In August 2019, Paige A. Thompson was indicted by a federal grand jury for wire fraud and computer data theft in the Capital One data breach. Thompson is accused of stealing data from more than 100 million Capital One credit card applications and could face 25 years in prison. But what exactly is wire fraud and what role does it play in data breaches?
Broadly, wire fraud involves a scheme to defraud the victim of money or property. It is often discussed aside along mail fraud – both of which are federal crimes – however, there are specific differences between the two.
“The main difference between mail and wire fraud is the “jurisdictional hook” that allows the Department of Justice to prosecute this conduct as a federal crime. Under the mail fraud statute, the defendant must use the U.S. Postal Service or any private or commercial interstate carrier (like FedEx or UPS) to further the commission of the fraud. In contrast, the wire fraud statute requires the use of an interstate wire transmission such as an email, a fax, a phone call, a text message, or the use of an internet chat room.”
In this age of phishing emails, mobile scams and data transmission, wire fraud is becoming more common than mail fraud – and can be easily executed once fraudsters have your data. We review some of the top industries and scenarios where fire fraud can occur, and signs to look out for.
“Sending fraudulent email is cheap and the messages don’t require expensive malware,” said Kevin Epstein, vice president of threat operation at Proofpoint. “Yet the attacks themselves are highly effective.”
Real Estate Nightmares
Purchasing a new home should be a dream come true, but hackers have found a way to turn this process into a nightmare. According to the FBI homebuyers lost over $150 million to real estate scams in 2018, and real estate scams have jumped 1000% since 2015.
Hackers take advantage of the many forms and steps in the home-buying process, knowing that suspicious activity might be missed, with a phishing email. For example, if the title company or lender’s email server is not secured, a fraudster could break in and look for upcoming closings. Once they have this data, they can launch a phishing email that indicates closing costs need to be sent to the title company immediately, otherwise the close date will be pushed back. The panicked home buyer might not read the email carefully and wire the money to the fraudster. Most commonly it is not discovered until the title company emails the buyer to let them know they have not received the money.
As Viral Shah, co-founder and head of financial products for Better.com explains:
“Wire fraud is increasingly a problem for consumers and those in the residential real estate industry. Not only have attempts and incidents increased over the last few years; they continue to be under-reported. In the meantime, attacks have gotten more sophisticated and targeted due to the large amount of money moving in a transaction with multiple parties coordinating with each other.”
Help, I’m In Jail!
Fraudsters are increasingly preying on the elderly. In 2017, nearly 1 in 5 people lost money to scammers, amounting in $328 million in losses, with those And those ages 70 and older suffering the highest average losses.
Adults who are 60 and over were raised to be polite and trusting, so they are an easy target. Fraudsters play on their emotions when committing what’s called the “grandparent scam.” For example, a Michigan grandmother was conned out of $4,000 when fraudsters called her and posed as her granddaughter. They claimed that the Michigan State University student need bail money, and they spoofed their number to display 9-1-1, and used believable details. An Arizona grandfather fell for a similar scam when he was asked to wire $960 for a down payment for his grandson’s son bail for a DUI charge in Florida. His “grandson” asked him not to tell anyone, because he didn’t want his parents to find out.
Cyber criminals employ common tactics in the grandparent scheme:
- They do their research. Fraudsters researcher their victims’ family on social media so they know their grandchildren’s names and sometimes travel plans.
- They intimidate. Fraudsters will scare grandparents into paying quickly or else harm will happen to their grandchildren.
- They utilize wire transfers. Con artists will ask grandparents to send a wire transfer immediately to help the victim, which is just like sending cash – once it’s gone, it’s gone.
The Rise of the Romance Scam
With 8,000 dating sites worldwide, and nearly 50 million people who have tried online dating, it’s no surprise that scammers are starting to prey on those looking for love. In 2018, more than 21,000 people were swindled out of $143 million dollars in online dating cons.
Barb Sluppick, who runs Romance Scams, a watchdog site and online support group, says:
“Most people think the victims are middle-aged women who can’t get a date, but I have worked with men and women of all ages—doctors and lawyers, CEOs of companies, people from the entertainment industry—who you’d never think in a million years would fall for these scams but do.”
Scammers do their research to seek out vulnerable victims and then focus on building trust over several weeks, sometimes months. They will typically ask their victim to leave the dating site or social media platform immediately and share their personal email or phone number. The scammer is fast to claim love and will claim, but can’t visit their new love because they don’t have money. Once the trust is built, they will ask for money without meeting face-to-face.
Steps to Protect Yourself from Wire Scams
Diligence is key in protecting yourself against fraudsters.
- Read your emails carefully and make sure that the email was sent from someone you know, and the web address looks genuine.
- Provide your personal information only to trusted sources (your doctor, your bank, etc.)
- Don’t share your personal email address on any social media accounts
- Always verify the authenticity of any wire each wire request. Call the phone number that you have previously used to verify the request.
- Make sure your computer is updated with anti-virus software
Bluefin specializes in PCI-validated Point-to-Point Encryption (P2PE) products that safeguard cardholder data entered at the point of sale or over the phone, and tokenization of Personally Identifiable Information (PII), Personal Health Information (PHI), and payment data entered online with our ShieldConex® platform. We are a staunch advocate of devaluing all valuable data and taking a holistic approach to security. Contact us to learn more about our solutions.