With the continued events in Ukraine, there remains a heightened concern regarding cyber-attacks of all kinds.
One cyber-attack that remains prevalent is theft of funds by using fake wire instructions. In one method of this type of attack, the cybercriminal obtains access to the email of an employee. The cybercriminal monitors that email for any communications regarding payment either to a vendor or from a customer. When a payment becomes due, the cyber criminal will impersonate whichever party is expecting to receive payment and request the funds be wired to a new set of wire instructions. Of course, these new wire instructions direct the funds to the cybercriminal’s account where they can quickly move the funds out of the reach of law enforcement.
Whenever a business partner seeks to change their wire instructions, you should strongly consider contacting the business directly to confirm the change. When doing so, you should consider using a known telephone number or method of communication other than email.
Some businesses, like Conner Strong & Buckelew, will never change wire instructions via email.
For more information on the cyber security impacts of the Russian invasion of Ukraine, please visit CISA’s Shields Up page.