Transactions Through U.S. Banks are Safe… Maybe
As Warren Buffett so eloquently stated, “It has been far safer to steal large sums with a pen than small sums with a gun.” In the internet age, the pen is replaced by the keyboard. As shown by a rash of bank robberies by thieves who never step inside the lobby of the bank they rob, this safe crime is on the rise with no end in sight. A combination of brazen criminals with some technological skill, pressure for large banks to grow deposits, and the low priority these crimes have for law enforcement creates the perfect storm for millions of dollars to disappear from business and consumer bank accounts. This article will discuss a few actual scenarios and ways to protect your money.
Scenario 1 : Wire transfer interception.
In every wire transfer, there are at least four parties involved: (1) the owner of the money being transferred (“Owner” – this could be you); (2) the bank sending the wire transfer (“Owner’s Bank” – this could be your bank); (3) the bank receiving the wire transfer; and (4) the entity that is supposed to receive the transfer. If, at any point, the information about the upcoming wire transfer goes outside these four parties, two more parties join the transaction: (5) the bank that will receive the money, typically a large regional or national bank anxious to add deposits (“Big Bank”); and (6) thief.
Thief is well prepared and knows the system. Thief has recently opened an account at Big Bank. In this scheme, it doesn’t matter what name Thief uses for the new account; it can be a newly created business, with fresh papers from the State’s Division of Corporations. What Thief understands is that Big Bank doesn’t pay attention to the name on the account when a wire transfer comes in. Even though Owner fills out wire transfer paperwork that includes the name of the intended recipient and the bank routing number and account number, whether at Owner’s bank or online, the receiving Big Bank ignores the name on the account and only matches the account number upon receipt of funds.
Having opened the new account, Thief waits for the information about an upcoming wire transfer. The sources of information are only limited by Thief’s effort and imagination. It could come from an accomplice at party 4, say a dishonest employee at a business that frequently receives large wire transfer payments. It could be a cybersecurity breach in Owner’s computer or the entity that is the intended recipient. It could be a third-party vendor with access to information who supplies data to Thief. However Thief gets the information, the key is the skill with which Thief can deceive Owner. Since email is such a convenient, predominant form of communication today, Thief can easily set the wheels in motion without any personal contact. Using email, thief contacts Owner and apologizes for giving Owner the wrong wiring instructions. Thief explains mistakenly using an old account and advises that there is a new bank (Big Bank) and account to whom the funds should be sent. Cleverly, Thief has created a new email address that looks just like the intended recipient’s address. It may be exactly the same, except it substitutes .org or .net or .com for the actual domain name extension. It may change one letter or number in the email address; a subtle change that is unlikely to be detected. If it is detected, Thief searches for the next potential target, having had no personal contact with Owner. If it goes undetected, Thief waits for the money to hit the account at Big Bank.
Thief is focusing on transactions involving hundreds of thousands of dollars. The size of the transaction is important. Under a million dollars and law enforcement is unlikely to make the theft a priority. Wire fraud is a federal crime, as is bank robbery. But when it comes to wire transfer thefts, the reporting system to the FBI (fill out an online form at ic3.gov.) is unlikely to garner much attention. The same is true for contacting the FBI field office. Cybercrime is prevalent, and unwinding the web of transactions can be exceedingly difficult. Had Thief walked up to a bank teller with a note saying put all the money from your register in this bag, the full panoply of law enforcement tools would be employed to apprehend Thief, as appropriate for a crime that puts lives in danger, even though there might have only been a few thousand dollars in the register. It’s no wonder Thief chooses stealing with a keyboard: it is safer, the amounts are bigger, and apprehension is far less likely.
When the funds hit Thief’s account, it’s time to make the next decision: how much to take out and when. Wire transfer funds are conveniently immediately available; but Thief doesn’t have to be greedy – or greedier. If the haul is several hundred thousand dollars, Thief won’t draw any immediate attention about the new bank account from Big Bank if Thief only removes a percentage of the funds right away. The math is easy: steal $200,000, liquidate 40% immediately, and Thief has an $80,000 payday. Big Bank never sees Thief again, leaving Owner, Owner’s Bank, Big Bank, and the intended recipient to sort out the mess.
So how does Owner avoid becoming a victim?
In our digital world, analog tools can still be very important. Talk to people. When there is a change in a transaction, such as a “new bank account” – call the intended recipient and verify. DO NOT CALL THE NUMBER ON THE EMAIL THAT MAKES THE CHANGE. Go back to your initial contact information for the intended recipient and call that phone number. Go to the company’s website and get a company directory if one is available and call one of those numbers if you didn’t initially have a phone number contact. With the ubiquitous use of Zoom now, almost everyone can participate in a Zoom call. The point is to make a personal contact, not just email, when there is a change in payment instructions.
You can also ask the bankers to get involved. If you are wiring a large sum from your account, your banker is more likely to get cooperation from a receiving bank than you will as a customer, including being able to request confirmation that the name on the account matches the name of the recipient you have put on the wire instructions. Having an actual relationship with your banker is important. We all love the convenience of pressing a button and everything is done (see Amazon delivery, DoorDash, etc.), but utilizing personal contact and relationships on the front end of a significant wire transfer can avoid calamity after the fact.
Scenario 2: They Stole the Mailbox.