By Tom Bull
The incidence of wire fraud is on the rise. We are seeing this happen when someone’s email account gets compromised and a bad guy gains access to it. This most often happens online and not on your computer or mobile device, but that is where it typically starts.
Here’s A Typical Scenario
A hacker has found your email address, and maybe even your email password, from a website hack – Ticketmaster, Bank of America and others just this year, not to mention others like Facebook, LinkedIn, Yahoo, etc. Even if they didn’t get your email password, they still have the address. Maybe you use a common password and they found your email address/password in a different hack and try to get into your email that way. Sometimes they are successful.
If not, the next step is phishing. This means the bad guys try to get you to reveal your email address and password by sending you something that asks you to put that information in. It might be an email about a UPS delivery, a Google Doc that is being shared, maybe something from the HR Department at work asking you to update your info. These emails tend to project urgency, hoping that you’ll make a mistake because you’re rushing. These bad guys are clever, and AI is just making scammy emails harder to spot. So maybe you fall for it and put your information in.
The Bad Guys Get In. Now What?
OK, so with either of these methods, the bad guys get into your email account. They often don’t change the password or do anything more than just sit and watch. They are looking for keywords like “wire transfer,” “ACH payment,” “investment” and others. Once they see something they like, they will follow it and see what’s going on. In all cases, the wiring or transfer of money, often large sums, is the key.
So now the bad guys are sitting and watching your email exchanges. Let’s say it’s for a home reno and you’re the contractor. They see you communicating about final dates and when you can receive the final payment. That’s when the game changes. They create a “filter” in your email account that will send emails coming from your homeowner into a folder other than your inbox. They will email the homeowner, who thinks they’re emailing you, but you never see it in your inbox. Then the email goes out telling the homeowner to send the money to a different account this time because you just changed banks. Then guess what happens?
Where’s The Money?
The homeowner does the wire transfer and thinks everything is good. You’re expecting the money, but it doesn’t come. You call and ask about the payment. “I paid this last week and sent the money to XYZ Bank like you asked.” But you don’t have an account at XYZ Bank. The homeowner sent the money, so they don’t have it anymore. You never got it, but you did the work. Now what happens? I’ll have to write another column about the fiasco that follows.
An ounce of prevention is worth way more than a pound of cure!
The best thing you can do to protect your email account and prevent wire fraud is to turn on Multi-Factor Authentication (MFA) or 2-Factor Authentication (2FA) inside your email account. This means in order to login to your email account, three or more things are required: email address, password and your mobile device that has the MFA or 2FA app on it. The easiest test to see if you’re protected is to go to another computer and try to log in to your email. If you get in with just the email address and password, then you don’t have MFA or 2FA turned on. Go do this soon. Really. Like now. You’ll sleep better.
Tom Bull has been in the computer and technology field since 1981. He spent 25 years working with small businesses to manage their technology before starting Two River Computer in Fair Haven in 2006.
The article originally appeared in the July 4 – July 10, 2024 print edition of The Two River Times.
