Wire fraud is seldom in news, but when it is, it serves as a reminder to a very real risk. Consider the Wall Street Journal’s coverage of Mega Metals, an Arizona business that recently lost $100,000 to wire fraud.
How it happened
As a scrap metal processor, Mega Metals routinely places titanium scrap orders for hundreds of thousands of dollars. In April 2015, one of their suppliers contacted Mega Metals to complain when they failed to receive payment on a $100,000 order. Mega Metals assumed this was nothing more than a hiccup in accounts payable, in actuality cyber criminals hacked the network of Mega Metal’s broker and committed a sophisticated act of wire fraud
First, cybercriminals infected the broker’s computer with malicious software and stole the broker’s email credentials. Using the broker’s email address, they updated the wire request to redirect payment away from the supplier and into their own account. The bank, thinking the request came from a valid source, processed the wire as normal. No one figured out fraud occurred until the supplier called to complain and by then it was too late.
Could this happen to you?
According to the FBI, wire fraud has been on the rise for the last decade and companies have lost more than $1 billion dollars to wire fraud since 2013. These numbers are going to continue to grow as cybercrime becomes more advanced. If you haven’t spent any time thinking about vulnerabilities in your wire process, now might be a good time to do so.
To help you get started, we’ve listed below some of the methods cybercriminals use to commit wire fraud. We also placed a brief description of how CashWire, our secure payment management system, helps protect against those threats.
|Normal Payment Process|
|Threat||Diagram||CashWire Security Protection|
Use of malicious software to obtain user credentials (ex. Trojan keystroke logger) to send a fraudulent wire.
Multiple Layers of Approval
This method wouldn’t be practical using CashWire’s standard multiple layers of approval. For example, the attacker would need to obtain the proper credentials for every person involved in the workflow (Usually three or more people).
Network Level Authentication and Protection
In addition, CashWire limits access only to users inside the client’s local network who have the proper network entitlements, as the system is local installation behind the client’s firewall and integrated with Windows Active Directory (AD). Therefore, in addition to the CashWire application credentials, an attacker would need to penetrate the client’s firewall and obtain the proper network credentials for all users in the workflow.
Two Factor Authentication
Finally, CashWire integrates with RSA or Safenet key fobs that feature constantly changing passkeys for two factor authentication. If a client used RSA or Safenet, an attacker would need to accomplish all the feats above and physically obtain each user’s specific token to send a fraudulent wire.
Intercepting wire data in transit and capturing or modifying that data to send a fraudulent wire.
CashWire uses TLS and SFTP encryption to protect data in transit. The system also communicates over the highly secure SWIFT network, which is used by the world’s leading banking institutions to send financial messages. In addition, the CashWire messages themselves are encrypted using the secure SHA-256 algorithm. Taken together, this makes CashWire messages nearly impossible to intercept.
The use of non-technical trickery to send a fraudulent wire. For example, an attacker could use a similar but not identical email address (ex. consulting.com v consultng.com) to attack internally (e.g. a spoof wire request email from the CFO to a subordinate) or externally (e.g. a spoofed wire email directly to the bank).
Internal Social Engineering Attack
CashWire protects against internal social engineering attacks through the use of strict debit/credit account relationships that restrict where wires can be sent and from what accounts they can be sent to. Furthermore, an enforced multi-step workflow and approval process prevents any one person from inadvertently processing a fraudulent wire.
External Social Engineering Attack
CashWire uses Digital Signatures to ensure the authenticity of wires and protect them from tampering. With Digital Signatures, each wire is cryptographically signed by the sender (the client) and validated by the recipient (the bank). The recipient’s systems would automatically reject the wire if the digital signature was missing or tampered with.