May 23 started out like a quiet day, but one phone call created a two-day scramble to quell a crisis. The solution included working around an unresponsive bank, rapidly deploying technology tools, and cashing in the benefits of good working relationships. It was the stuff of a thriller novel.
It had been a couple of very tough weeks. Your special agent/tech guy (me) was at the carwash when the cell phone rang. A client reported $140,000 was missing. It had been wired out of an account that day, and they couldn’t get anyone from their bank to respond to their phone calls.
“Hmm,” the special agent/tech guy thought, “$140,000 can cover the detailing work for several fleets of Corvettes,” but reality took hold. He couldn’t wait for them to clean his car’s interior. He jumped behind the wheel and headed for his client’s office.
With $140,000 missing and nobody at the bank picking up the phone, we found the police already involved in the case. We quickly realized there would be no telephone solution to the problem, and it took us until the early evening to solve this problem. The good news is that we were able to reverse the wire transfer all on our own after trying for hours to get phone support.
Here are the facts – just the facts, ma’am.
Obviously, our client’s system was hacked. It was a complicated case because it involved the email of an employee in the finance department who had just left the company. That’s one reason why the police were involved. There was no criminal activity, but there was a lot of sloppiness.
The hackers got into the former employee’s email account and saw that one password opened up a lot of doors in the company’s financial system. They reset the account’s password, created a new account that they could use to “approve” new transactions, and used it for the $140,000 wire transfer.
However, they made one mistake: They forgot to turn off forwarding in the account they hacked, and that’s how they were discovered. Our client had done the right thing by having the ex-employee’s email forwarded, and they created a special rule so that all the emails went into a separate folder. Several people monitored that folder periodically, and as soon as one of them saw the emails, the alarm went off. In most cases, this kind of wire fraud isn’t discovered for days, and the money is lost.
Our client was able to freeze their account immediately online, but they still had outstanding checks on that account. That matter also needed immediate attention.
So, the special agent/tech guy took advantage of a good relationship with another bank, which is also a client, first thing the next morning. He jumped in his car. The interior was still dirty. He drove to the bank, where he was able to help his other client open a new account and get checks they could print immediately to replace those outstanding in the frozen account.
But his work wasn’t done. The victimized client had resisted instituting multifactor authentication for all financial transactions. So, the rest of the day was spent instituting a two-factor authentication system and training everyone in its use.
We like to think the goodwill we’d built up with both clients helped one client get out of a hole and another gain a new customer. But it all could have been prevented with better passwords and an authentication system. Don’t wait for a disaster to strike. Call us – 973-433-6676 – or email us to discuss your online security and the steps we can take to improve it.