$60 million was recently lost by Texas-based firm Orion to a massive bank wire transfer fraud scam. Unfortunately, this is not an isolated incident. As identified by the FBI, bank wire transfer fraud is a growing multibillion-dollar problem impacting many businesses. Some other newsworthy examples include:
Bank wire transfer fraud occurs when a bad actor spoofs a vendor into paying a fraudulent account to steal funds. This type of fraud scheme is usually sophisticated and deployed via email, where the bad actors follow a playbook that follows the steps below:
So, you’re probably asking yourself how does this work? Don’t most organizations have an email security tool, such as a secure email gateway (SEG), that blocks malicious accounts from emailing employees? The answer is yes. Most do have a tool in place. Most security teams have also deployed a behavioral AI email security solution to detect anomalies from “known good” behavior.
Email security tools, like Secure Email Gateways (SEGs), are designed to detect malicious activity, such as bad links, domains, domain history, or attachments. When there is no malicious activity, there is no reason to set off the alarms, which ultimately allows the bad actors to remain hidden in the system. In addition, when an internal employee account is compromised, SEGs have no reason to block it since it’s not an external threat.
This brings me to another email security solution type, Behavioral AI-based email detection. As with SEGs, these solutions can also leave organizations vulnerable to fraud via email. In this instance, they are ineffective because they rely on a baseline of “known good” behavior, which is exploited by bad actors that look to evade sending off signals of fraud early on. They instead focus on blending in by building relationships that look safe within the organization long before they attempt any actual fraud. Moreover, these models often only scan emails, missing key signs of fraud within the broader payment process and payment technology ecosystem.
Companies require a solution and strategy that covers the full business payment landscape across communication channels and technologies, including ERP systems, to detect suspicious account changes or duplicate invoices tied to a vendor—clues that are often overlooked by email-focused detection alone.
We know bad actors evolve their malicious activities quickly, often outpacing technology. From wire fraud to BEC and internal threats, your payments are at risk—but they don’t have to be. TrustMi’s CEO and former CISO at one of Israel’s top banks, Shai Gabay, worked to develop a solution designed to support finance and security organizations that gives them the tools needed to stop these threats across the full payment landscape, including email. Contact Shai here today to learn how to protect your business.