Protection from E-Mail Scams
E-mail scams are no longer Nigerian princes seeking help to recover their inheritance. Rather, e-mail scams have gotten far more sophisticated and pose a serious threat to targeted businesses. Using public information and social media, targeted businesses are thoroughly researched before making contact. Scammers research the names, nicknames, e-mail addresses and personal schedules of business officers. Information is acquired from supplier’s list of customers, business directories, and news articles which identify key officers, particularly those who can authorize wire-transfers. Scammers use this information to impersonate internal business officers or suppliers through e-mails.
The e-mails usually contain a fake contract and long e-mail chains explaining the need for an immediate wire-transfer. If an e-mail is responded to, scammers are ready to respond to any questions that might be made to further explain the need for an immediate transfer. The e-mails are sent through a deceptive domain name specifically created to closely resemble the domain name of the target. The deceptive domain usually adds or transposes digits or letters making the difference in name unnoticeable at a glance.
Sophisticated scammers will initiate these e-mails when the CFO is on vacation or traveling, making it difficult for employees to contact them with any questions regarding a wire transfer request. Additionally, scammers will try to initiate wire transfers over the phone, gathering information on targets by talking to different employees within a company. Most targets have had repeated contact by a scammer prior to any wire-transfer requests.You’ve Been Scammed, What Do You Do Now?
When a fraudulent transfer is discovered the victim must act quickly. Swift detection and response is vital for recovery of funds. Immediately contact the bank the wire transfer was sent, as well as the victims bank to put them on notice of the fraud. Simultaneously, notify police in the jurisdiction where the funds were transferred, the police can freeze the bank account before any legal action can be taken. As soon as possible, commence legal action in a court that has jurisdiction over the entity to which the money was transferred. Seek a freezing order and disclosure order for the account at issue, and start a civil claim against the entity claiming the money the victim has been cheated out of plus interest and legal costs. Usually the scammer will not answer the legal action resulting in a default judgment for the victim.Who Is Liable for Unrecovered Funds?
Banks can be held liable for any unrecovered funds if they did not exercise due care regarding fraudulent transfers. If a bank fails to implement reasonable security measures, follow defined security protocols, or recognize and respond to unusual activity, due care has not been exercised.i Banks may not be liable if a business does not implement security controls recommended by banks, such as daily limits on the volume of wire transfers or requiring second authorize users to approve pending payment orders.
Insurance may possibly cover wire-transfer fraud, depending on the policy language. In many cases, insurance may not cover any losses that were transferred by employees authorized to make transfers. A small body of case law has found that in these cases, the use of computers in the fraud was “merely incidental.” iiHow Can You Prevent Wire-Transfer Scams?
The first line of defense against these scams are the employees. Properly educating employees of scamming techniques and how to spot them is key to prevention. Call the actual supplier or business officer if any requests for transfers are questionable. Configure e-mails to reveal the full address of senders and recipients in the e-mail threads to help identify deceptive domain names. Employees should use work e-mail addresses only for business, not as a login for social media accounts or to communicate socially. Similarly, personal e-mails should not be used for business communication. Be skeptical of hyperlinks and attachments in e-mails before opening them. Check the URL of the link is the actual website it claims to be. Scammers will also try to become an employee’s friend on social media to gain important personal information.
If an employee receives an e-mail requesting outside of their department, such as a wire transfer, it is best not to reply to the sender. Although scam e-mails may be detected by lacking company e-mail headers and uncommon e-mail signatures (Gregory vs. Greg), more intricate scammers will draft them identically due to previous communication with the target business and their research. It may be worth considering paying an outside firm to determine a company’s vulnerabilities. As scamming techniques become more sophisticated, it is important to stay vigilant and create a plan of action to deal with potential fraud situations.
For more information or assistance, contact the experienced Chicago Business Lawyers at Bellas & Wachowski.
Authored by Michael Rizo, Attorney at Law
i Experi-Metal Inc. v. Comerica Bank (E.D. Mich., 2011); PATCO Constr. Co. v. People’s United Bank (1st Cir. 2012)
ii Apache Corp. v. Great An. Ins. Co. (5th Cir, Oct. 18, 2016)(unpublished); Aqua Star (USA) Corp. v. Travelers Cas. And Surety Co. (W.D. Wash. Aug. 1, 2016); Pestmaster Servs., Inc. v. Travelers Cas. And Sur. Co. (9th Cir. Jul. 29, 2016)(unpublished)