Scamming people for money is not a new concept but it has gotten much more sophisticated as technology continues to advance. Email wire transfer fraud is one of the most common types of fraud. In 2018 alone, the FBI received more than 20,000 email wire fraud complaints with adjusted losses of more than $1.2 billion, according to the the organization’s 2018 Internet Crime Report. Attorneys can be an easy target for cybercriminals because they often wire money to or on behalf of clients. Real estate attorneys are especially at risk, as Americans lost nearly $150 million to real estate scams just last year.
What exactly is email wire fraud?
Email wire fraud is a sophisticated scam that involves the use of social engineering to conduct an unauthorized transfer of funds. Social engineering is defined as manipulating individuals into divulging confidential or personal information that may be used for fraudulent purposes.
A common scammer pattern is to become involved in a transaction, such as the sale of real estate. Cybercriminals imitate the seller or his/her lawyer’s email and instruct the buyer to wire funds to the scammer’s bank account. Failure to verify the instructions leads to the funds being wired to the scammer. Another common scenario involves proceeds from a transaction deposited into a law firm’s trust account, paired with an email request appearing to come from the client, requesting the funds be sent to the client using specified routing and bank account numbers. Unfortunately, the email and a look-alike signature block were fraudulent.
How can I prevent email wire fraud?
Read below to learn some tips for how to manage your risk and protect yourself against email wire fraud.
- Utilize two-factor authentication. The best way to avoid email wire fraud is to simply pick up the phone and call the person who is asking you for money to verify the information provided. Use the contact information you have on file — not the phone number listed in the email signature.
- Question changes to the norm. If you have a normal procedure for completing wire transfers and then someone wants to change it at the last minute, this could very well be a scam. Don’t hesitate to push back and take the time to verify these changes.
- Make sure you have email security. Do not open emails you suspect to be spam. Do not open attachments or click on links from unknown senders. Also, work with IT experts to ensure you have current virus and hacking protection in place.
- Advise your clients, too. Law firms should advise all parties involved in a wire transfer on the realities of email wire fraud. You can also include email wire fraud warnings. The following is a suggested sample: “Wire fund transfer fraud is now epidemic. Please call my office for final approval and verification of the wire transfer information. Please ignore any emails from this office that countermand these instructions.”
Cyber coverage doesn’t usually cover email wire fraud.
Email wire transfer fraud is often thought to be a cyber event that is covered under a cyber risk policy. However, a cyber event is most often defined as a discoverable act, such as one involving hacking or a data breach. Email wire transfer fraud is classified as “social engineering,” and therefore is not usually covered under a pure cyber insurance policy.
Email wire fraud has grown to the point of being an epidemic and we at OAMIC have had a couple of insureds impacted by scammers. Making yourself aware of these types of scams can help you prevent them. Please contact us if you have any additional questions.