Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.
Wire transfer phishing costs businesses billions of dollars every year — and the problem is only getting worse. That’s why business leaders and security experts are increasingly worried about this damaging form of cybercrime.
In this article, we’ll be answering the following questions:
We’ll also be taking a look at one of the biggest cybercrimes in history — a sustained wire transfer phishing scam against Google and Facebook.
Also called “wire transfer fraud”, wire transfer phishing is a type of “social engineering attack” that uses impersonation to trick the victim into transferring money to the attacker.
Like other types of social engineering attacks, cybercriminals use a number of different methods to carry out wire transfer phishing against businesses and individuals.
But, we can offer a “typical” example of this kind of attack.
Imagine you’re an employee in a company’s accounts department. You routinely receive email invoices from suppliers, contractors, and service providers.
One morning, you get an email from Jane at IT Maintenance — someone who has emailed invoices regularly for the past five years. As always, Jane is friendly. She provides a normal-looking invoice for some computing services your company uses regularly.
You pay the invoice in the usual way, using the bank account details provided. But you didn’t realize that Jane’s email address was subtly different this time — instead of the usual jane@itmaintanance.com, the email came from jane@itmainetance.com.
You just fell victim to a wire transfer phishing attack — and paid money into a cybercriminal’s account.
Can you spot the difference in the email addresses? This is just one example of email impersonation.
There are many types of phishing. But they all have one thing in common: the hacker is trying to trick targets into handing over information, transferring money, or granting access to networks.
Wire transfer phishing aims to trick the victim out of money by persuading them to transfer money into the attacker’s bank account. Below are other types of phishing motivated by a financial incentive.
But there are plenty of other “types” of phishing. While phishing typically refers to an email-based social engineering attack — 96% of phishing attacks occur via email – hackers can use other methods of delivery, too. For example:
Wire transfer phishing could occur via SMS, phone, or social media — but email is much more common. For more information, see our article: Smishing and Vishing: What You Need to Know.
Some types of phishing are defined by how they target victims. For example:
Wire transfer phishing is very likely to involve spear phishing. After all, you’re not very likely to hand over money to an individual that doesn’t even use your name. Business email compromise and whaling also usually involve wire transfer phishing. Keep reading to find out just how much business lost (and hackers gained).
Businesses and banks are continually investing in new defenses against phishing. Some of these strategies work, and they are making a positive impact.
But due to the increasing volume and sophistication of such scams, businesses are losing more money than ever.
Business and cybersecurity leaders understand that wire transfer phishing is a severe threat — and they take steps to defend against it.
Recognizing wire transfer scams can be extremely difficult. But, even the least sophisticated scams share some hallmarks, including:
These traits are rarely present in successful wire transfer attacks, which can involve impersonations of specific people and careful recreation of invoices that appear identical to genuine documents.
If you’re a security leader who’s trying to help your employees spot spear phishing attacks, this article (and infographic) will help: What Does a Spear Phishing Email Look Like? Training can help, too.
It’s essential to make your employees aware of wire transfer phishing and other security threats. But employees should never be the last line of defense.
Phishing techniques have become so sophisticated that even the most tech-savvy employees can miss them (including the NSCS’s cybersecurity experts). Humans aren’t good at recognizing subtle changes in behavior and identity — no matter how much training they receive. That’s why email security is essential.
Interested in learning more about the pros and cons of phishing awareness training.
The best way to stop wire transfer phishing is to deploy email security software across all employee devices.
Tessian Defender, for example, uses AI to learn your employees’ inboxes inside-out. Tessian knows what a “normal” email looks like — so it knows when a wire transfer phishing scam is occurring.
Tessian can pick up on the tiny differences in email addresses that indicate spoofing. It can even detect behavioral changes that suggest that the sender isn’t who they say they are — and that their email has been compromised.
Once detected, employees are warned (which reinforces training), security teams are alerted, and the domain is automatically added to a denylist. Crisis averted.
In addition to deploying email security software and increasing staff awareness, your finance team should take steps to validate wire transfers before making payments. For example:
These validation processes are important, but they can take time and resources — and they’re far from foolproof, as we’ll see below.
To help you better understand how wire transfer phishing works, let’s take a look at a real-life example.
In 2019, a Lithuanian national named Evaldas Rimasauskas appeared in court in New York. Rimasauskas pleaded guilty to participating in the biggest phishing scam in history and received a 5-year prison sentence.
Between 2013 and 2015, Rimasauskas and his associates used wire transfer phishing to scam Facebook and Google out of around $121 million.
So how did this team of cyber-criminals trick two of the world’s largest tech companies into giving up so much cash?
First, the group set up a company with the same name as a genuine Taiwanese computer manufacturer that supplied Facebook and Google with hardware — “Quanta Computer.” Rimauskas set up bank accounts in the company’s name across Latvia and Cyprus.
The scammers then emailed Facebook and Google employees from fake spoof accounts, pretending to be Quanta Computer employees. These emails were convincing enough to persuade the tech firms’ staff to pay invoices into Rimasauskas’ fake bank accounts.
Once the cybercriminals had received payments from Facebook and Google, they quickly transferred the money to a network of accounts across Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong.
How did the group get away with making such substantial transfers for so long? Didn’t the receiving banks question where this money was coming from? Well, the group also created fake invoices, contracts, and letters — purportedly from the tech firms’ employees — to verify the transfers.
What can we learn from the Rimasauskas case?
It’s hard to deny the cleverness of Rimasauskas’ scheme. If Facebook and Google — two of the wealthiest companies on the planet — can lose $121 million this way, then any company could fall victim to a similar scam.
To learn more about how Tessian can detect and prevent wire transfer phishing attacks and other advanced impersonation attacks, book a demo. Or, for insight into how we’re helping world-learning organizations, check out our customers page.
