There are certain things that business executives—and even security experts—don’t have full awareness of when it comes to cybercrimes. In recent discussions with cyber insurance firms and U.S.-based businesses, I realized how little was understood relative to fraudulent wire transfers and payments of ransomware.
Businesses are losing billions to fraudulent wire transfers, social engineering attacks and ransomware. And the problem is getting worse. In 2021, over $6.9 billion was lost to cybercrime, surpassing the previous year’s losses by about $2 billion, according to an FBI report.
The report found cybercriminals made off with approximately $2.4 billion by compromising business email accounts, a hack that’s typically used to perpetrate fraudulent wire transfers. The rapid shift to remote work and virtual meetings during the pandemic also led to a spike in other cyber scams. One increasingly popular technique involves scammers inviting company employees to a virtual meeting and then using “deep fake” audio of an executive’s voice to trick employees into transferring money to a fraudulent account, according to the FBI report.
One such scam recently cost a company in the United Arab Emirates dearly when a branch manager was duped into transferring $35 million to fraudsters.
How It’s Done
There are several common scenarios by which a fraudulent wire transfer is initiated. One is a payment hack where someone initiates an unauthorized payment representing you or your business—either through internal access, a rogue employee or some other means not authorized.
Another is phishing scams where a staff member, typically in finance or a related department, receives an email that appears to be from a familiar person, such as the CEO, instructing them to initiate a payment to vendor X.