Thirty-two people are charged in an international scheme to hack into business newswires and steal yet-to-be published press releases containing non-public financial information in order to make stock trades ahead of the news. The ring stole more than 100,000 corporate earnings reports and collected an estimated $100 million in nefarious gains before they were caught.
After a two-and-a-half year search, the FBI captures a notorious computer criminal, finding him with hundreds of cloned cell phones, more than 100 cell phone codes, and multiple false IDs. He’s charged with stealing more than $1 million worth of software and inflicting $4 million worth of damage to various corporations.
Five Russian and Ukrainian cyber criminals are charged by authorities with stealing hundreds of credit card numbers from Visa, J.C. Penney Co., JetBlue Airways Corp. and others, racking up more than $300 million from the targeted companies before they are caught.
The scope and projected losses grab headlines and—along with tales about huge identity theft rings, computer counterfeiting, and high technology schemes—helped create a sense that financial fraud is mostly the province of huge sophisticated criminals employing the latest in high-tech gadgetry.
Maybe that’s true in some context, but corporate security officers, law enforcement officials, and fraud investigators say that by far, the single biggest target of fraudulent attacks is still the good old-fashioned paper check. It continues to lead as the payment type most susceptible to fraudulent attacks even as its overall use has declined, according to a 2015 Association for Financial Professionals Payment and Fraud Control Survey.
That survey found that 62 percent of U.S. companies were targets of payment fraud in 2014, and 77 percent of the companies that reported they were victimized said the fraud involved paper checks. Checks also continue to account for the largest dollar amount of loss due to payments fraud.
“There are two primary reasons why checks continue to be the payment method of choice,” the survey concluded. “One, organizations’ business partners are hesitant to switch to electronic payments. Secondly, those partners are often unwilling to share their bank information.”
Pulling it off
Fraudsters often try to attack companies to identify those whose payment methods can be most easily breached, the survey said. If they find that an attack attempt faces security obstacles, they move on. When they do succeed, they will keep targeting an organization until security measures are put in place.
Statistically, the number of payment fraud attacks is up only slightly over the previous two years and down significantly from a peak in 2009. But anecdotally, financial officials say, the level of fraud attempts is higher than they’ve ever seen.
“In the last two years, I’ve seen more fraud attempts than I had seen in my previous 20-plus year career in banking,” said Stacey Coyne, vice president for cash management at Rockland Trust, who coordinates the bank’s fraud seminars.
Interestingly, Coyne attributes some of the blame on the fraud increase to computer technology—not as a vehicle for committing fraud, but as an obstacle for preventing it.
“Too many people are too busy and they’re using computers and email as their primary source of communication,” she said. “Unfortunately, that leaves them vulnerable in many situations when they could simply call someone on the phone to verify and substantiate any financial transaction.”
For example, Coyne said, an ever-increasing scheme involves fake emails sent to persons in a corporation responsible for payments. The email looks legitimate and appears to be from a superior officer of the company directing the person to issue a check for a seemingly bona fide vendor.
“This fraud could easily be thwarted by simply calling the person to make sure they did indeed send the email,” Coyne said. “But it’s surprising how many times people will simply do what the email directs them to do without confirming.”
Last month the FBI warned of a recent increase in email scams.
“The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor,” the FBI release said. “They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.”
Another typical check scam, Coyne said, occurs when a company receives a payment for goods or services that is almost immediately followed up with a letter or email saying the check amount was in error and requests a refund for the difference. The scam works when the company issues the refund—usually in the tens of thousands of dollars range—before realizing the original check for payment was bogus.
“Again, these scams in retrospect seem so unlikely but they are happening at an alarming rate,” Coyne said.
Other check scams involve decidedly old and low-tech methods of fake or forged checks, paperhanging (writing checks on closed accounts) and check kiting, which involves opening accounts at two or more institutions and using the float time of available funds to create fraudulent balances. This fraud has actually become easier in recent years thanks to new regulations requiring banks to make funds available sooner.
How to protect your company
The good news, said Coyne and others, is there are many low and no-cost steps companies can and should take to guard against fraud. They can be boiled down to a Top 5 list:
Most banks and financial institutions offer customers a number of tools to prevent and discourage fraud. Among them is one called Positive Pay. This type of payment system records pertinent information about each check, such as the amount, the check number, bank information and date, and then transmits it to the bank to be verified before the check can be paid.
Another tool is an Automated Clearing House (ACH) debit blocker, which allows businesses to block all electronic drafts or specify which companies are authorized to post debits to their accounts while automatically blocking those that are not authorized. Some ACH blockers will also provide daily reports of all transactions.
“The biggest anti-fraud prevention methods are ‘Take care and use common sense,’” Coyne advised. “You don’t want to be saying ‘How did I fall for this?’ the day after you transferred money to a scammer.”
To learn more about how to protect yourself and your business from fraud, attend Rockland Trust’s upcoming Fraud Prevention seminar, which was organized by Stacey Coyne.
Breakfast Brief: Fraud Prevention Seminar
Wednesday, June 1
8:30 – 10:30 a.m.
Plymouth Area Chamber of Commerce
134 Court Street, Plymouth
The seminar is free and open to the public. To register, click here.