Police and financial institutions are battling to contain a wire transfer email hacking scam that is costing individuals and businesses billions, The Wall Street Journal (WSJ) reported on Sunday (Feb. 23).
In one major example in 2018, Frank Krasovec, the chairman of Dash Brands, owner of Domino’s Pizza franchises in China, lost $450,000 when a fraudster intercepted his email. Unbeknownst to him while he was working in China, the cyberthief convinced his assistant to wire money on two occasions to Hong Kong.
Krasovec is now suing the Dallas, Texas bank, maintaining that PlainsCapital didn’t have anti-fraud protocols in place. The bank, in turn, is blaming Krasovec, stating in a court filing that the stolen funds were “undoubtedly the fault of [Mr. Krasovec’s] own failure to implement appropriate internal controls to prevent his company and its employees from falling victim to a third-party scam.”
People are usually given their money back in the event of fraudulent charges, but that generally doesn’t apply to wire transfers when a consumer was hacked, according to the American Bankers Association (ABA).
Generally, bigger banks are more likely to fall prey to wire-transfer scams –but small institutions with lean technology budgets are also susceptible, the ABA said.
Close to $1.8 billion was lost in 2019 from similar scams, according to the Federal Bureau of Investigation (FBI), up from roughly $1.3 billion in 2018. Between June 2016 and July 2019, worldwide losses totaled $26 billion. Most stolen funds are sent to Hong Kong and mainland China, where the odds are low that the cash will be returned, according to the FBI.
Among the targets are “the elderly, college students, nonprofits, religious organizations, celebrities, CEOs of companies,” FBI Supervisory Special Agent Zacharia Baldwin told the WSJ. “It could be anybody.”
In November, Nikkei, the U.S. subsidiary of Japan’s largest financial media organization, was the victim of a $29 million wire transfer fraud. The transfer was based on “fraudulent instructions by a malicious third-party who purported to be a management executive of Nikkei,” according to a statement by the company.