Our BIZStreet events connect you to resources that can make a real difference in the way you do business. These sessions are a great way to connect with decision-makers and forge new business relationships — all while gaining a little know-how that will help you make better-informed business decisions.
One recent BIZStreet workshop focused on identity theft – something that can happen to just about anyone. Jim Tippett recently learned first-hand how devastating fraud can be. He is General Manager of Bay Shore Systems and when the company fell victim to fraud Jim learned many expensive — but valuable — lessons that he hopes others will learn from. Read on to learn how this breach occurred, and a few lessons that can help you protect yourself.
Here’s Jim’s story:
It was like any typical Tuesday, with one exception: our controller’s computer started shutting down programs one at a time. The machine proceeded to shut down and restart on its own. This wasn’t normal computer behavior, so she called our internal IT manager. He made all the logical checks including one for known viruses. He had no explanations so she moved up the chain to our local IT consultant. He had no logical explanation, either.
She went back to work and attempted to log onto the banking website to finish some transactions. However, the bank site would no longer allow her to log into the account. So, we have some funny things going on, but at this point there are no red flags. Computers act up all too frequently and surely her issues weren’t a big deal.
For the remainder of Tuesday and the following three days she logged onto another machine and banking was conducted from there without incident. No strange activity within the bank account and no other goofy things were happening, with the one exception: online banking was still not working.
On Friday, most of our banking transactions were completed by early afternoon from anther work station as she still didn’t have access to online banking from her own. We still had no solution from IT or the bank.
On Monday, after opening the office and taking care of all the busy start-of-week activities, our controller (still with no solution to online banking) went to another workstation to make some transactions. She immediately saw some pending activities that were set in motion late Friday afternoon (hello, red flag!). She quickly confirmed that no legitimate transactions were pending, especially of the magnitude she was seeing – one for $70,000 and one for $80,000, (both of which, it turns out, were divided into amounts averaging $5,000 and sent to locations all over the US, via ACH payments). She immediately called the bank and they attempted to freeze the transactions.
The call to the bank was followed by a call to local law enforcement. After several tense hours we learned the bank was able to stop the $80,000 transaction. It would take another week to learn that over $50,000 of the second transaction would never be seen again.
We would later find out that it was no ordinary group of thieves – they were from the other side of the globe and were using software tools so new and sophisticated that antivirus software was useless. In addition, they seemed to know how to fly under the radar. Thefts under $100,000 aren’t likely to be a priority for our international and federal law enforcement agencies – we had one at $80,000 and one at $70,000. Local law enforcement probably won’t get excited much over $5,000 and most of the individual amounts were at or below this amount.
The computer was picked up by the local police later that Monday. Our controller was a suspect and had to go through a great deal of unnerving scrutiny. It took more than four weeks for the FBI, Secret Service and IT forensics to find out what happened.
Here are the highpoints: In 2011 a Zbot was planted on her computer. The week of the fraud, a resume was sent to her answering an ad we placed on the internet. That resume had planted the Zeus virus on her machine. Current antivirus software failed to detect either one. Ultimately they watched her computer remotely with one or both of these, found out she had banking privileges and waited for the right time. Once she entered the number (randomly generated every few seconds) on the “token” from her phone they took over the banking site. They kept themselves logged in until Friday when they waited for the end of the day to commit the crime, giving them all weekend to steal the money. The bank didn’t stop it with their tools as it was our controller’s credentials and they were using our IP address so they thought the activity was normal.
You may be thinking that this is something the bank should be insured against and cover in their policy. It isn’t, because it happened at our place of business using our credentials. Fortunately, we had fraud insurance.
Here are some things you can do to help prevent this from happening to you.
- Have a regular meeting with your bank. Ask them if they know what Zeus, Zbot or Cryptolocker viruses are; if they don’t know and/or don’t care change banks quickly.
- Have multiple bank accounts for outgoing and incoming funds that sweep to a restricted account daily.
- Isolate the banking computer from HR activities where you are expecting emails from strangers.
- Use dual authorization on ACH payments.
- Use an ACH debit filter.
- Use positive pay for checks.
- Have fraud insurance in place.
- Conduct social engineering with your staff.
- Have a plan if you do get hit.
GSI wants to know: Has your business ever experienced something like this? What steps did you take to ensure you were protected in the future?