These days everything is done electronically, we rarely even write checks anymore. Sending wire transfers has become the new “norm”, especially for businesses. Recently we had a client that unfortunately experienced the dark side of electronic payments and they aren’t the only ones…
There are two companies involved in this story. Let’s call them Company A and Company B, both companies are truck dealers and only a state apart. They have been working together for years, Company A would regularly send Company B pictures, information and copies of titles to trucks they would take in on trade. When company B would go through all the material and decide to purchase a truck from Company A, they would wire the funds over to Company A and then Company A would FedEx the title over so Company B can pick up their newly purchased truck.
In recent transaction, Company B wired Company A $56,000, after 5 days Company B still hadn’t received their title and contacted Company B to inquire as to the delay. It was quickly discovered that even though sent, the wire never reached its’ intended destination.
Now if you guessed what might have happened here, then you, my friend, have what we like to call Strategic Intelligence!
After some investigation we found out that someone obtained enough information about Company A’s wire instructions, how does this happen? We think that there might have been a compromising email sent to someone in Company A, thereby giving them access to the corporate email account allowing the perpetrator to intercept wire instructions going to their bank, instructions were modified with a new routing number and recipient account number, which caused the money to end up in a bank in Nigeria!
There are a number of lessons here...
1) Always try to have a verification process with your bank, yes, this might be tedious at times especially when you have multiple transactions a day but it is better to be safe than sorry!
2) Always double check email addresses with wire information. Sometimes a variation of this scam includes changing one character in an email address which is very easily over looked. For example, instead of being “email@example.com” the perpetrator could make up an email address such as “firstname.lastname@example.org” which is hard to catch at time.
3) If something is looking suspicious call the company you have to send the transfer to just to verify/double check everything over the phone.
Have a Suggestion?
Let us know! Feel free to give us any feedback or suggestions for upcoming newsletters here!