Monday, October 24, 2022
Wire Transfer Hocus Pocus
Cordelia worked in the accounting department for The House of Screams. The House of Screams, a wildly popular haunted house experience famous for its frightful attractions, was preparing for its biggest night of the season, Halloween! This year’s Halloween night event was set to feature the Wicked Witches of Westchester. The House of Screams provides its terrifying talent with all of their costumes and accessories. As an essential piece of their act, the Wicked Witches of Westchester requested that they be provided with the finest quality Nimbus 2000 broomsticks. The House of Screams ordered the expensive broomsticks two months in advance to ensure their arrival before Halloween night. Three days before the Halloween event, Cordelia received the following email:
From: Nimbus 2000 Accounting <Nimbus4U@hotmail.com>
To: Cordelia Goode
We have your broomsticks. Please wire payment using our updated information below by EOD to ensure timely delivery.
Account #: 105377345
Routing #: 110027364
The broomsticks MUST arrive on time. There is nothing wicked or terrifying about witches on Swiffer Dusters! Cordelia immediately wired payment.
The next day, Cordelia received a call from Sophia at Nimbus, who told her the broomsticks would arrive on schedule and payment would be due within (10) days of arrival. “But I paid you yesterday!” Cordelia exclaimed. Sophia had to break it to her. Cordelia had been tricked!
Don’t be like Cordelia. Here are some ways to mitigate the risk of fraudulent wire transfers:
- Verify the authenticity of any e-mail request to wire or change payment using a trusted telephone number.
- Implement formal, written policies regarding verification and dual authorization to perform electronic funds transfers.
- Provide dedicated, role-based training for personnel who handle electronic payments.
- Raise awareness of fraudulent payment schemes with customers, vendors, and business partners.
- Review your insurance coverage for fraudulent funds transfers – this type of coverage is often subject to sub-limits.
- Address fraudulent wire transfers in your incident response plan – you must act quickly to engage outside counsel, federal law enforcement, and your financial institutions to attempt recovery.
If you have any questions about how to improve your organization's cyber resiliency, contact a member of Maynard’s Cybersecurity & Privacy Team.