Domains in disguise

Fake domain wire-transfer schemes


Using a classic phishing scheme, fraudsters are taking control of company email accounts to initiate wire transfers from unsuspecting employees. We show how crooks lure victims into their traps and how you can protect your clients.

A new controller, Sam, reported for work at ABC Tire Company. He was anxious to prove that his employer had hired the right person. In his first week, he received an email from the company CEO with the instructions, "Process a wire of $205,250.29 ASAP to the below account information. Code it to professional services. Send me the confirmation when completed. Thanks, Gary, CEO."

Sam promptly followed his CEO's instructions and completed the wire. When he approached the CEO the following day, he smiled and said, "Sir, I took care of that wire transfer you requested." The CEO responded, "What wire transfer?" To his horror, Sam realized he'd been a victim of an Internet fraud scheme. The email had come from a fake, cleverly disguised corporate domain.

This scenario describes a crime that's occurring in all types of international organizations. Our company first began receiving reports in spring of 2014 about a scheme that tricked companies into fraudulently wiring funds to "vendors" with overseas bank accounts. It first appeared to resemble a standard phishing attack. [Cybercriminals use emails to "phish" for personally identifiable sensitive information (PII) such as usernames and passwords. A legitimate-looking email requests the recipient to click a link and log in. The victim enters PII onto the site and the phish is speared.]

However, we soon found that the scheme had three unique traits: 1) It used a fake email domain intentionally designed to fool the recipient into thinking it came from his or her company. 2) The victim companies, rather than the banks, suffered the full loss of the funds. 3) It had an alarmingly high success rate — a sure sign that it will be a growing trend.

In this fraud, a company's accounting personnel receives an email from a "senior executive" in the company who requests that they wire funds to an overseas bank account — supposedly for a new vendor — only to find out after the transaction that the email was forged.

As the reports started pouring in from our clients, the U.S. Secret Service confirmed that a wire transfer scheme using fake email domains — and exhibiting the three unique traits listed above — was becoming widespread throughout the country. 


For full access to story, members may sign in here.

Not a member? Click here to Join Now and access the full article.