Cyber Phishing For Wire Fraud

Rinat Klier Erlich

There are many forms of cyber fraud including, stolen information, cyber ransom and identity theft. In those situations, a perpetrator attacks a business and is able to steel from the business information of third parties, financial documents, or even shut down the business data in exchange for payment of a ransom. Those forms of cyber-attack are against the business with intent of gathering general information that can be used later. However, since businesses are aware of possible vulnerability to cyber-attacks, many companies regularly update their systems against viruses and malware, they use encrypted data storage, and they install firewalls.

Yet, as defenses to cyber fraud are developed, the perpetrators become more sophisticated as well. A new form of cyber fraud has emerged, and this form of cyber fraud is based on targeting a specific group of professionals, it involves spying on their activities, and it results in wire fraud. By default, this necessitates more creative ways in which to resolve these multi-party, complex claims matters as discussed below.

Cyber thefts around the globe grew last year to an alarming $1.2 billion, compared to $100 million in more traditional theft from financial institutions. In light of those developments world-wide, in the last few months, Southern California saw an increase of focused attacks on real estate transactions resulting in wire fraud. Real estate transactions involve several parties, all eager to close the transaction (causing the parties to pay less attention to detail), and there are large amounts of cash that exchanges hands. Waiting years for the court system to resolve the issues is just not feasible.

In a typical scenario, a perpetrator locates e-mails of attorneys working in a specific area. An inexpensive software can be used to run such a search and identify the attorneys. Then the perpetrator engages in phishing by sending e-mails with purported attached documents. A perpetrator can, for example, send a document through DocuSign or GoogleDocs and the e-mail invites the recipient to log in from the e-mail into what appears on the receiver’s e-mail to be the sign in page for the software (DocuSign or GoogleDocs). The perpetrator then records the password and uses it to start monitoring the real estate agent or broker’s e-mail.

Once the perpetrator learns of an existing transaction the perpetrator can then pose as a party to the transaction. For example, the perpetrator can send an e-mail from opposing counsel’s actual e-mail account with wiring instructions to the victim. The perpetrator is able to accomplish an e-mail exchange by changing the action in the attorney’s inbox, so that the inbox will not show incoming e mails and the victim would not suspect that another person is communicating from their e mail account.

Another form of attack is by sending an e mail suggesting that the recipient take action such as deposit a check that will be sent separately or purchase gift cards for a client on behalf of a partner at the law firm. All those e mails come from the name of the attorney the victim knows, but the address is wrong.

These new forms of scams are very sophisticated because they are not like an anonymous perpetrator penetrating the business firewalls. In those newer forms of scams the perpetrator actually monitors an e-mail account and learns valuable information about the account holder’s business. This is like a house burglar monitoring when the occupants leave the house and when they go to sleep. These scam are also fast! The sooner discovered, the sooner it is necessary for one’s own protection as well recovery of funds, to mediate the matter, concomitantly obtaining a restraining order regarding the exporting of funds.

There are several ways to avoid phishing that results in wire fraud. Internet users are encouraged to use two methods of verifications (when they log into their e mail it sends a verification to the person’s phone). They are also encouraged to update their software when updates are available, and not continue to use older software versions. Parties should always include a phone conversation when a transaction involves money transfer, and everyone should always read their e mails carefully.

Yet most importantly, when a problem occurs, all parties must assist each other to immediately address it and prevent the spread of the information. Unfortunately, parties have been reluctant to call the FBI Cyber Crimes division due to concern with IRS and other regulatory bodies. The FBI informs, that if it learns of wire fraud within the first 72 hours, it has the best chances of recovering the funds. Contacting the recipient financial institution can put a hold on the wire before it is released to the perpetrator’s hands.

Society’s fast pacing approach to handling transactions and money has to be met with an equally fast pacing resolution. If parties start pointing fingers at each other and wait until the dust settles, the losses can only grow and the damages will be much higher.