How to Spot Phishing Scams and Prevent Fraudulent Wire Transfers

Threat actors have been adding a new twist to their phishing email scams. Increasingly, working professionals are being targeted by phishing emails sent from a spoofed or hijacked account of a known and trusted contact.

These targeted individuals often have authority to authorize payments or have access to sensitive data. Think about this. Just one successful phishing attempt could provide sensitive internal information about the organization or their customers.

A larger, high-stakes phishing attempt could even result in a wire transfer with the employee thinking that they are paying for a legitimate bill instead of a threat actor at the end of an unknown bank account. For a threat actor, this type of scam can be the quickest route to financial gain.

As a technology management provider, we recommend that everyone Pause, Consider and Verify each email they receive – especially if it is from an external sender.

Let’s take a closer look at malicious trends that we’ve seen in recent months. And offer some best practices designed to help employees spot and avoid these email threats.

RELATED: Cyber Insurance 101 – What You Need to Know to Protect Your Business

Threat Actors and Phishing Scams

Phishing emails are a tactic threat actors have used for the past couple of decades. However, today’s phishing emails tend to be much more targeted towards their victim and often involve impersonating someone they know and have interacted with in the past.

Recently, we’ve seen an increase in users falling prey to phishing emails. The surprise has been how many of these phishing attempts were aimed toward employees with financial responsibilities.

A common format that these type of emails often follow, involves a request from a known source. Sometimes the threat actor will make mistakes or show inconsistencies in their message. If something seems off, it’s worth reporting to your IT Team for further investigation.

RELATED: Beware of These 4 Most Common Cyberattacks

Targeted Phishing Scam Examples

Wondering what this might look like in real life? Here’s a few stories we’ve heard about threat actors sending sophisticated, targeted phishing emails and what happened next. These examples show why it’s crucial to Pause, Consider and Verify, when interacting with email messages.  

Real Estate Company

An employee with financial responsibilities received a request for payment from a vendor. The amount requested was relatively small. Therefore, the employee didn’t look closely at the request – missing inconsistencies that indicated the requester was impersonating a known contact. This included a bank routing number that was not on file for this vendor. Since the first payment request was accepted and processed, the threat actor later tried again. The second request was for a larger amount of money.

Nonprofit Organization

An employee in Accounts Payable received a payment request from what they thought was a known vendor email address. The payment was sent. Afterwards, it was noticed that the requesting email address, had an extra “l” in the domain name. The threat actor had purchased this similar-looking domain name, months earlier, created an email address with the username of a known finance-related individual at the vendor – then waited for months. Waiting (and letting enough time to pass by) allowed the domain name in the email address to not be marked as “new” and possibly caught by the receiving organization’s spam filter. The recipient didn’t catch the impersonated email address as having an altered domain name, as the difference between “l” and “ll” is a very small (and thin) difference in character composition.

Distribution Company

An employee email account was hijacked. The threat actor sent an email through this hijacked account to a co-worker, asking them to click on a link and access a shared file. But the employee whose account was being hijacked, had never used the shared file system. Turned out the link was nefarious and when clicked, it shared a virus.

Best Practices to Stop a Phishing Scam in Its Tracks

Thinking about all the things that could go wrong, can be quite frightening. That’s why we, at Elevity, constructed this list of best practices to get you started on the right track towards better organizational cybersecurity health.

In general, we recommend a combination of cybersecurity awareness training to keep your employees vigilant in their super-cyber sleuthing email identification efforts and add tools to your tech stack that will help to filter out and/or “red flag” suspicious emails.

Best Practice #1: If you are physically located within the same office space as the requester, visit them and ask about the wire transfer request, face-to-face. This is your best and safest option.

Best Practice #2: Reach out to the requester through a communication channel, different than the one the wire transfer request was received through. (e.g., If the transfer request was received via email, call the requester to verify. Don’t hit reply on the email.)

Best Practice #3: Reaching out to the requester via Microsoft® Teams may be an option. However, be aware that if a person’s Microsoft Outlook email account has been hijacked, then the threat actor will have access to their Microsoft Teams account too. In your conversation with the person, be on the lookout for improper grammar or limited knowledge of your organization’s staff or procedures.

Best Practice #4: Take a close look at the requester’s name, email address and what their request is. A bad actor with information on you and your organization may have done their research. Or worse yet, have hijacked an email account. Look for errors such as a slightly misspelled username, company name, etc. Be vigilant in looking for small errors. They can be “red flags” that something isn’t right.

Best Practice #5: Take a close look at the requester’s bank account numbers in the email. Verify that this is the same account that your organization has used before to deposit funds for this requester. If it isn’t, obtain further verification to ensure that the requester is who they say they are and the request is legitimate.

Best Practice #6: Conduct regular employee cybersecurity education and teach to Pause, Consider and Verify, before responding to any email request, especially high-stakes ones that are asking for a wire transfer.

Best Practice #7: Choose to design your email signatures in a unique way that will be difficult for threat actors to copy. Adding a logo is a good start, but a better choice is to add an embedded banner with your company information below email signatures at your organization.

Best Practice #8: Add software to your security stack that will flag all incoming email messages from external accounts with “This is an external email.” The message will prompt the recipient to be cautious as they review the email. If the email looks like it’s coming from inside the organization, but is marked as “external”, be wary. Chances are it’s a spoofed email posing as one of your co-workers but really from an outside sender. 

Where Do I Start?

Conducting an organizational cyber risk assessment is a great start. This will give you a clearer picture of where you may have gaps that need to be addressed.

While you could conduct an assessment on your own, a better alternative is to contact the experts at Elevity for an introductory consultation. You’ll gain a clearer understanding of your organization’s needs and be better equipped to determine if our comprehensive Technology360 Assessment is the right fit.