Harford Bank Logo

office (410) 272-5000
fax (410) 272-0533


Tips from the FBI to Minimize Exposure to Wire Transfer Fraud

The FBI, Internet Crime Complaint Center (IC3), and Financial Services Information Sharing and Analysis Center (FS-ISAC) have promulgated a list of recommendations to minimize a businesses exposure to wire transfer fraud in the wake of a new trend in which cyber criminal actors are using spam and phishing e-mails, keystroke loggers, and Remote Access Trojans (RAT) to compromise networks and obtain employee login credentials. Stolen credentials have been used to initiate unauthorized wire transfers overseas. The wire transfer amounts have varied between $400,000 and $900,000, and, in at least one case, the actor(s) raised the wire initiator's wire transfer limit to allow for a larger transfer. In most of the identified wire transfer failures, the actor(s) were only unsuccessful because they entered the intended account information incorrectly.

Recommendations to Wire Transfer Originators:

  • Educate employees on the dangers associated with opening attachments or clicking on links in unsolicited e-mails
  • Do not allow employees to access personal or work e-mails on the same computers used to initiate payments
  • Do not allow employees to access the Internet freely on the same computers used to initiate payments
  • Do not allow employees to access administrative accounts from home computers or laptops connected to home networks
  • Ensure employees do not leave USB tokens in computers used to connect to payment systems
  • Review anti-malware defenses and ensure the use of reputation based content and website access filters
  • Ensure that workstations utilize host-based IPS technology and/or application white-listing to prevent the execution of unauthorized programs
  • Monitor employee logins that occur outside of normal business hours
  • Consider implementing time-of-day login restrictions for the employee accounts with access to payment systems
  • Restrict access to wire transfer limit settings
  • Reduce employee wire limits in automated wire systems to require a second employee to approve larger wire transfers.
  • If wire transfer anomaly detection systems are used, consider changing “rules” to detect this type of attack and, if possible, create alerts to notify bank administrators if wire transfer limits are modified
  • Secure and/or store manuals offline or restrict access to the training system manuals with further security, such as enhanced access controls and/or segregation from the payment systems themselves
  • Monitor for spikes in website traffic that may indicate the beginning of a DDoS and implement a plan to ensure that when potential DDoS activity is detected, the appropriate authorities handling wire transfers are notified so wire transfer requests will be more closely scrutinized
  • Strongly consider implementing an out of band authorization prior to allowing wire transfers to execute
  • Limit systems from which credentials used for wire authorization can be utilized
  • Review intrusion detection and incident response procedures and consider conducting a mock scenario testing exercise to ensure familiarity with the plan