Imagine you’re a high-level employee with access to your company’s financial accounts. You receive a call requesting a money transfer to cover urgent equipment issues. As the caller has extensive knowledge about company operations and employees, you believe it’s legitimate. You authorize the transfer. Unfortunately, it’s a scam, and your company may not be able to recover the losses. Wire transfer fraud and social engineering scams like this are widespread. Your business could be next.
The Next Phase of Business Email Compromise
Business email compromise has been a costly problem for a while. In this social engineering scam, criminals pose as legitimate contacts (such as the CEO) and request funds transfers. According to the FBI, the Internet Crime Complaint Center (IC3) received 21,489 business email compromise complaints in 2023 and the adjusted losses came to more than $2.9 billion.
Cybercriminals are always adjusting their tactics to make their ploys more effective. For example, scammers may contact employees via text message or phone rather than sending emails. In addition, scammers may request Bitcoin rather than asking for a wire transfer. Other scams involve payroll diversion or even diversion of company products.
New technology is making these scams even more convincing. Scammers can use generative AI to create sophisticated messages and deepfake technology to disguise themselves in phone calls or even video meetings.
- CNBC says the CEO of a British energy provider transferred $238,000 to a scammer who used deepfake audio technology to mimic the voice of the head of the parent company.
- CNN says a finance worker transferred $25 million to a scammer who used deepfake technology to pose as the chief financial officer during a video conference call.
The Funds May Be Lost Forever
Once an employee sends money to a scammer, the money may be gone forever. Wire transfers are often irreversible, as are Bitcoin transactions, due to the nature of cryptocurrency.
It is possible to secure insurance for wire transfer fraud losses. In addition to standalone coverage, some cyber and crime insurance policies provide this coverage. However, since some policies exclude wire transfer fraud losses, it’s important to understand your coverage. Additionally, the amount covered will be capped according to the policy’s limit and, since payment transfer fraud may be for large sums, this limit may be insufficient to cover a loss.
All this means that, although insurance adds an important layer of protection, it does not replace the need for caution. Companies should train employees on how to identify and respond to scams and create policies to safeguard against wire transfer fraud. See our Wire Fraud Safety Tips handout for more information.