Fraud on a Wire

Identity thieves have found a new way to use your personal information for their gain: wire transfer fraud. Learn how they dupe financial institutions, and find out how to protect yourself with our tips.

Thursday, July 14, 2011
Wire transfers are lifelines for people sending money to relatives back home or friends in a jam.

They’re also a perfect way for identity thieves to pilfer money from banks and credit unions. Criminals armed with just a few key pieces of personal information have found new ways to hoodwink financial institutions into believing they’re real customers—and make off with big bucks.

The numbers underscore the growing severity of the problem. In 2010, wire transfer losses among consumers who filed complaints with the Federal Trade Commission totaled more than $144 million, according to the FTC’s Consumer Sentinel Data Book. The number of consumer complaints that involved wire transfer as the method of payment reached a high of 44 percent, up from 21 percent in 2009. And that number has tripled in the last three years.

“The criminals have gotten smarter,” said Victor Searcy, director of fraud operations at CyberScout. “They have figured out how to access customers’ Internet and telephone accounts. When financial institutions contact the customer to validate the transaction, it’s the criminal who responds.”

In April, the FBI sent a warning about wire fraud attacks that targeted small- to medium-size companies. Criminals secured victims’ online banking sign-in credentials through phishing emails or by directing them to websites loaded with malware. They used that information to initiate and control unauthorized wire transfers to companies in China. In a one-month period, the scheme cost U.S. businesses more than $11 million.

Suspicious wire transfers raise red flags at major banks. If a request seems out of the ordinary, a banker will call the customer to verify his or her identity. But even this security check can be rendered ineffective when thieves take the additional step of hijacking their targets’ phone lines. By calling the phone company and putting call forwarding on the consumer account in question, a thief can ensure that any calls to confirm bank activity are redirected to his own cell phone—and appease concerns accordingly.

“The thieves usually have all the personal information to take over someone else’s identity,” Searcy said. “They have the mother’s maiden name, current address, and last four digits of a Social Security number. Combine this with the fact that the banker has called the customer’s established number and the bank is confident that the transaction is legitimate.”

Industry experts are urging banks to tighten online security. A recent hack exposed the information of hundreds of thousands of Citigroup credit card holders. This kind of breach—in which hackers obtain data to access bank accounts—poses a significant fraud threat to customers, according to a report from Reuters. They are more vulnerable to identity theft crimes, particularly wire transfer fraud.

Small credit unions are getting hit the hardest because they usually have smaller fraud departments with fewer people and less sophisticated security protocols in place, in addition to less experience with significant fraud, Searcy said.

“If you are a victim, you’ve got to fight,” he said. “Follow the process: Fill out the police report, get an affidavit from the affected institution, and request a change of service form from the phone company as evidence that your service was hijacked.”

CyberScout fraud specialists can help victims:
  • They notify financial institutions immediately to block the accounts impacted by fraud and secure other accounts.
  • They uphold customers’ rights by formally demanding that the affected accounts be made whole and/or securing reimbursement. 
  • They review a bank’s account holder’s agreement, internal policy and procedures and the regulatory guidelines governing the fraudulent transaction to determine if the institution is in compliance. If the institution isn’t in compliance, they prepare to file complaints with the attorney general, FBI and the Secret Service.
  • They send complaint letters if a bank has refused to maintain contact with the victim and is out of compliance.

It’s increasingly common for financial institutions to decline consumers’ requests for reimbursement, even when they have reason to believe the wire transfer was fraudulent.

“It’s getting tougher for customers to get their money back, as businesses push back against complaints,” Searcy said. “Customers are waiting weeks or months to find out if they owe a half a million dollars that was stolen.”

Criminals are targeting Home Equity Line of Credit (HELOC) accounts. When a bank refuses to reimburse a HELOC theft, homeowners may choose to get foreclosed on rather than owe that kind of debt, he added.

“Imagine you’re in a negative equity situation like many homeowners and your lender processes a fraudulent wire transfer of several hundred thousand dollars on your loan,” Searcy said.

“Would you continue to pay the debt or walk away?”

© CyberScout, LLC. All Rights Reserved.
If you need identity theft assistance, call your provider organization to be put in touch with the CyberScout Resolution Center. More information for individual consumers.