Our Client is a tech company that deals with international companies located throughout the world. As such payments to and from his company must be done via wire transfer. These transactions are often in the six figures therefore making these transfers in a secure fashion was a priority.
Like all clients his computer system was protected and monitored by a third party. However scammers can delete any protection. Someone most likely from China, actually programmed a website to virtually mimic CitiBank webpage and was able to obtain his personal information such as security questions, passwords and emails.
Simply put, a hacker found a way to gain access to our clients’ computer, through a vector probably disguised as some ad or email, then programed the computer to re-direct automatically to a website which was 99% identical to CitiBank. After being made aware by the bank of what was happening, money had been drained from our client’s bank account, and because this was an international matter that occurred in China.
It was an arduous task to recover the money, in the meantime he was out the use of his funds until it was rectified. It’s important to understand that every computer that operates on the internet is vulnerable to attacks like this. He now uses a separate computer that is used only to affect all of his banking transactions.
One of our major clients, who issues between 400 and 500 payroll checks for each pay period, has twice this year been a victim of fraudulent checks. Its gotten to the point where banks will not process any payroll checks.
The most likely cause of this problem is security of the processed checks, now that banking customers are able to use scanners to make their deposits and banks have given the customers the ability to forward pictures of checks to be deposited. What happens to the deposited checks? They should be shredded or destroyed, but that typically is not the case.
In days past there was a chain of custody for cancelled checks, but today cancelled checks can be pulled out of the garbage or sold. This is especially true when people use third parties such as check cashing places to cash their checks.
One of our clients received an official looking email from JP Morgan Chase informing him that there were suspicious charges, which the bank believed to be fraudulent.
As requested in the email he called the telephone number that was listed and a customer representative proceeded to help him. Very quickly she started to ask personal questions, he got nervous and hung up.
If you receive an email instead of calling the telephone number listed in the email, call the telephone number listed on the back of your credit card. Then you can be confident that the person you are speaking to works for your credit card company. Good advice is to always go with your gut feeling, if it doesn’t seem right it probably isn’t.