Deceptive transfer occurs when employees are unknowingly tricked into transferring company funds or other assets. Cyber thieves can use a variety of methods to obtain proprietary information including email phishing, social media and even traditional phone calls to gain information and deceptively transfer funds into an account under their control.
The CFO of ABC Manufacturing received an urgent email from his CEO regarding a large client, Illustrations, Inc. “Wire $95,137.21 to Ilustrations, Inc. no later than 1:47 PM today. If we don’t make the cut-off time, we could lose them for good. Please contact accounting ASAP to have the wire transfer set up. Ilustrations wire information is attached.”
The CFO promptly contacted his accounting department and arranged the wire transfer. The accounting staff prepared the wire quickly and released it at 1:30 PM. The CFO then called the CEO to let him know the urgent matter had been taken care of. The CEO had no idea what he was talking about – he hadn’t sent the email. Turns out his email had been hacked. Once they figured out they had been scammed, it was too late. Their bank had already released the $95,137.21.
This scam works as follows: the hackers set up a wire transfer account using the name “Ilustrations, Inc.” which is missing one letter “l” in the company name. They then hacked into the CEO’s email account and sent the email instructing the CFO to wire the money. No one at ABC Manufacturing noticed the slight difference in the company name and thought the request from the CEO’s email account was legitimate.