The FBI wants you to report even small but successful phishing attempts that result in wire fraud. During the recent Combating Cybersecurity Threats 2019 conference, the FBI distributed a pamphlet that outlines the steps they'd like everyone who falls victim to phishing to take:
Reporting the Incident
- Contact your bank:
- Determine the appropriate contact at your bank, who has the authority to recall a wire transfer, for example.
- Notify your bank that you've been the victim of a Business Email Compromise AND
- Request a wire recall or SWIFT recall message AND
- Request that they fully cooperate with law enforcement
- Report the incident to the FBI via https://ic3.gov
- Provide all details for the beneficiary, including names, account numbers, and contact information
- Contact your local FBI field office. If you're in Chicago, here's the details: 2111 W. Roosevelt Road Chicago, IL 60608 (312) 421-6700
- Review all IP logs accessing the relevant infrastructure (internal mail servers or other publicly accessible infrastructure) looking for unusual activity
- Scan for login locational data. Was there a login from an unknown country or location, specific to the compromised email account?
- Review the relevant email account(s) which may have been spoofed or otherwise compromised for any rules, such as "auto-forward" or "auto-delete"
- Inform employees and others about the situation and require that they contact clients/customers who are near the wire transfer stage/process
- Review all requests that asked for a change in payment type or location
***Remain especially vigilant on transactions expected to occur immediately prior to holidays and/or weekends***
PREVENTION AND RECOGNITION
- Hover your cursor over or expand details on suspicious email addresses to check for indications of display name deception or spoofing
- DO NOT hover over LINKS in emails as simply hovering MAY execute commands
- Call a known and trusted phone number or meet in person to confirm that the wire transfer information provided to you matches the other party's information
- Does the routing number or SWIFT number provided to you resolve to the expected bank used by the other party? (Example: you received wire information for an account at a bank in Hong Kong but you know your other party only banks in the U.S.)
- Regularly check your email account login activity for possible signs of compromise
- Develop an intrusion detection system to identify emails from extensions that are similar to your company email
- Regularly check your email account for new "rules", such as email forwarding or auto-delete
- Be cautious of new customers, suppliers, clients, and/or others you don't know who ask you to:
- Open or download any documents they send OR
- Sign into a separate window or click on a link to view an invoice or a document OR
- Provide sensitive personal or corporate information
- Verify the wire instructions you provide to your customers/clients are accurate for both the pertinent bank and pertinent account:
- Where did you get the account data?
- Is this the correct account number?