VerifyBy

Verify documents via mobile

Case Study

Arrow Truck Sales was negotiating the purchase of twelve trucks, amounting to $570,000. Amidst these negotiations, a third-party hacker infiltrated the email systems of both the buyer and seller, creating nearly identical email accounts. Using the seller’s compromised email, the hacker sent new wire instructions to the buyer, which led to the funds being erroneously wired to an account controlled by the hacker. The real seller never received the payment and consequently did not deliver the trucks, leading to a legal dispute over the breach of contract​​.

How VerifyBy Could Have Helped

VerifyBy’s solution is designed to stop such BEC scams in their tracks. Here’s how it could have made a difference in the Arrow Truck Sales scenario:

1. Early Mobile Registration: At the beginning of their business relationship, the buyer would have registered the mobile numbers of Arrow Truck Sales on VerifyBy during the contract signing.

2. Secure Payment Authorization: When it came time to make the payment, instead of relying on potentially compromised email instructions, Arrow Truck Sales would receive an SMS from VerifyBy with a secure link to verify the payment details.

3. No Email Interception: Because VerifyBy’s verification request is via SMS, the hacker would have no access to intercept or alter this communication.

4. Independent Confirmation: Even if the hacker tried to follow up with fraudulent instructions, VerifyBy’s process requires independent confirmation through a secure channel, separate from email systems that could be under surveillance.

5. Immutable Audit Trail: VerifyBy would create an immutable record of the verification, ensuring there’s a clear trail of the payment authorization that isn’t reliant on possibly hacked email accounts.

In this case, VerifyBy’s system would have flagged the discrepancy in banking details. The buyer would be alerted to verify the payment details through a secure and independent method, preventing the funds from being sent to the hacker’s account. This secure method of verification ensures that both parties’ banking details remain protected and any changes are authenticated via a trusted channel, thus significantly reducing the risk of financial loss due to email compromise.