Warning: International Wire Transfer Fraud
A U.S.-based OIA member company was recently hit by a phishing scheme that almost cost them $50,000. Here's how they narrowly avoided the loss and what you can do to stay safe.
Thanks to swift action by the U.S. company and its U.S. bank, they were able to reverse the international wire and get their money back. They were extremely lucky. Now, they’re warning their industry peers.
This is how the criminals executed the scam.
- Somehow they intercepted communication between the U.S. company and the China supplier.
- The criminals then registered a new URL in Nigeria with one letter different. An example: Correct email: email@example.com the fake email firstname.lastname@example.org As you can see they just omitted the “s” in bags and that was sufficient to trick everyone.
- The criminals then emailed the production department impersonating the supplier and asking to change the remit to banking information.
- The production department responded by asking the fake email criminal security questions that only this supplier would know and also requested they resubmit an updated commercial invoice with the new banking information.
- The criminals answered the security questions correctly and resubmitted an updated commercial invoice with the fraudulent banking information.
- The production department, upon receiving the correct answers to the security questions and the updated invoice had accounting wire the money to the new fraudulent bank account.
- The production department immediately, as is standard practice, emailed the supplier with the transfer information, and the supplier emailed back immediately raising the alert of the fraud.
How did they answer the security question correctly? The criminals upon receiving the production department email with the security questions, registered another fake email account , again with only one letter missing, and emailed the supplier asking them to verify these security questions. The suppler answered the security questions for the criminal, which they then passed along to the production department.
The company reached out to OIA in order to alert other members to this scam and to suggest everyone review their communication and security protocols. An immediate policy that the U.S. company has instituted is to not allow any changes to existing banking information during a production cycle. And then only allow changes using multi step authentication.
The company reached out to OIA and suggests everyone immediately:
- Changes any and all passwords to emails, servers, and any systems that require passwords, including cell phones.
- Be on high alert for any suspicious emails.
- Double check that any financially related emails you receive have the correct domain address.
- Do not just click reply on an email requesting certain information or any financially related information or changes. Start a new thread using the email address stored in your address book.
- Do not forget to purge your email cache if you inadvertently replied to an incorrect/fraudulent email address.
- Warn your customers and suppliers to this scam.
- Advise everyone involved immediately if you find, receive or are a victim of any scam communication.
- Investigate within your home country what security protocols you should be following to protect you and your customers.