A fairly new type of cybercrime is becoming a risk to people, primarily small business owners, who mistaken a sender of a wire transfer request as a vendor or client. The wire transfer scam can make business owners a victim if they fall for it, and fail to have protection with a cyber liability insurance policy.
Due to several complaints as a result of a new wire transfer scam, the Internet Crime Complaint Center and the Federal Bureau of Investigation (FBI) and National White Collar Crime Center are warning business owners of these new scams.
The main complaint that business owners offer is that they were tricked because the email address the emails were sent from looked identical to their vendor or supplier’s email accounts. In other words, the vendor’s email was “spoofed”.
The email is a request for wire transfers, supposedly for previous invoices, and business owners had no reason to believe they were being scammed.
The new wire transfer scams are being called “business email compromise.” The FBI released an alert about it here.
It was not until the wire transfer is complete, that the business owners realize they were just scammed. After the fact, the small business owner would get an additional request for payment from his or her actual vendor, when the merchandise or service has been delivered.
At this point, the business owner and vendor go back and forth, and eventually come to the conclusion that the vendor never received payment, but the scammers did.
The warning on the Internet Crime Complaint Center (IC3), includes information about how it occurs. It states:
“In the scheme, a business partner – usually chief technology officers, chief financial officers or comptrollers – receives an email via their business accounts, purportedly from a vendor requesting a wire transfer to a designated bank account. The emails are spoofed by adding, removing or subtly changing characters in the email address that make it difficult to identify the perpetrator’s email address from the legitimate address.”
Not all businesses realized the scam right away, often blaming vendors for attempting to obtain money from them twice. Other business owners knew right away, based on what their supplier was saying, and would make an internet fraud claim, which the IC3 would then investigate. Before too long, the IC3 determined the large amount of money being taken from small business owners.
According to IC3, an average of $55,000 is taken from each individual business, with some losses over $800,000.
There are also suppliers who are being sent fraudulent emails within this scam, supposedly from businesses, where they are asking for orders or quotes for their goods. These are sent to more than one supplier at a time, but all linked to the same IP address. It seems the email scam is not just affecting business owners themselves, but their vendors or suppliers as well.
The best way to protect your business from such a scam is to look very closely at where emails come from, and contact the supplier before sending a payment. You should also be covered by cyber liability insurance.