In-house prevention

Fake demands for payments: from victim to victor

7 Minutes reading

If you fall victim to a social engineering attack, having the right response plan in place can significantly reduce its negative impacts. Read about real-life examples and gain insight into post-attack recovery strategies.

In cybersecurity, social engineering is a method of manipulating, influencing, or tricking users into revealing their personal information or handing over control of a computer system. A growing number of businesses regularly conduct cybersecurity trainings to raise the awareness and preparedness of their employees, rendering them less susceptible to generic spam and phishing emails.

Sophisticated ways of deceiving people

However, threat actors constantly adapt and embrace new, more sophisticated ways to deceive people. They employ an arsenal of strategies, encompassing techniques like pretexting, which they seamlessly blend with various methods, including phone calls and even deepfake video calls. Their overarching objective is to exploit the intricacies of human psychology and manipulate individuals into compromising their own – or their organization’s – security. While most attack scenarios aim for access to credentials or sensitive information, some try to provoke the victim to perform a more direct action.

Imagine being contacted by the supposed executive of your mother company from abroad, asking you to quickly pay for an invoice that is, in fact, fake. Situations like this are now becoming prevalent. The uncanny authenticity of the AI-generated voice used by the attackers during the phone call made these deceptions so effective. And when coupled with the seemingly legitimate documents provided, it is becoming increasingly difficult to recognize the scam.

Fortunately, a swift reaction may save the day even when an employee falls for the scam. But many organizations aren’t as fortunate. For example, in 2016, Reuters reported the case of an undisclosed American firm that was defrauded out of nearly $100 million by perpetrators who created fake email accounts to impersonate one of the company's genuine vendors.

“Many people think that nothing can be done once a victim’s money is transferred abroad, but there are systems in place to recall fraudulent transactions.” Tomonobu Kaya, Financial Crimes Coordinator at INTERPOL

Unfortunately, individuals who fall prey to such attacks are frequently hesitant to take action, afraid of the negative publicity or because they assume it is too late to get their money back. If you find yourself in a scam demanding fake payments, these decisive actions can help mitigate the damages.

Reacting to an attack: Steps toward recovering your funds

1. Contain the situation

Immediately stop any further payments to the imposter or fake invoice.

2. Inform your bank

Reach out to your bank as soon as possible to report the fraudulent transaction.

Upon receiving the recall request, the bank will transmit a message to the beneficiary bank, requesting the cancellation of the payment using the same path as the transaction. Provided the money has not yet been withdrawn by the perpetrators from the beneficiary account, there is a chance of blocking and subsequently returning the money. It's important to note that communication with the bank can sometimes be challenging, but many banks already have a 24/7 fraud officer support available.

3. Try to reach out to the receiving bank

As account numbers and bank codes have unique classifications, you should be able to identify the beneficiary bank no matter where it is based. Then, you or your lawyer can try to contact them directly, asking them to freeze the funds and cooperate with law enforcement.

4. Document the incident

Gather all available information regarding the incident, including the communication with the scammer.

5. Contact an attorney

Ideally, search for an attorney who specializes in cybercrime and has experience in dealing with international cases, as such fake demands may frequently come from abroad. Employing a multinational law firm can be beneficial, as they might have branches or contacts in the country where the funds were sent.

6. Engage law enforcement

Contact local law enforcement and provide them with all relevant information about the incident. They may be able to act quickly and efficiently to block or recover the funds. In some cases, they might coordinate with international agencies such as Interpol to freeze the assets.

7. Notify Financial Intelligence Unit (FIU)

Get in touch with the Financial Intelligence Unit in your country, which specializes in combating money laundering and fraud. They can reach out to their counterparts in the recipient country and facilitate cooperation.

8. File a criminal complaint

Lodge a formal criminal complaint in the country where the funds were sent. This initiates an official investigation and legal proceedings against the cybercriminals.


How GymBeam dodged a bullet

Another incident in August 2023 involved the CEO of a fitness company, GymBeam, who reported about an intricate attack on their social media.

One of the employees received a seemingly urgent WhatsApp message from a CEO-like account, prompting them to join a Teams call to address an emergency. During the video call, a complex deepfake impersonation of the CEO was used to introduce an alleged external lawyer. This impostor then attempted to extract critical financial information. Luckily, the targeted employee sensed something was off – especially since the fake CEO claimed to be on vacation, even though the employee spotted them in the office building earlier that day. The employee chose to quickly message the CEO and verify the authenticity of the call – immediately getting a confirmation of the call being a social engineering attack.

Source: LinkedIn.


Quick reaction is crucial and can save you money

When it comes to social engineering attacks, whether conducted via deepfake call or a spoofed email, quick realization of being scammed and appropriate response are crucial. The sooner you react, the higher the chances of getting your money back.

The good news is that law enforcement has developed processes by which they collaborate with banks to help recover money stolen from cybercrime. According to Verizon 2023 Data Breach Investigations Report, more than 50% of social engineering attack victims were able to recover at least 82% of their stolen money.  Nonetheless, the average amount stolen in these attacks steadily rises yearly, reaching $50,000 in 2022.

In the aftermath of an attack, proactivity goes beyond technical measures. While social engineering attacks are probably here to stay, companies can seriously mitigate their impact by arming themselves with knowledge, and creating an open environment where employees don't fear punishment and feel safe to report cybersecurity incidents.