Preventing Fraud: How RMail’s PRE-Crime™ Identifies Fake Wire Transfers

Preventing Fraud: How RMail’s PRE-Crime™ Identifies Fake Wire Transfers

June 28, 2024 / in Blog / by Zafar Khan, RPost CEO

RMail’s PRE-Crime service identifies and isolates compromised or lookalike email accounts and pre-empts bogus wire transfers.

It’s your favorite brand ambassador here to report the latest in tech as well as how RPost is on the cutting edge of stopping cybercrimes from happening. I’m back home this week in West Texas all alone; just like some of the latest cybercriminals.

The trend today is one cybercriminal posing as multiple separate professional service providers (e.g., lawyers, realtors, insurance professionals). One person is posing on both sides of a transaction. We’ll call this Multi-Party Poser, or Multi-Party Impersonation scheme. You’ll be hearing more about this from us in the coming months. We’re seeing this with AI Clones and with more traditional professional service provider Lookalike Domains.

Witness what happened in this fairly recent real estate fraud. To summarize, a couple in New Jersey just had their offer on their new home accepted and had to make the necessary down payment.

But then things took a dark turn. Cybercriminals got wind of the impending sale due to one of the parties having a compromised email account (note to readers, RPost’s Eavesdropping AI would have detected, alerted, and pre-empted this had any of the lawyers, realtors, sellers or buyers been using it).

The cybercriminal then purchased lookalike domains of the buyer’s lawyer and another for the seller’s lawyer, and then built an email thread of back and forth with in context communications (information gleaned from the compromised email account), (fake) lawyer to (fake) lawyer email replies, then the poser lawyer for the buyer forwarded the thread to the buyer’s real estate agent, and in the (fake) email thread the real estate agent (real) could see the lawyers (fake) indicating it was time to fund the down payment. The (real) real estate agent then notified the buyer to fund with funding details from the (fake) lawyer email thread.

Yes, we’re not just talking about a standard phishing scheme; we’re talking about an entire email string between multiple accounts managed by one impostor. This is sophisticated. And with GenAI it will be even more powered up this year.

The imposter pretending to be the couple’s attorney said the down payment due date had been moved up and that payment needed to be made ASAP. The (real) real estate agent — from her real corporate email address — responded to that message, saying she spoke to the mortgage company and confirmed the funds should be wired. The buyers went on to wire the down payment to the cybercriminal’s bank account losing over $30K. Attempts were made to recover the funds, but as we see time and time again, once the money is gone, it really is gone forever.

The big reveal here is that cybercriminals are now playing both sides of a transaction to create a fake back-and-forth email string. The cybercriminal forwards the (fake) email string to one of the legitimate parties (in this case the buyers’ agent), who replies-all, adding an aura of legitimacy to the email string. 

Multiple parties to the transactions were fake.

RMail’s PRE-Crime™ would detect these situations, these crimes in progress and provide insight to thwart them. It would have identified the compromised and lookalike email accounts and pre-empted the wire transfer. PRE-Crime™ is designed to prevent, detect and disarm wire fraud attacks targeting you at your own email account, and even at your clients’.

As I’ve mentioned in the past, Business Email Compromise (BEC) is one of the leading causes of wire fraud, one of the most financially damaging vectors of cybercrime. Sophisticated, socially engineered scams like the one just mentioned targets businesses conducting legitimate invoice, escrow, redemption, and other fund transfers, aiming at diverting payment to fraudulent bank accounts.

Know More: Man in the Middle Attack

While some cybersecurity solutions help protect organizations from miswiring their own funds, they remain exposed to scenarios where it’s their clients falling for these scams. RMail PRE-Crime™ module harmoniously extends your existing email security systems, adding elegantly easy encryption, unique BEC targeted attack detection, and more, with AI to extend DLP automation.

What happens if sensitive information is accidentally sent or leaked via email? Then you can Just Un-Leak It™ with RDocs where it’s possible to un-leak a leak, to auto-kill mis-sent documents even after delivery or mis-delivery to external parties. It’s also possible to, via remote control, auto-expire and even re-assign access to documents after delivery to recipient devices or storage on recipient (intended or unintended) devices.
The bottom line is that this cutting-edge, ripped-from-the-headlines tech from RPost can thwart these kinds of life, reputation, and career-ruining attacks easily and affordably. There’s really no reason not to give them a try. Now, I need to go grab some good West Texas hard-shell tacos! 

To learn more about RDocs or PRE-Crime™, please don’t hesitate to contact us.