In a statement released last week, the diocese said the fraud occurred between Aug. 13 and Aug. 16, apparently after criminals had stolen the diocese’s online banking credentials. The Diocese it was alerted to the fraud on Aug. 17 by its financial institution, Bankers Trust of Des Moines.

The diocese also said the FBI and U.S. Treasury Department were notified, and that the FBI had taken possession of several diocesan computers. To date, roughly $180,000 has been recovered.

The diocese added that law enforcement had advised them that the theft seems to have been the work of a highly sophisticated operation based overseas, which moved the stolen money out of the United States by recruiting people who unknowingly act as intermediaries.

“While the Diocese of Des Moines is protected by insurance and anticipates the restoration of the funds, we have been advised that such criminal activity is rampant,” Des Moines Bishop Richard Pates said. “Obviously, any entity that experiences such a crime should be significantly concerned.”

Once again, the theft involves so-called money mules willingly or unwittingly recruited by a specific money mule cash-out gang whose work I have written about several times already. Among the mules involved in this incident was a man in Newnan, Ga. who received almost $30,000 of the church’s cash. Daniel Huggins, the 29-year-old owner of Masonry Construction Group LLC, got mixed up with a company calling itself the Impeccable Group, claiming to be an international finance company operating out of New York.

Huggins said the Impeccable Group recruited him via e-mail, claiming it had found his resume on job search site Monster.com. The Impeccable Group told him he would be doing payment processing for the company, and on Aug. 16, Huggins’ erstwhile employers sent him two payments, one for almost $20,000 and another for slightly less than $10,000.

Huggins said he contacted the Impeccable Group shortly after the transfers because the amounts seemed quite high and the transfers appeared to be coming from the Catholic Church. The scammers apparently were ready for this question and were quick on their feet with a reply that was as plausible as it was diabolical: Huggins was told the money was going to be distributed as legal settlements to people who had been affected by the clergy sexual abuse scandals that have rocked the church in recent years.

“The told me it was going to be payouts to some of the settlements in the sex crimes cases against the Church,” Huggins said.

Huggins’ bank discovered the fraud and froze his account while there was still almost $10,000 left in it from the fraudulent transfers. Huggins said he was told to expect a call from lawyers for the Des Moines diocese, but he’s conflicted about whether he will return the money he made from his part in the scam: Minus the Western Union and Moneygram wire fees, Huggins earned commissions totaling nearly $800 for helping the thieves transfer the stolen money out of the country.

“I already sent the money to pay off my credit card balance,” Huggins said. “I guess I’m still up in the air on that one.”

The screen shots below were taken of Huggins’ “task manager,” an online communications panel that Impeccable Group used to communicate with money mules they had recruited.

Attorneys for Dallas-based Hi-Line Supply Inc. recently convinced a state court to require depositions from officials at Community Bank, Inc. of Rockwall, Texas. Hi-Line requested the sworn statements to learn more about what the bank knew in the time surrounding Aug. 20, 2009, when crooks broke into the company’s online bank accounts and transferred roughly $50,000 to four individuals across the country who had no prior business with Hi-Line.

While the contents of that deposition remain closed under a confidentiality order, Hi-Line’s lawyers say the information gleaned in the interviews shows serious security missteps by Community Bank, and that they are ready to sue if the bank does not offer a settlement.

“In the event Community Bank refuses to resolve this matter, now that we have uncovered some of the information obtained by virtue of the court’s order, Hi-Line intends to assert claims for misrepresentation, violations of the Texas Deceptive Trade Practices Act, fraud, and breach of warranties, among other things,” said Michael Lyons, a partner with the Dallas law firm Deans Lyons.

Hi-Line president Gary Evans said the fraud began on Thursday, Aug. 20, about the same time the company processes its normal $25,000 payroll. After Hi-Line submitted that batch of payments to its bank, the unknown intruders attempted two more transfers of nearly identical amounts on Friday and the following Monday, Aug. 24.

Evans said he had trouble logging in to his account on Thursday and had the bank reset his password, but the fraudulent transactions hadn’t showed up on his account at that time. He said he took that Friday off as he always does, and when he tried again to log in after returning to work on Monday, he again found the bank’s site would not accept his password.

