In the media, misinformation is regularly discussed, primarily in relation to politics and is often used interchangeably with fake news. Even though these are major problems, a greater and more direct threat is frequently disregarded: how cybercriminals utilise false information to steal from businesses and people.
The dictionary defines disinformation as "false or inaccurate information, especially that which is deliberately intended to deceive." But when mixed with a lot of exact and genuine information, particularly information that only a select few are aware of, misinformation can be highly persuasive and deceitful. Criminals can use real information stolen through cyberattacks, along with a little bit of deception, to have a significant financial impact on both businesses and people.
Using wire transfers for profit
Most of us have heard of fraud schemes that target credit card information. Most of the time, erroneous credit card charges may be disputed or reversed, preventing you from eventually losing any money. However, there is a significant distinction with wire transfers: they are frequently immediate and irreversible. In other words, if a wire transfer is used, the money is lost, especially if the fraud is not found right away. This functionality has been used by cybercriminals in a number of ways.
One example is when crooks get access to a company's computer systems and spend time reading emails and understanding internal procedures. The fraudsters discover who is authorised to provide wire transfer orders to the financial office and what the procedures are. They then pose as these officials one by one for several days, issuing wire transfer orders, some for more than $500,000, to the criminal's accounts.
When one organisation the author spoke with realised this costly problem, protocols were put in place to require proof that such wire transfers were indeed requested by authorised individuals. This entailed connecting directly with the authorised individual over the phone and checking the transaction's details.
Unfortunately, such sensible processes are frequently implemented only after a crime has already occurred.
Wire fraud can cost individuals as well as organisations money. Executive home buyers are popular demographics. A critical step in most home buying transactions is the wire transfer of a substantial sum of money to a title or escrow company, which holds the funds until the title to the property is transferred to the new owner, and then — and only then — the escrow company transfers those funds to the home seller.
Criminals take advantage of these circumstances by following a multi-step process. First, they gain access to the computer systems of the real estate agent, attorney, or title agent. They could spend weeks or even months researching impending closings, company procedures, and minutiae such as wire transfer instructions samples. Because last-minute issues can occur, property purchasers are frequently advised to make the wire transfer a day or two in advance.
Since the title corporation generally gives the instructions one day ahead of time, cyber thieves will send the instructions two days ahead of time. Because they are based on the real instructions, these instructions look to be from the title firm, but the destination information has been changed. They have buried a small amount of false information among a large amount of accurate material.
This method has been used to steal hundreds of millions of dollars in a single year. According to FBI data, more than 13,000 people were actually the victims of wire fraud in the real estate and rental industry in 2020, resulting in losses of more than $213 million, a 380% rise from 2017.
After making numerous anxious calls, you finally learn that your money was taken, leaving you penniless and homeless.
There are a number of actions that both individuals and businesses can take to lower the risk of cybercrime with wire transfers. Before sending money, you should always call the person who is supposed to receive it to confirm the wire transfer instructions. The criminals may have included a fake phone number in the instructions you received, so make sure you can confirm that you are actually speaking to the right person. To do this, always check the correct number in advance using an official website or by speaking directly to a known source who can confirm the correct information.
A scenario where you sold your old house and utilised the proceeds, along with your savings, to purchase a newer, better house in a different city is possible. The day after you move into your new home, you might be halfway to the new city in your automobile when your real estate agent calls to inquire about the status of your down payment.
Stealing paychecks
Many businesses offer systems that enable employees to update and retain their personal data, including their home address, phone number, and banking information for direct deposit of their paychecks on a monthly basis. Some highly paid employees' accounts were compromised by criminals, who changed the bank information the day before the payment was scheduled to be made. So that nothing would be observed as being out of the ordinary, they updated the bank details back to normal the following day. They carried on with this plan for a few months before an executive realised the scheduled monthly payments had not reached his bank after receiving a notification of insufficient funds on a cheque.
This shows how crucial it is to monitor your bank account frequently enough to spot odd or fraudulent behaviour, especially to make sure that expected deposits are being made.
Boss scam
The typical hoax, in which the CEO of the business requests that the CFO deliver money somewhere, is one that most of us have heard of. You could think that since you aren't a CEO, these frauds don't apply to you, but that isn't the case.
One variation of this scam, which is particularly prevalent on college campuses, involves staff members receiving what looks to be an email from a higher ups, usually the department head. One example of a narrative presented to a staff person is, "I just realised that I am going to my nephew's birthday party tonight and I'm in meetings all day, so I won't have time to get a gift.
Could you please do me the courtesy of purchasing a $100 gift card and emailing me the numbers on the back? One victim bemoaned, "It was not just coming from one of my colleagues; it came in the name of my department chair." Eight out of ten faculty members in one department fell for the con, according to a story I've heard. It is crucial to confirm once more that your supervisor is the true sender of the communication.
Bottom line
All of this is to say that while fake news and other forms of disinformation are a problem, having a lot of reliable data combined with even a small amount of misinformation can have catastrophic results. These are but a few current instances. As mentioned, there are steps that can be taken to prevent such crimes, or at the very least significantly lower their frequency, but they must be implemented before the crime occurs.
However, keep in mind that cybercriminals are extraordinarily inventive and frequently equipped with a wealth of personal data. It is crucial to stay informed about new schemes, to exercise caution, and to build your defences because more dangerous plots could be on our way.
