Wire fraud and business email compromise (BEC) are not just topics of discussion but real threats we encounter frequently. Our industry and business are prime targets for these attacks. However, it's not just our field offices and agents at risk. Consider the many other business functions that handle bank accounts and payments. In our world, it's escrow accounting and management. In every business, the HR department manages payroll and direct deposits, accounts payable processing and paying invoices daily, procurement establishing vendor relationships, and payment protocols. All of these functions are vulnerable to the same types of social engineering and phishing attacks.
In a recent incident, the town of Arlington fell victim to a $445,946 scam. The fraudster impersonated a vendor involved in a High School Building Project. User accounts of certain town employees involved in the project were compromised last September, and cybercriminals monitored their emails. This technique, known as a 'sitting duck,' allowed the criminals to impersonate a legitimate vendor and request a change in their payment method from check to electronic fund transfer at the last minute. This incident serves as a stark reminder of the real and immediate threat of wire fraud and BEC.
Takeaways:
- Examine every request for red flags of being a phishing email
- Any requests for payment type or account change for vendors or employees should raise a red field every time until authenticity is validated
- Use an out-of-band (different from the original) channel to contact the requestor
- Validate against well-known information captured at the time of account creation
This incident is just one of many reminders of the potential risks we face from wire fraud and BEC. It underscores the need for us to be vigilant and proactive in our efforts to prevent such attacks.
#ALTACyber
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------