Wire Transfer Fraud: A How-To Guide

Businesses are increasingly falling victim to wire fraud scams – sometimes referred to as “man-in-the-email” or “business email compromise” scams. Although there are multiple variants, a common situation involves an attacker gaining access to the email system of a company, or the company’s vendor, and monitoring email traffic about an upcoming transaction. When it comes time to submit an invoice or a payment, the attacker impersonates one of the parties and sends wire instructions asking that payment be sent to the attacker’s bank account.

Wire fraud scams often victimize two businesses – the business that expected to receive payment, and the business that thought that they had made payment. The scam can cause significant contractual disputes between the victims as to who should bear the loss.

The following is a snapshot of information concerning wire transfer fraud:

The number of businesses victimized by wire transfer fraud:  22,143

The amount of money lost in the US due to wire transfer fraud:  $3 Billion

Increase in identified victims and exposed loss from January 2015 to April 2016: 270%

Steps to help avoid wire fraud scams:

  1. Avoid free web-based email systems to transact business.
  2. Enable multi-factor authentication to log into all email systems.
  3. Require employees to select unique and strong passwords or pass phrases.
  4. Require employees to change email passwords frequently.
  5. Require multi-factor authentication (e.g., email and telephone call) when receiving initial payment information.
  6. Require multi-factor authentication when receiving a request to change payment information.
  7. Send a confirmatory letter or email (not using the “reply” feature in email) concerning any request to change payment information.
  8. Delay payment in connection with any request to change payment accounts or a request to make payment to a foreign bank account.
  9. Review any request received by email to change payment accounts for signs that the email may be from a third party.
  10. Provide clear instructions to business partners concerning how payment information should be communicated.

If you are victimized by wire fraud, consider:

  1. Notifying the receiving bank and request that a freeze be placed on any remaining funds.
  2. Notifying law enforcement.
  3. Investigating whether your email system may have been compromised.

Asking business partners to investigate whether their email systems may have been compromised.

Source: Bryan Cave LLP


Despite our offices being closed to the general public, please know that we are operating and are fully functional. read more...

The coronavirus (COVID-19) has ushered in an unprecedented new reality with a far-reaching impact on families and businesses. Alliant remains steadfastly committed to serving as a pillar of strength and support for the valued clients and communities we serve. The health and safety of our employees and clients is of utmost importance to us.

Despite our offices being closed to the general public, please know that we are operating and are fully functional. We have encouraged our employees to work from home and continue to deliver the highest level of customer service with as little disruption as possible. As we continue to monitor and adapt to this everchanging situation, we will endeavor to keep you updated. The link below provides several resources for businesses owners and will be updated frequently.