Last month’s newsletter discussed measures a firm could take to prevent Business Email Compromise (BEC). BEC is where criminals spoof emails to appear as if they are coming from senior management within the company. Cybercriminals will often use this scheme to fool employees into wiring funds into an account controlled by hackers. The ploy can often be subtle and difficult to detect when it takes advantage of a legitimate transaction when a spoofed email directs employees at the last minute to send the funds to a different account. Hackers often target law firms, private equity firms, title companies, and CPA firms since they regularly transfer large amounts of funds.
So what can be done if your firm falls victim to a fraudulent BEC funds transfer? Time is of the essence when attempting to recover mistakenly transferred funds. Once the funds are deposited into an account controlled by the cybercriminals, they often are transferred to yet another account within minutes. Each account transfer makes recovery more challenging. If the funds are moved overseas, recovery becomes almost impossible as time elapses.
1. Call the banks: contact the bank from which you transferred the money AND the bank that received the funds. Have a fraud alert sent to the receiving bank and demand that they place a fraud freeze on the account. This is not the time to be polite or patient. Insist the bank confirm whether your funds are still in that account. If the funds are not in the account, do not get off the phone until you have been assured the bank will alert any other banks that received your funds to place a fraud freeze on those accounts as well.
2. Call the FBI: Ask for a Special Agent or Supervisory Special Agent that handles cyber crimes. The FBI offers a Financial Fraud Kill Chain (FFKC) process to help recover sizeable international wire transfers stolen from the United States. The FFKC is intended to be another potential avenue for U.S. financial institutions to return victim funds. Standard bank procedures to recover fraudulent funds should also be conducted. The FFKC can only be implemented if the fraudulent wire transfer meets the following criteria:
- the wire transfer is $50,000 or above
- the wire transfer is international
- a SWIFT recall notice has been initiated
the wire transfer has occurred within the last 72 hours.
To initiate the FFKC process, provide the following information to your local FBI office, which you can locate by visiting fbi.gov/contact-us/field-offices.
- Summary of the incident
- Name of victim
- Location of the victim (City and State)
- Originating bank name
- Originating bank account number
- Beneficiary name
- Beneficiary bank
- Beneficiary account number
- Beneficiary bank location (if known)
- Intermediary bank name (if known)
- SWIFT number
- Amount of transaction
- Any additional information that may be available, such as “for further credit” or “in favor of”