Wire Transfer Fraud
Houston, Texas February 05, 2013
Identity thieves have figured out how to access customers’ internet and telephone accounts; so when financial institutions contact the customer to validate the transaction, it’s the criminal who responds.
E-Investigations, a Houston, Texas based computer forensics and investigation firm releases a Case Study on Wire Transfer Fraud. Wire transfers are lifelines for U.S. businesses doing transactions with overseas suppliers, contractors and vendors. They’re also a perfect way for identity thieves to take money from banks and credit unions. Criminals armed with just a few key pieces of personal information have found new ways to hoodwink financial institutions into believing they’re real customers—and make off with big bucks.
The numbers underscore the growing severity of the problem. In 2010, wire transfer losses among consumers who filed complaints with the Federal Trade Commission totaled more than $144 million, according to the FTC’s Consumer Sentinel Data Book. The number of consumer complaints that involved wire transfer as the method of payment reached a high of 44 percent, up from 21 percent in 2009. And that number has tripled in the last three years.
“The criminals have gotten more aggressive and smarter,” said Gary Huestis, Director of Digital Forensics at E-Investigations. “Identity thieves have figured out how to access customers’ internet and telephone accounts; so when financial institutions contact the customer to validate the transaction, it’s the criminal who responds.” Huestis went on to say.
Last April, the FBI sent a warning about wire fraud attacks that targeted small- to medium-size companies and E-Investigations is seeing a resurgence in this activity. Identity thieves secure the victims online banking sign-in credentials through phishing emails or by directing them to websites loaded with malware. Then use that information to initiate and control unauthorized wire transfers to companies in China. In a one-month period, the scheme cost U.S. businesses more than $11 million.
Suspicious wire transfers raise red flags at major banks. If a request seems out of the ordinary, a banker will call the customer to verify his or her identity. But even this security check can be rendered ineffective when thieves take the additional step of hijacking phone lines. By calling the phone company and putting call forwarding on the consumer account in question, a thief can ensure that any calls to confirm bank activity are redirected to his own cell phone—and appease concerns accordingly.
With the use of phishing schemes and malicious software (malware) thieves usually have all the personal information to take over someone else’s identity. Through these means a criminal may have the mother’s maiden name, current address, and last four digits of a Social Security number. Combine this with the fact that the banker has called the customer’s established number and the bank is confident that the transaction is legitimate.
Industry experts are urging banks to tighten online security. A recent hack exposed the information of hundreds of thousands of Citigroup credit card holders. This kind of breach—in which hackers obtain data to access bank accounts—poses a significant fraud threat to customers, according to a report from Reuters. They are more vulnerable to identity theft crimes, particularly wire transfer fraud.
Small credit unions are getting hit the hardest because they usually have smaller fraud departments with fewer people and less sophisticated security protocols in place, in addition to less experience with significant fraud. With identify thieves also targeting small to medium sized business the problem can be compounded since most small business do not have fraud investigators readily available.
Below are the Six Steps that E-Investigations recommend if wire transfer fraud is suspected:
1. Fill out a police report.
2. Get an affidavit from the affected institution.
3. Request a change of service form from the phone company as evidence that your service was hijacked.
4. Notify financial institutions immediately to block the accounts impacted by fraud and secure other accounts.
5. Formally demand that the affected accounts be made whole and/or securing reimbursement.
6. Review the bank’s account holder’s agreement, internal policy and procedures and the regulatory guidelines governing the fraudulent transaction to determine if the institution is in compliance. If the institution isn’t in compliance, prepare to file complaints with the attorney general, FBI and the Secret Service.
It’s increasingly common for financial institutions to decline consumers’ requests for reimbursement, even when there is reason to believe the wire transfer was fraudulent. E-Investigations has the experience and the tools to conduct wire transfer fraud investigations from internal and external network security scans to complete server and computer forensic investigations.
Gary Huestis is the Director of Digital Forensics at E-Investigations. Mr. Huestis is an EnCase certified examiner and a licensed private investigator.
Call us toll-free at 877-305-4935