Thursday, April 18, 2024

Revisiting continuing cyber threat

At the risk of sounding like a broken record, we want to once again warn that wire fraud and attempted wire fraud continue at a steady, non-relenting pace. As you know, we try to limit our Fraud Alerts to those times when it is essential, but the recent level of reports has demanded our attention.

Please revisit your policies and bank staff awareness on bank wires. As we have said in the past, the call back should never, ever be skipped for any reason. Just when you think there might be a valid reason to skip this step, those are the times when we get calls needing assistance.

In the past weeks, we have seen three versions of attempted and completed fraudulent wires. The first was a huge wire that was requested by an oil field-related company. Our astute banker did call back to ensure the company wanted to send the wire. The company assured the banker it did indeed want to send it, and the entire transaction was later found to be a product of fraud. In that case, the company was defrauded but the banker did all he could to ensure it was a valid request and to express concerns to the customer.

The second attempt was a wire request initiated from a banker’s personal computer, where a virus had allowed the fraudsters to request a wire purportedly at his request. That bank also was alert and averted any losses.

Finally, we were made aware of a third case where the fraudsters were able to divert funds from one wire and it was discovered when they attempted to effect a second, larger wire. This incident involved an Oklahoma school district and the AG’s office is working with OBA to get a message out to our schools to be more aware since they have been frequent targets in the past.

Two important points:

  • An email from the customer in lieu of a callback for verification is flawed since the cyber criminals most likely have control of your customer’s computer and email. If you have a form specific to your bank that must be completed, it is also not enough verification as we have seen multiple instances where the cyber criminals have accessed those forms and replicated them with your customer’s wire instructions. An email rushing a wire or noting your customer is unavailable for a call back should also raise red flags.
  • A friendly reminder from our insurance guru, Judy Hanna: In almost every case, there will be no insurance coverage available for this type of loss unless a call back is done to a predetermined person. The call back will always be the difference between an attempted wire fraud and one completed. We are still seeing two or three attempts or completions weekly just here in Oklahoma and want to do all we can to move all those to the “attempted but not completed” category.

For even more details on this important topic, you can revisit our July 7, 2012 Fraud Alert and the Feb. 28, 2013 Fraud Alert.

Any time you think you may be seeing cyber fraud or attempts, the more quickly we get our FBI partners involved, the better our results. Speed in reporting dramatically increases the likelihood of any recovery if there is a loss. You can contact our FBI wire expert, Jason Nestelroad, directly or contact Elaine at 405.424.5252 or

Finally, check out the most recent OBA Update for two friendly reminders on the security side regarding upcoming meetings for our Physical Security and Information Security MAFIA networking groups.