“When I finally got the bank to reset my password and got into my account, I noticed the duplicate payroll batches and said ‘Why are you all pulling my payroll out three times?’” Evans said of his recollection of how he came to realize his firm had been robbed. “At the time, as I was resetting my password, I had to scroll through the bank’s online customer agreement, which basically said the bank is not responsible for any fraud. I should have known at that point that they were not going to take any responsibility for this at all.”

Evans said the bank should have detected that something was amiss, and not just because of the unusual and repeated payroll batches. He said the crooks accessed his account from five different Internet addresses with locations that were nowhere near Texas, including from computers located more than 1,300 miles away, in Washington, D.C. and Maryland.

Community Bank did not respond to requests for comment. But in protesting the deposition, Community Bank claims (PDF) that hackers had infiltrated Evans’ computer with a virus and used it to steal his online banking credentials, which included a user name, password, PIN and several challenge/response questions.

The organized criminal gang that hacked and robbed Hi-Line could not have succeeded without the assistance of “money mules,” accomplices who were willingly or unwittingly hired through work-at-home job schemes to help cyber thieves launder stolen funds. Among those lured into the scam was Josh Enlow, a 28-year-old gas station attendant in Phoenix. Enlow said he was hired by an entity calling itself The Total Group Co., which initially contacted him in an e-mail stating it had found his resume on a job search Web site, and would he be interested in an “accounts payable” position?

A few weeks later, Enlow received “several” (he says doesn’t recall how many) deposits — including one transfer for more than $8,400. He then wired the money to individuals in Eastern Europe as instructed, he said. (See screen shots below taken from the Total Group Web site.)

The receipt Enlow received for one of the transfers from Hi-Line's hacked account.

The most recent incident involved Golden State Bridge Inc., a Martinez, Calif. engineering and construction company that builds bridges. The thieves used an extremely stealthy but as-yet-unclassified strain of malicious software to steal the company’s online banking credentials, and on May 19th, the crooks used that access to set up a series of fraudulent payroll payments totaling more than $125,000.

Initially, the attackers set up two batches of automated clearing house (ACH) payments –one for $50,000 and another for $75,000 – effectively sending a series of transfers to a dozen different money mules, willing or unwitting individuals lured into helping the criminals launder stolen funds by wiring the funds overseas and taking a small commission (usually 8 percent) for themselves.

When the first two batches were processed by Golden State’s bank on May 20, the thieves apparently figured they were home free, and set in motion another seven bundles of fraudulent payments for several hundred thousand dollars more, according to Ann Talbot, the company’s chief financial officer.

“Once they executed those first two successfully, they must have been like, ‘Oh, we’ve hit the mother lode! Let’s go for it!’,” Talbot recalled. “Had they succeeded in putting those through, we and the bank would have been looking at losses of more than $750,000.”

But Talbot noticed the fraudulent transfers the day the money started moving out of Golden State’s accounts, and sprang into action to get the seven new batches canceled. Unfortunately, by that point most of the mules who were sent loot in the first two batches had already withdrawn their transfers.

Talbot said nearly all of the money mules were located on the East Coast, which she believes is a tactic designed to give the attackers the longest head start possible before West Coast victims notice the fraudulent transfers.

“These mules were with East Coast banks, and most of them had [withdrawn] the money from their banks before we were even open for business,” Talbot said.

For what it’s worth, I observed this same pattern of the thieves relying mainly East Coast mules in an earlier post, Charting the Carnage from eBanking Fraud.

SECRET QUESTION CHECKUPS

Like many financial institutions serving primarily business customers, the California Bank of Commerce — Golden State’s bank — pushes most of the security and authentication for its online banking systems out to customers, requiring a simple username and password, and occasionally prompting customers to provide the correct answer to one or more of their “secret questions”.

Read more after the jump….

According Golden State Bridge, the bank has a curious practice of automatically verifying all of its customers’ secret questions and answers every 180 days.

“So how does it do this? It flashes them on your screen and asks, ‘Are these your secret questions and answers? Click ‘Yes’ or ‘No’,” Talbot said.

