Recently, the FBI, FS-ISAC, and IC3 alerted the industry to a new fraud scheme involving corporate account takeover and unauthorized wire transfers sent from the accounts of small and medium-sized businesses to China. There were twenty incidents investigated by the FBI with $20M at risk and $11M in losses. I’m guessing there were many more incidents that never made their way to the FBI and the situation is actually much worse. In fact, some of our customers detected fraud attempts associated with this same alert and were able to stop fraudulent transactions from occurring.
What’s really striking to me is not the total loss, but the boldness of each individual attack. Wires investigated by the FBI ranged from $50,000 to $985,000. Data from unsuccessful attempts against our Real-time Wire Fraud Detection users put the largest single wire attempt at $1.9M.
With no risk of retribution, criminals are getting bigger and bolder and experts are warning these schemes will continue. Avivah Litan was quoted in a BankInfoSecurity.com article saying, “You can be sure the attacks won’t abate until banks fight back.” I couldn’t agree more.
The risk of not taking action is too great for financial institutions. The cost of this type of attack and its impact on profitability, operational resources, customer loyalty and reputation is much higher than any fraud prevention solution. We are thrilled our customers proactively invested in protecting their account holders and that no money was lost to these attacks. Not every business and every bank was as fortunate.
We hope the attention given to this scheme will create a call to action for institutions to fight back. It costs less money, time and effort than most think to prevent these attacks. Millions of stolen credentials are already available to criminals and with the recent Sony PS3 and Epsilon breaches, there is more personal information than ever at large to help criminals compromise accounts. I hope it doesn’t have to get too much worse before it gets better.