The Bedel Security Blog

When a Returned Wire isn’t Just a Returned Wire

Written by Chris Bedel | Jan 9, 2017

[caption id="attachment_715" align="alignnone" width="672"]

Recently, the Wire Department at a client of ours noted an unusual event where $5,000 had come in on a Thursday, and then was requested back by the originating bank on the very next day for the reason of fraud.  They complied with the request and contacted the customer, who said they were not expecting the money and acted indifferent to the matter.  The Wire Department reviewed account history and there had been no wire activity for this customer in some time.  At this point, everyone just assumed it was an error by the originating bank in sending it to begin with, and chalked it up as case closed.  

That is, until five days later when the bank received two emails alerting them of a phishing scheme being sent out with a fake invoice asking the funds to be remitted via wire with their routing number and the account of the customer that had received the $5,000 just days earlier!

We happened to be onsite when those emails came in.  Since the customer seemed unaware on the first occurrence, our thought was that their internet banking account had been taken over and that the perpetrators were sending funds there to be sent out via bill pay shortly thereafter.  But, after determining that the customer had no internet banking or even a debit card, we realized that they had to be in on it.

The bank contacted the customer again and, after some lengthy conversation, found out that they had signed up for a work from home scheme and just didn’t realize that they were actually part of a money mule program for laundering fraudulent funds for various phishing campaigns.

Actions taken by the bank:

  1. Closed the customer account and opened a new one
  2. Flagged the new customer account as high risk for fraud
  3. Directed  the customer to training resources on current fraud schemes
  4. Discussed and trained the Wire Department staff on what to look for, who to alert, and how to react in these situations

Some key takeaways that I was reminded of:

  1. Any anomalous transaction can be a clue to a larger fraud attempt
  2. Clear internal communication is so important in any incident
  3. Customer awareness training will continue to play a vital role in stopping cyber fraud