Security and Relationships

May 23 started out like a quiet day, but one phone call created a two-day scramble to quell a crisis. The solution included working around an unresponsive bank, rapidly deploying technology tools, and cashing in the benefits of good working relationships. It was the stuff of a thriller novel.

It had been a couple of very tough weeks. Your special agent/tech guy (me) was at the carwash when the cell phone rang. A client reported $140,000 was missing. It had been wired out of an account that day, and they couldn’t get anyone from their bank to respond to their phone calls.

“Hmm,” the special agent/tech guy thought, “$140,000 can cover the detailing work for several fleets of Corvettes,” but reality took hold. He couldn’t wait for them to clean his car’s interior. He jumped behind the wheel and headed for his client’s office.

With $140,000 missing and nobody at the bank picking up the phone, we found the police already involved in the case. We quickly realized there would be no telephone solution to the problem, and it took us until the early evening to solve this problem. The good news is that we were able to reverse the wire transfer all on our own after trying for hours to get phone support.

Here are the facts – just the facts, ma’am.

Obviously, our client’s system was hacked. It was a complicated case because it involved the email of an employee in the finance department who had just left the company. That’s one reason why the police were involved. There was no criminal activity, but there was a lot of sloppiness.

The hackers got into the former employee’s email account and saw that one password opened up a lot of doors in the company’s financial system. They reset the account’s password, created a new account that they could use to “approve” new transactions, and used it for the $140,000 wire transfer.

However, they made one mistake: They forgot to turn off forwarding in the account they hacked, and that’s how they were discovered. Our client had done the right thing by having the ex-employee’s email forwarded, and they created a special rule so that all the emails went into a separate folder. Several people monitored that folder periodically, and as soon as one of them saw the emails, the alarm went off. In most cases, this kind of wire fraud isn’t discovered for days, and the money is lost.

Our client was able to freeze their account immediately online, but they still had outstanding checks on that account. That matter also needed immediate attention.

So, the special agent/tech guy took advantage of a good relationship with another bank, which is also a client, first thing the next morning. He jumped in his car. The interior was still dirty. He drove to the bank, where he was able to help his other client open a new account and get checks they could print immediately to replace those outstanding in the frozen account.

But his work wasn’t done. The victimized client had resisted instituting multifactor authentication for all financial transactions. So, the rest of the day was spent instituting a two-factor authentication system and training everyone in its use.

We like to think the goodwill we’d built up with both clients helped one client get out of a hole and another gain a new customer. But it all could have been prevented with better passwords and an authentication system. Don’t wait for a disaster to strike. Call us – 973-433-6676 – or email us to discuss your online security and the steps we can take to improve it.

Finding and Thwarting Scammers

We helped a client recently resolve a personal financial issue that involved online banking and credit cards. The story illustrates some of the dangers we face in our online world. We can’t run away or hide from those dangers.

Those of us with aging parents face a gut-wrenching dilemma. Without getting involved in anybody’s specific family dynamics, we want our elderly parents to remain independent (as much as they want to be independent), but we also know they are more vulnerable to scams because they tend to be more trusting. Their vulnerability becomes even greater as they use technology more.

This story started with a credit card issued by BP, the gasoline retailer, and money that started to disappear from our client’s mother’s account through Synchrony, a bank that has close ties to Amazon and is used to finance merchant accounts. Our client manages the finances for his mother, who is in her 90s and lives in an assisted living facility. A gasoline credit card was odd because his mom stopped driving four years ago. That raised one red flag. Synchrony raised another.

We surmised that someone that someone was able to hack his mother’s bank account and then created a way to use her info get the credit card and create the transfer portal. In all likelihood, they found a piece of junk mail with the credit card offer and used it to do their dirty work. No email was involved. The credit card had a balance of $1,500, even though he had no knowledge of the card being used. So, he made a $200 payment and saw the balance transferred to what looked like a debit card. He also changed the bank account, but the connection was still there.

When our client wondered if his mom’s account had been hacked – and if any others had – we told him to investigate. He changed the bank account again and told us he was worried that his other accounts at the bank might be affected. In addition to his mother’s account, he had a personal account and one for his business. All were online. Fortunately, the scammers never got there.

To protect the money for the three accounts, our client created a sweep account in his wife’s name for personal use. This enabled him to clean out the accounts he was worried about on a daily basis to keep it safe.

At the same time, he had to send letters to the banks involved to cancel the credit card and close all the bogus accounts and open new accounts. None of this activity tied his mother’s taxpayer ID number to any of the accounts. Had there been a connection, the scammers could have done much more damage.

But it all started with the low-hanging fruit – that credit card offer that anyone could send in. The same problem can come from those “checks” you get in the mail that are really loans. Anyone can use them, and it can hurt you if your name is on the “check.”

Our advice: Pay as much attention to physical pieces of mail as you do to email. Don’t throw those offers in the trash or recycling bin. Shred them or cut them into tiny pieces that can’t be reassembled. At the same time, keep your online presence secure and check your financial info regularly to spot anything that looks out of order.

We can help you with a security audit and we can explain the technology behind various security measure you can take. Call us – 973-433-6676 – or email us to set up a consultation and implement a program.