"How did the wire fraud scam find its way to you?"
Anonymous: We were the victim of hacked public Wi-Fi.
One of our managers used public WI-Fi without a secure connection, and his system was infiltrated. Once the hacker was in the system, he was able to monitor and ultimately take over the email inboxes and outboxes.
With that access, the scammer created a scheme to steal money from us through wire fraud.
"What did the scammer ask for?"
Anonymous: He impersonated one of our company’s vendors.
When the scammer knew that a large payment was about to be made, he pretended to be the vendor (by buying and using a slightly different email domain).
He requested a change of bank account for our payment. Unwittingly, our manager wired the payment to the new and illegitimate bank account.
"What made the scam seem real?"
Anonymous: The scammer created a new domain, which was slightly different than the real domain of the vendor, and designed letterhead and email signatures exactly like the legitimate vendor.
Because the new bank account was not verified outside of email, and the emails and attachments were perfect recreations, everything looked real.
"How did you realize it was actually a scam?"
Anonymous: When the legitimate vendor informed us that their payment had not been received, we learned that the money had been routed to the wrong bank account.
"What made you decide to report it?"
Anonymous: We were required to report the crime in order to make a claim on our cyberinsurance policy.
We reported the scam to our banks (both new and old), to the legitimate vendor, and to local police and the FBI (since the scam crossed state lines).
"What damage did the scam cause?"
Anonymous: We experienced a substantial financial loss because we sent a legitimate wire to a scammer pretending to be someone else.
And our manager experienced great embarrassment.
"How did you recover?"
Anonymous: Thankfully, the FBI was able to recover a portion of the money, and our insurance covered a portion, so it was not a total loss.
"What steps did you take to prevent further scams?"
Anonymous: Now, whenever we have a vendor that informs us of a change of bank account or contact information, we verify with the vendor outside of email—preferably via a voice call using existing contact information—to assure the change is legitimate.
This business found its way to WYRE.
Along with improving its own internal controls, we’ve worked together to implement cybersecurity safeguards—including user education—to ensure a safe, up-to-date system.