In today's digital age, wire fraud schemes rely on targeted email phishing. Although they have become increasingly common, many people believe they cannot fall victim to this type of fraud. Below is a quick example of how a simple scam works:
Using malware or another nefarious way, a fraudster hacks into or gains access to your email account.
- Once in, they begin reading your email, specifically looking for those which include business transactions. So, let's say you are having some work done on your house, and the contractor is communicating with you via email. The fraudster finds messages with this contractor which are of a money transaction nature.
- At this point, they will begin recreating and playing the part of the person to whom you are doing business. To do so, they create an email address similar to the contractor. For example, the contractor’s email address is firstname.lastname@example.org. The fraudster will secure email@example.com (with an “l” instead of a “1”), which looks a lot like the email address you are accustom to seeing.
- Then, they will email you to tell you there have been some changes with your account or services, and ask for you to pay differently, perhaps by wiring them money (hyperlink to wire fraud content). The fraudster is banking on the likelihood you will follow through on their request.
Although not very elaborate or sophisticated, this scam works. Luckily, in the fight against fraud, a little knowledge can go a long way. We have put together three simple ways to protect yourself (or anyone who handles your money) from this particular type of scam:
- Be suspicious of emails. Do not just take at face value what you see in your inbox. Beyond just a glance, take a moment to check the sender's email address carefully. Validate any new payment instructions you receive via email.
- Know your vendors. Know who is doing work for you and know them well. Know them well enough that any changes will throw a red flag.
- Pick up the phone. If anything appears suspicious, call and speak directly with the individual requesting the payment to validate the changes are legitimate before processing.