Ryan Castle is the founder of Conduit Security, a cybersecurity firm that helps investment managers stop wire fraud criminals. Prior to founding Conduit Security, Castle was an FBI Special Agent in New York assigned to complex cybercrime investigations and an engineering team lead for Palantir Technologies, working federal law enforcement deployments across the United States.
 

Justin Ryan is a Relationship Manager at Linedata with 20+ years of in-the-trenches experience in sell-side and buy-side finance. He is passionate about Linedata’s mission of helping clients meet their challenges with innovative and effective technological solutions.

What is “wire fraud” and how does it differ from other threats?

Ryan Castle: There are a lot of terms people commonly hear around the topic of wire fraud: phishing, social engineering, business email compromise, wire transfer fraud, invoice manipulation, etc. The distinguishing feature of wire fraud is that it always involves payments that your organization fully intends and authorizes to send. 

In other words, it’s not embezzlement. It’s not someone defrauding your bank into emptying your account without your approval. Wire fraud happens when your organization has been tricked into sending money to the wrong person or paying an invoice that isn’t owed. The payment has all the appropriate approvals and sign-offs…but you’ve been tricked.

How has work-from-home (WFH) changed the wire fraud threat landscape?

Justin Ryan: When buy-side firms were operating entirely in the office, it was common to perform a three-person check or a “six-eye” check before sending a payment. It was sometimes done on a piece of paper that was printed out and passed around.

But in the context of WFH, firms are now doing these procedures via email, texts, calls, and Teams chats on their mobile devices. The net effect is that these important checks are reduced to just another notification. It’s been de-prioritized to a text message approval in many cases. Because of this, buy-side organizations are not as focused on preventing wire fraud as they would have been previously in an in-person office environment. And that increases the risk of an incident.
 

What wire fraud trends have you been seeing in recent years?

Ryan Castle: By and large, cybercriminals are motivated by money. And when you think of financially motivated cybercrime, you think of ransomware. But ransomware attacks aren’t easy to pull off. They require a pretty sizeable investment and technical expertise on the part of cybercriminal groups. And if you pick the wrong target—like a hospital system or a gasoline pipeline—you attract a lot of unwanted attention from law enforcement, governments, and even the military.

What we’re starting to see on the cybercriminal side is a kind of “cross-training” between criminal organizations. Groups that have traditionally been involved in ransomware are learning from groups that have specialized in business email compromise (BEC) and social engineering. And so, I think some of these ransomware organizations are starting to see wire fraud as a way to make money more easily—and certainly with a lot fewer headaches and potential problems than ransomware.

Another trend affecting wire fraud is the rise of generative AI tools like ChatGPT. Historically, a good way to identify BEC attempts was to look for spelling or grammatical errors—because overseas cybercriminals were attempting to write in English without a good command of the language. But with these new generative AI tools, that language barrier has disappeared. 

You can feed ChatGPT some past correspondence and say, “Give me an email that sounds like this person.” Even when it comes to generating invoices, settlement statements, funds flow documents, and so on: you can feed those into a generative AI tool and say, “Give me something that looks like this.” So, this is new. Cybercriminals who don’t necessarily have a good grasp of the English language are now able to produce fraudulent emails and documents that are, frankly, extremely convincing.

What unique challenges do buy-side firms face in preventing wire fraud?

Justin Ryan: There’s a tremendous amount of cash movement in buy-side finance. I’ve seen buy-side environments supporting hedge funds and registered investment advisors (RIAs) where there would be 10 to 20 wire transfers per day going through their systems. The other issue is that when you’re dealing with high-net-worth clients, it’s completely normal to get a request to wire a substantial amount of money to some entity or business that they want to invest in. And that leads to a lot of one-off situations, which makes process automation hard. The end result is an environment where you have high wire flow without enough controls around the process—which is very risky. 

Ryan Castle: One constant in cybercrime is that the bad guys prey on urgency. And in the buy-side financial industry, there’s already a ton of urgency. Are there penalties if this deal doesn’t close on time? Are we contractually or legally obligated to get this done? Wire fraud criminals turn this urgency against buy-side firms. They get people to skip steps, do things they shouldn’t do, act without thinking—and by the time anyone realizes what has happened, it’s too late.

Justin Ryan: Yes. On the buy side, there’s almost a type of reputational risk that drives the urgency of sending wires. You’d never want to delay sending a wire for a redemption for any of your funds—because that can spook your investors. You don’t want people saying to themselves, “Hey, I redeemed a month ago and these guys haven’t sent me my funds yet. Are they struggling? Is there some other issue here?” The optics around wire transfers are a real factor in buy-side finance. When people want their money out, or in, it needs to happen almost immediately—because the perception is that if a fund can’t get the little things right, there may be a larger problem. So, there’s urgency from the C-suite and LPs to get wire transfers done as soon as possible.
 

More information

Conduit protects assets from wire fraud through proven processes and a simple software platform that codifies best practices and procedures; ensures transparency, accountability, and repeatability; and leverages smart risk intelligence. Learn more about Conduit Security and its innovative approach to preventing wire fraud.

Linedata’s cybersecurity offering includes Linedata Protect, its Managed Detection, Response, and Remediation (MDRR) solution for asset managers, hedge funds, private equity, and other buy-side firms. Other services include security awareness training, vulnerability testing, third-party risk management, and CISO-as-a-Service. Learn more about Linedata’s managed cybersecurity services for investment businesses.

Learn how Linedata is partnering with Conduit Security to help firms detect and prevent wire fraud.