Wire Transfer Fraud – Can Funds Be Recovered?

September 20, 2022 Businesses are constantly targeted by criminals attempting to gain access to information that will allow them to fraudulently divert wire transfers. This fraud often occurs after the criminal has compromised the email account of someone in the company who can approve such transfers, taking over communications with customers and vendors. This exploit has become a multibillion-dollar criminal business model. But can those funds be recovered? And how can you protect yourself from such attacks?

By: Richard W. Goldberg & Jason S. Cherry

Businesses are constantly targeted by criminals attempting to gain access to information that will allow them to fraudulently divert wire transfers. This fraud often occurs after the criminal has conducted sufficient reconnaissance to determine who at the company likely has an occupational role to approve or initiate wire transfers. This employee – often a financial executive such as the chief financial officer – will then be targeted and a compromise of their email account will be attempted. If successful, once inside the email account, the criminal will change “rules” so that incoming messages with terms like “wire,” “transfer,” “bank,” “account,” etc. are immediately routed to a fraudulent email account and deleted from the legitimate email account.

The criminal will then take over communications with customers or vendors who are in the process of initiating wire transfers to the business. The imposter will pose as the legitimate account holder, and issue new wire transfer instructions – often blaming the change on previous fraud on the account. The customer or vender then follows the new wire transfer instructions and initiates a wire transfer that is transmitted to the fraudulent account.

An alternate version of the scam involves using the unauthorized access to the account to redirect incoming wires intended for the company to a fraudulent account. Companies owing the victim money are told that account details have changed, and accounts payable payments are redirected.

This exploit has become a multibillion-dollar criminal business model.

What Can You Do to Protect Yourself?

Although billions of dollars have been lost to criminals in the past few years through fraudulent money transfers, that trend does not have to continue. If businesses are able to detect a fraudulent money transfer within 72 hours of the initial transmission, the Financial Fraud Kill Chain (FFKC) can be initiated in an attempt to stop the transfer. Although the funds are not always recoverable, even if the kill chain is initiated within the 72-hour window, recovery is far more likely to occur than if an attempt is made outside that window.

The FFKC involves a relationship between the FBI, the Financial Crimes Enforcement Network (FinCEN), and the Egmont Group, to help stop the fraudulent international transfer of funds by criminals. The FFKC is intended to be utilized as a means for U.S. financial institutions to obtain the return of victim funds. The FFKC can be used if the fraudulent wire transfer meets all of the following:

  • the wire transfer is $50,000 or more;
  • a SWIFT recall notice has been initiated; and
  • the wire transfer occurred within the last 72 hours.

If the wire transfer does not meet the above criteria, it should still be reported to the FBI as soon as it is detected. The FBI may be able to aggregate details of the matter with other investigations to recover the funds and/or hold malicious actors accountable.

How Does the FFKC Process Get Started?

To initiate the FFKC process, upon detection of a fraudulent money transfer, a complaint should be filed immediately with the Internet Crime Complaint Center (IC3). The IC3 report can be filed online here.

If possible, the following information should be provided in the complaint:

  • Victim business name and address;
  • Transaction type (i.e., wire transfer), amount, and date;
  • Victim bank (i.e., originating bank) name and address;
  • Victim bank account and routing number;
  • Recipient bank (i.e., beneficiary bank) name and address;
  • Recipient bank name and address;
  • Recipient bank account and routing number;
  • Recipient bank SWIFT number; and
  • Summary of the incident.

The more information provided about the incident, the more effectively the FBI can respond. As soon as the report is filed with IC3, an FBI agent in the geographic jurisdiction of the victim bank should be contacted and provided with the IC3 report and any other relevant details. The FBI can then interact with the victim bank to ensure everything is done to recover the funds. You can find a map of FBI field offices here.

Lewis Brisbois’ 24/7 Data Breach Response Team can help facilitate this response and get the FFKC process started. Our team includes several former federal prosecutors and a former FBI Cyber Agent who regularly assist victims of wire fraud. The team can be reached at 844.312.3961or breachresponse@lewisbrisbois.com. For more information on this topic, contact the authors of this post. You can also subscribe to this blog to receive email alerts when new posts go up.