Stay Connected

Our News Centre and Blog is your link to a dynamic network of information, people, and ideas curated by our FX and payments experts.

Compliance Corner
E-Mail Compromise Fraud

Karen Bannon September 29, 2016

Fraudsters are increasingly turning to the internet to facilitate their criminal activity and E-mail Compromise Fraud is a fast growing area of cyber-crime affecting financial institutions. The FBI began tracking E-Mail Compromise Fraud in 2013, and since then over $3 billion in losses have been reported. Victims of E-Mail Compromise Fraud schemes range from individuals to small businesses to large corporations.

E-Mail Compromise Fraud is a sophisticated scam that targets individuals and employees that regularly perform wire transfers. The scam involves a criminal deceiving a financial institution or their customer, into conducting an unauthorized wire transfer in of large sum of money, to an account in a foreign country controlled by the criminal.

Criminals perform this deception by using intrusive techniques to compromise the victim’s e-mail account, such as hacking an actual e-mail account or spoofing an e-mail account by creating a fake account that closely resembles the real account. Once the victim’s e-mail account is compromised the fraudster transmits unauthorized payment instructions that appear legitimate to the financial institution.

In some cases, fraudsters directly submit fraudulent payment instructions to the financial institution by impersonating an individual or company employee. In other cases, the fraudsters impersonate a company executive or supplier to mislead an individual or company employee to submit the fraudulent payment instructions to the financial institution themselves.

It is often difficult to recover funds that are stolen and wired to a foreign bank account, so it’s important to report the fraudulent activity to law enforcement as quickly as possible. Victims or their financial institutions should file a complaint with the FBI’s Internet Crime Complaint Center (IC3) for assistance in recovering funds stolen as part of an E-Mail Compromise Fraud scheme.

However, in order to truly prevent E-Mail Compromise Fraud, it is critical to identify the fraudulent payment before the transaction is completed. This requires financial institutions to carefully review and verify payment instructions when they are submitted. Some best practices for financial institutions to detect and prevent E-Mail Compromise Fraud are:

1. Explain to customer’s how E-Mail Compromise Fraud schemes work and recommend they implement a dual approval process when ordering transactions.

2. Check that new wire requests are consistent with the manner in which the customer typically submits wire requests. Investigate any unusual wire requests and look for similarities to known E-Mail Compromise Fraud schemes.

3. Know your customer and their typical transaction activity. Be aware of changes in their established transaction patterns, such as the frequency or timing of payments, or payments involving new locations or significantly high amounts.

4. Authenticate payment instructions involving new beneficiaries or existing beneficiaries with new account information. Use multiple means of communications and don’t necessarily rely on the contact information provided with the original payment instructions.

5. Report fraudulent and suspicious activity to the relevant authorities and include specific details about the wire transfer instructions and fraudulent scheme.

Financial institutions play an important role in identifying, preventing and reporting fraud schemes. Please feel free to review FinCEN’s advisory and the following material related to E-Mail Compromise Fraud for detailed descriptions of fraudulent scenarios, an extensive list of red flags that can assist in identifying this activity, and guidance on reporting the fraudulent activity.

– Advisory to Financial Institutions on E-Mail Compromise Fraud Schemes

– Cyber Technologies & Financial Crime: Defending against a Dangerous Convergence

– FinCEN Calling for Compliance Convergence to Better Tackle ‘Cyber-Enabled’ Frauds

– Business E-Mail Compromise: The 3.1 Billion Dollar Scam