In our previous blog entries Real Estate Wire Transfer Fraud and Wire Transfer Fraud Update, we shared the issue of wire transfer fraud and provided suggestions on how to avoid the issue. We now want to elaborate on how you can be proactive in the fight against wire transfer fraud.
For the individuals who are wiring the funds, steps to safeguard your funds include:
Request that the wiring instructions be provided early in the transaction through a secure email address. Do not courtesy copy individuals on the email if they do not have a secure email;
Confirm the wiring instructions verbally over the telephone;
Carefully scrutinize the email addresses used by the professionals handling the transaction; and
If you receive a subsequent email changing the wire transfer information, confirm the change over the telephone.
For the companies facilitating the transactions, the exact steps to take can widely vary depending on the size of the organization. A good place to start, generally speaking, would be the following:
1.) From the onset of the transaction, professionals should make the parties involved aware of these types of scams. If all participants can exercise diligence in confirming information, the hacker’s misinformation can be more readily identified and circumvented;
2.) Organizations should work closely with IT professionals to analyze their system and put preventative procedures in place to minimize the risk of compromise, including:
Periodically assess the risks posed by known threats and current vulnerabilities within the system. Simply because a system is low on a threat-level index now does not mean it will always remain that way. Annual, if not quarterly, review of a system’s relative exposure is necessary, as hackers and malicious software are always adapting.
Workstations and servers – or “hosts” – should be appropriately hardened. In addition to keeping software properly updated, each host should be configured to follow the “principle of least privilege.” In other words, each user should only have the privileges necessary for performing their duties. Typically, not every employee needs or should have access to the main server, the ability to make system-wide changes, the access to change security settings, etc.
The network “perimeter” should be configured to deny all activity that is not expressly permitted, which includes securing all connection points, such as VPNs and dedicated connections to outside organizations.
Workstations, servers, email servers, web proxies, etc. should all have malware prevention software installed and set to continually monitor activity.
Policies and procedures should be in place regarding the proper use of networks, systems, and applications. Furthermore, initial and continual training should be provided as employees are hired and as policies change. Improved user awareness is key in minimizing successful attacks.
3.) Companies should train and require their employees to carefully scrutinize all email addresses used by all parties in the transaction; and
4.) Professionals should make the transferring party aware early in the transaction that any subsequent wire change will be confirmed via telephone.
For further information on incident prevention or how to establish procedures to handle a situation should your system be compromised, please review the Computer Security Incident Handling Guide, Special Publication 800-61, Rev. 2, published by the National Institute of Standards and Technology, and contact your IT Administrator to discuss your system’s security.
Boatman Ricci has experience in handling cases which involve wire transfer fraud. If you have been impacted by a wire transfer fraud and are in need of assistance, either as a plaintiff or a defendant, please contact the Boatman Law Firm at (239) 330-1494 for a consultation to discuss your case.
* * * * * * * * * *
THIS BLOG IS INTENDED FOR GENERAL INFORMATION PURPOSES ONLY. IT DOES NOT CONSTITUTE LEGAL ADVICE. THE READER SHOULD CONSULT WITH KNOWLEDGEABLE LEGAL COUNSEL TO DETERMINE HOW APPLICABLE LAWS APPLY TO SPECIFIC FACTS AND SITUATIONS. BLOG POSTS ARE BASED ON THE MOST CURRENT INFORMATION AT THE TIME THEY ARE WRITTEN. SINCE IT IS POSSIBLE THAT THE LAWS OR OTHER CIRCUMSTANCES MAY HAVE CHANGED SINCE PUBLICATION, PLEASE CALL US TO DISCUSS ANY ACTION YOU MAY BE CONSIDERING AS A RESULT OF READING THIS BLOG.