Wire fraud schemes are common but oftentimes not overly complicated.
About 80% of U.S. companies say they have been hacked by opportunistic cybercriminals who don’t need to change their playbook because vulnerable processes remain the norm.
There are relatable mistakes made every day that are the result of not fortifying financial transactions against fraud.
Here are just a few recent examples:
A West Coast case led to the theft of $3.3 million from two companies involved in manufacturing ferries and engines for those ferries. In April 2024, one man involved was sentenced to prison time, but only $420,817 of the stolen money has been recovered.
From Justice.gov: “The scheme began when a malicious link was sent to an email address of an employee at the engine-building company. The link allowed the conspirators to gain access to the company’s email system and review various emails, including those transmitting invoices. The conspirators then posed as a billing executive at the engine manufacturing company and sent the boat-building company instructions to wire the payment funds to a specific bank account. The conspirators had set up a fake company and the account at a Pennsylvania bank specifically to receive these funds.”
Sometimes fraud is as simple as a lookalike email account, easily overlooked during the busyness of a standard workday. That's how the city of Chetek, Wisconsin, was tricked into a $2.6 million misdirected wire.
From the story on KSTP.com: "Officials said the fraud suspect created an email account that resembled that of the city’s general contractor, Market & Johnson, and contacted a company that was partnering with the city on the wastewater treatment plant. The fraudster told the company that Chetek needed to use new, fraudulent wire instructions that were then forwarded to the city."
A fraud scheme that spanned years — and states — stole more than $4 million by misdirecting wire transfers. The tactics used for this wire fraud scheme from 2016-2018 are the same ones still effectively used by fraudsters today, such as gaining unauthorized access to legitimate email accounts or creating email accounts that closely resemble those of involved in the transaction.
From Justice.gov: “Adeagbo conspired with others to participate in multiple cyber-enabled business email compromises in an attempt to steal more than $3 million from victim entities in Texas, including local government entities, construction companies and a Houston-area college. As with the scheme in North Carolina, Adeagbo and his co-conspirators registered domain names that looked similar to legitimate companies.”
