Do you or your associates ever issue wires from your bank accounts?
Wire fraud is becoming a huge problem. In recent weeks, we’ve noticed a cybersecurity breach that could potentially impact our customers who issue wires from their bank accounts.
The breach arises when a hack to the email of the intended recipient occurs. When the hack occurs, the hacker monitors the email communications and changes the wire instructions sent to the party that originates the wire. The wire gets redirected to an account other than the account the original recipient intended.
Once the wire is sent to the redirected bank account, it is virtually impossible to recall it, as it is generally transmitted to multiple accounts in a subsequent wire transfer chain. The net effect is that the party who sent the wire, not the intended recipient, will have lost the money.
While liability may ultimately rest with the party whose email was hacked, it could take an extended period to figure out the rights of the various parties.
So, what’s the best way to prevent wire transfer fraud from happening?
The sender should always confirm the wire instructions by phone with the intended recipient. Do not confirm the wire instructions by email: If an email account has been hacked, the hacker will monitor the correspondence and reconfirm the original altered instructions.
Although this precautionary measure requires an additional step, it is the best way to prevent the wire from going to the hacker. Wire fraud is just one of many cybersecurity crimes that can occur from identity theft. It can happen to anyone.
The Federal Deposit Insurance Corporation (FDIC) offers these tips on avoiding identity theft, fraud and scams.
How to avoid identity theft
The best protection against identity theft is to protect your personal information, for example:
• Do not share personal information over the phone, through the mail or over the internet unless you initiated the contact or know the person you are dealing with.
• Be suspicious if someone contacts you unexpectedly online and asks for your personal information. It doesn’t matter how legitimate the email or website may look. Only open emails that look like they are from people or organizations you know, and even then, be cautious if they look questionable. Be especially wary of fraudulent emails or websites that have typos or other obvious mistakes.
• Don’t give out valuable personal information in response to unsolicited requests. Social Security numbers, financial account information and your driver’s license number are some of the details that should be kept confidential.
• Shred old receipts, account statements and unused credit card offers.
• Choose PINs and passwords that would be difficult to guess and avoid using easily identifiable information such as your mother’s maiden name, birth dates, the last four digits of your social security number or phone numbers.
• Pay attention to billing cycles and account statements and contact your bank if you don’t receive a monthly bill or statement since identity thieves often divert account documentation.
• Review account statements thoroughly to ensure all transactions are authorized.
• Guard your mail against theft, promptly remove incoming mail and do not leave bill payment envelopes in your mailbox with the flag up for pick up by mail carrier.
• Obtain your free credit report annually and review your credit history to ensure it is accurate.
• Use an updated security program to protect your computer.
• Be careful about where and how you conduct financial transactions. For example, don’t use an unsecured WiFi network because someone might be able to access the information you are transmitting or viewing.
How to avoid frauds and scams
There are numerous scams presented daily to consumers, so you must always exercise caution regarding your personal and financial information. The following tips may help prevent you from becoming a fraud victim.
• Be aware of an incoming email or text messages that ask you to click on a link, because the link may install malware that allows thieves to spy on your computer and gain access to your information.
• Be suspicious of any email or phone requests to update or verify your personal information, because a legitimate organization would not solicit updates in an unsecured manner for news it already has.
• Confirm a message is legitimate by contacting the sender (it is best to look up the sender’s contact information yourself instead of using the contact information in the message).
• Assume any offer that seems too good to be true is probably a fraud.
• Be on guard against fraudulent checks, cashier’s checks, money orders or electronic fund transfers sent to you with requests for you to wire back part of the money.
• Be wary of unsolicited offers that require you to act fast.
• Check your security settings on social network sites. Make sure they block out people who you don’t want to see your page.
• Research any apps before downloading and don’t assume an app is legitimate just because it resembles the name of your bank or another company you are familiar with.
• Be suspicious of any offers that pressure you to send funds quickly by wire transfer or involve another party who insists on secrecy.
• Beware of disaster-related financial scams. Con artists take advantage of people after catastrophic events by claiming to be from legitimate charitable organizations when, in fact, they are attempting to steal money or valuable personal information.
The Orange Bank & Trust team is always ready to assist our customers. So, if you have any questions or concerns, give us a call.
Joseph A. Ruhl, Esq.
Regional President, Orange Bank & Trust