Wire Transfer Fraud: Prevention and Recovery

Feb 23, 2022 | Blog

“What do you mean you didn’t get the money I wired to you? I have a confirmation!”

If you ever have the misfortune of uttering these frustrating words, your funds may have gone to a fraudulent bank account. There are means to try to claw them back or recover them from sources other than the criminal. But you must act quickly, working with the advisors who “think different,” as the late Steve Jobs said, about means and places from which you can recover your waylaid money.

First, reduce the risk of fraud before it happens.

Wire transfer fraud is endemic and proliferating. The American Land Title Association (ALTA) noted in its 2021 survey that one in three real estate transactions were subject to targeted wire transfer fraud. The best fraud risk control is to use good practices, some decidedly low-tech, to reduce the risk of fraud. Carefully examine the sender’s email address by hovering your cursor over it. Compare it to one from which you had received emails well before the date of the wire transfer. Do they match? If not, delete the instructions immediately, as they were sent by a fraudster.

Remember telephone calls? Yes, our smartphones still enable voice communications. Confirm the wire instructions verbally to a telephone number that you know independently (not one that accompanies the wire instructions). If these instructions check out, confirm receipt by telephone and then get a written confirmation of receipt sent electronically. At an in-person real estate or corporate closing, do not leave the closing until all transfers have been confirmed and written confirmations received.

The funds were misdirected. Now what?

The chances of retrieving the funds are greatest if you act quickly; time is truly of the essence here. Notify your bank and the receiving bank immediately upon realization that the funds have been misdirected. File a report immediately upon discovery of the fraud on the FBI’s Internet Crime Complaint Center site (www.ic3.gov) with as much information as you possess, including names and addresses of the originating and recipient banks; account and routing numbers of both banks; and the recipient bank SWIFT number.

If the following criteria are met, the originating bank can initiate the FBI’s Financial Fraud Kill Chain:

  • The wire transfer is $50,000 or more;
  • The wire transfer is international;
  • A SWIFT recall notice has been initiated; and
  • The wire transfer occurred within the previous 72 hours.

Even if the transfer does not meet these criteria, it is imperative to notify the FBI as soon as the fraud is discovered as the FBI can put together the details of your transfer with others and work to track down the funds and the fraudsters.

But let’s say you don’t discover the fraud for weeks. While that will probably be too late for your bank to reverse the transfer or for the Financial Fraud Kill Chain to be effective, experienced and knowledgeable counsel can advise you of alternative means to be compensated for the loss:

Option 1

If your transfer was made in the commercial context, your Cyber Risk or Technology Errors and Omissions insurance policy may provide coverage. Review the policy with a professional experienced in cyber insurance and submit a notice of claim as soon as possible referencing the pertinent sections of the policy that indicate the existence of coverage and the limits of coverage for such a loss. Early notice of claim is crucial; the easiest way for a carrier to decline coverage is to allege late notice.

Option 2

Obtain a forensic examination of the device on which you made the wire transfer. The usual modus operandi of wire fraud criminals is to introduce malware into a computer that can snoop on email exchanges and thereby learn of the impending funds transfer. Once they have introduced the malware (sometimes known as “spyware”), they can pretend to be the true recipient and send instructions to send the funds to their bank. This malware is most often introduced through phishing. If the forensic examination reveals no evidence of malware in your device or system, then the malware was most probably introduced into the counterparty’s device or information system. If that party was under a duty to maintain cybersecurity controls and was lax in doing so resulting in the introduction of malware into your correspondence, you may have a viable claim against the counterparty in breach of fiduciary obligation (i.e., if the counterparty is an investment trust) or negligence (failure to meet a standard of care in cybersecurity). The counterparty may have cyber risk insurance that could provide defense and indemnity (coverage) for this claim and may wish to settle the claim rather than engage in litigation.

Option 3

If you believe that the recipient bank did not appropriately verify the identity of the fraudster who came to a branch to retrieve the proceeds or likewise was lax in customer due diligence when the fraudster opened an account, and the bank is federally chartered, initiate the complaint process at the Office of the Comptroller of the Currency (OCC), which has an online complaint form. Lawsuits against a bank for violations of a duty of care in cybersecurity in wire transfers pose a very steep uphill climb as many courts have held that banks owe no duty of care to noncustomers. But an investigation by the OCC may focus the bank on resolving your complaint and, just maybe, reaching out to you with an offer of settlement. This is particularly germane if another bank is involved, perhaps one in which the fraudster deposited the wire transfer funds, and that bank has detected an irregularity and frozen the funds but will not return them to you. If the bank is chartered by the state, a complaint to the state’s bank regulator or Office of the Attorney General, where indicated by that state’s laws including consumer fraud laws, may result in an investigation or other proceeding by the state and thereby focus the bank’s attention on resolving the matter.

Wire transfer fraud is a problem that will continue to grow as more commerce is effectuated through electronic funds transfers. Risk mitigation strategies are the best way to reduce the risk of losses through this fraud; however, if the fraud still occurs, engage counsel who think outside the box as soon as you can to guide you through the remedies that may be available to recoup the funds.

If you have further questions regarding the prevention or handling of wire transfer fraud, please contact Kenneth N. Rashbaum.