Money transfers are part of the daily routine in most veterinary practices, whether it is paying invoices, processing payrolls, purchasing inventory, or even paying for big expenses like a new X-ray table. In most cases, the process involved in approving and processing these transactions has also become seamless with the integration of technology and the automation of the process.
Unfortunately, processing these transactions has also become another avenue that cybercriminals exploit to launch attacks. Breaching banking accounts for identity theft or to steal money has become common in the past few years. However, some cybercriminals have taken a more direct form of theft that involves sending fraudulent requests, where their victims participate by completing a wire transaction. This is called wire fraud, and in this section, we will explore what it is and how your veterinary practice can become a victim.
What is wire fraud?
A wire fraud happens when a scammer or a cybercriminal poses as a trusted source, such as an employee, a vendor, a company, a family member, or a practice owner, and requests an immediate transfer of funds. To properly execute a wire fraud, the fraudsters put more emphasis on the urgency of the funds and, in most cases, use manipulative language that compels their victims to send money as fast as possible.
In a veterinary practice setting, cybercriminals are likely to pose as vendors requesting payments for invoices. The payment requests can be directed to anyone who works on the platform, including the practice owner. What makes these types of attacks work is the level of research that goes into these attacks. Chances are, if your veterinary practice is targeted, your attackers will have all the information about some of the transactions your practice makes. They will also have email headers and logos of your vendors if they decide to use emails and pose as them. Therefore, when an attack is launched, it is highly likely that the target victims will fall for the act and send cybercriminals the money.
How Cybercriminals Commit Wire Fraud
Surprisingly, despite wire fraud sounding simple to detect, billions of dollars are lost each year through these types of attacks. In a report released by the FBI, that was based on the Business Email Compromise (BEC), data showed that $26 billion had been lost between June 2016 and July 2019. A more updated FBI report with data from October 2013 to December 2021 shows that $46 billion was lost through wire fraud using the Business Email Compromise method of attack. Cybercriminals also use email spoofing to launch their wire fraud attacks. Below is a detailed explanation of how both methods are used to commit wire fraud.
1. Email Spoofing
This method is mostly employed by cybercriminals as the first step before engaging in Business Email Compromise. A variety of online tools are used to target and exploit the victims, including:
Using spoofing tools: Cybercriminals are able to use a spoofed email address that has a slight variation from the account they are posing as. Cybercriminals can achieve this by forging contact names and email addresses visible to the recipients; setting up a valid email address with the name of someone in your veterinary practice; or creating a new email address that looks similar to the real one.
Using Malware: To infiltrate your veterinary practice, malware that is capable of infiltrating your systems can be used to gain access to legitimate e-mail conversations about bills and invoices. The knowledge gained from infiltration can then be used to launch a wire fraud attack against your veterinary practice, where payment requests can be made without raising suspicion.
2. Business Email Compromise
Regarded as one of the most financially damaging cyber crimes, Business Email Compromise (BEC), with data showing billions of dollars are lost using the wire fraud method, chances are your veterinary practice will be compromised using BEC. In most BEC attacks, you should expect your attackers to:
- Pose as a vendor asking for payment.
- Pose as a practice owner or any other person in the management and ask your staff to wire the money urgently, purchase gift cards and send the serial numbers.
- Through a phishing email with a link to a fake login page that leads to a fake account login page.
Protecting Your Veterinary Practice Against Wire Fraud
A wire fraud attack on your veterinary practice can result in huge financial losses. To avoid these types of attacks against your practice, it is important to have preventive measures that can allow you to detect and deal with wire fraud cases. Below are some preventive measures you can take for your veterinary practice.
- Always be suspicious: It is important to always assume that cybercriminals are lurking on your email servers because chances are that is actually the case. Recent wire fraud cases have shown that cybercriminals can stay in computer systems for weeks, sometimes months, before launching an attack. Therefore, if you are the recipient of an email, regardless of how authentic it sounds and looks, it is always important to do due diligence in verifying its origin and authenticity.
- Use Best Judgement for your Veterinary practice: In most cases, when you are faced with a cybersecurity issue such as a wire fraud case, it is important to use your best judgement. Some of the steps you can take, especially in cases where an email is requesting sensitive documents or asking for funds to be wired, is to verify that the information is coming from legitimate sources. Consider contacting the email sender through other means, such as a phone call, to verify the authenticity of the request. If your veterinary practice has a lot of staff, consider training them on how to use their best judgment in cases that deal with wiring money and sending sensitive information.
- Implement a plan on how to respond to wire requests: As a veterinary practice, you should have a policy that makes it easy for staff to verify each request made to them. The policy also makes it easy to hold everyone accountable in cases where a successful wire fraud case happens.
- Install antivirus/anti-malware software: Having anti-virus/anti-malware software installed on your computers can also help ensure that your systems are not compromised. Today, a huge chunk of wire fraud originates from malware/ransomware attacks.
Clint Latham