone number before you call.  

Why?  If you receive an email with new wire instructions, and that email contains a phone number, you can almost guarantee that phone number will call the scammer–and the scammer will be happy to confirm the fraudulent wire instructions.  It’s better to independently confirm the phone number of the business so that you don’t fall into this trap.

There’s always a trap. It’s your job to avoid it.

Complicate Your Passwords, Not Your Life

We’ve talked about passwords before, and I know we keep harping on it.  But you cannot underestimate the value of a complicated password. Use a combination of upper- and lowercase letters, numbers, and symbols.  Never use your name, your kid’s name, your dog’s name, or any other things that are readily available on your social media as part of your password.  Remember, the idea is that we’re making it difficult for outsiders to break in.

And while we’re complicating passwords, if you’re worried about being able to remember them, use a password manager.  You won’t have to remember those complicated passwords, but you still get the benefit of using them.

Encrypt That Sh*t!

It’s better not to send your personal, sensitive information by email.  But if you have to send it by email, encrypt that sh*t. Use a secure email program.  No, Gmail is not a secure email program–but you can add plugins that make it more difficult for sneaks to sniff out your email traffic.

I’m a Small Business.  This Doesn’t Really Affect Me, Right?

Oh, friend.  I know it’s tempting to think that.  But the truth is, they don’t care what size you are.  You have something that they want–information, money, whatever.  Even if you’re just selling LulaRoe or Scentsy or Thirty One bags in your spare time while the kids are sleeping, you can still be a target for online fraud.

And if you’re a small business, that means that you actually have more to lose.  Chances are that you’re more focused on the day-to-day operations, and not as much on the security aspect.  But it is so important to protect yourself–use complicated passwords, use those password managers, and always trust but verify.  Sure, scammers want a foothold in your organization (even if “organization” means just you and the cat), but that doesn’t mean you have to make it easy for them.

You don’t have to be lost and vulnerable when it comes to security.
You can take control of your life and your computer, and protect yourself from harm.