And when was the last time Golden State was prompted to confirm their secret questions and answers? Why, the very day before the fraudulent transfers began, Talbot said.

“I don’t know how long that malware or Trojan was on our machine, it could have been weeks or months,” Talbot recalled. “All I know is, we saw this fraud the day after the bank prompted us to confirm all five of those questions and answers.”

Virginia Robbins, chief administrative officer at California Bank of Commerce, declined to discuss Golden State’s claims or even confirm whether the company was a customer. But she emphasized that security is never about just software and hardware.

“Any financial institution can put all of the controls they want in place, but if their client isn’t following the instructions or doing things properly, there are certain challenges,” Robbins said. “We do look for all of our clients to use dual controls. and we want to make sure there are multiple points of control. Because what we’re seeing today is that a malware compromise can happen at a single point in the system, and so there have to be multiple controls in place on the customer’s side.”

Indeed, Talbot acknowledges that she and her co-workers aren’t blameless in this incident.  For example, the company had previously instituted a series of checks and balances to ensure that no single employee could both initiate and approve a payroll batch. Yet, at one point recently, Golden State Bridge undid that protection to accommodate a special case, but never bothered to put those restrictions back into place.

THIRD TIME’S A CHARM?

Golden State Bridge purchased $1 million worth cybersecurity insurance as part of a broader business risk policy offered by Arch Insurance Group, one of several firms now offering cybersecurity coverage. The company decided to get the insurance after suffering another major cyber crime incident almost three years ago.

In 2007, Golden State was banking with a financial institution aptly named Bridge Bank located in downtown San Jose. One day, the company opened for business to find that someone had wired $79,000 out of its accounts, destined for an account in Russia. Talbot said Bridge Bank shared the Internet address from which the fraudulent online login originated, and that she traced it back to servers operating out of a large building just four blocks away at 55 South Market St.

The owner of those servers was a problematic [and now defunct] hosting provider named McColo. In 2008, in response to questions from The Washington Post and security researchers about massive amounts of fraud, spam and other cyber crime activity flowing in and out of McColo’s servers, the hosting provider’s two upstream Internet providers pulled the plug on the company. As a result, the volume of spam sent worldwide tanked overnight — by some estimates as much as 75 percent. A nest of other fraudulent activity also evaporated (at least for a while) after McColo’s unplugging: One expert I spoke with who helps retailers control online fraud told me $250,000 worth of retail fraud committed against his customers on a typical day completely stopped the day McColo was unplugged.

Talbot said she’s glad Golden State purchased the insurance: The company managed to recover three of the fraudulent transactions, and its total loss now stands at just shy of $100,000. Golden State Bridge is confident that after paying its $10,000 deductible, the insurance company will cover the rest — probably by going after the bank. But Talbot said she’s worried she won’t be able to afford cyber risk insurance after this latest incident.

“I don’t think it will be offered to us again, or if it is, the cost will probably be so incredibly prohibitive that it may not be worth it,” Talbot said.

Unfortunately for Green, that PC was the same computer his kids used to browse the Web, chat, and play games online. It was also the same computer that organized thieves had already compromised with a password-stealing Trojan horse program.

A few days later, the crooks used those same credentials to steal nearly $100,000 from the company’s online accounts, sending the money in sub- $10,000 and sub-$5,000 chunks to 14 individuals across the United States.

Now, Green’s firm — DKG Enterprises, a party supplies firm based in Oklahoma City — is wrangling with its bank over who should pay for the loss, said Joe Dunn, the company’s controller. So far, DKG has managed to recover just $22,000 of the $98,000 stolen in the April 27 incident.

Unlike consumers, businesses that lose money as a result of stolen online banking credentials usually are left holding the bag. As such, I’ve frequently advised small business owners to avoid banking on Windows systems, since all of the malicious software currently being used by these criminals to steal e-banking credentials simply fails to run on anything other than Windows. What’s more, the tools these crooks are using — mainly the Zeus Trojan — almost always outpace anti-virus detection at least by a few days, and by then it’s usually too late.

But the advice about banking on a dedicated, non-Windows machine only works if you follow it all the time. As this incident shows, it does no good for small business owners to use a Live CD or a Mac or some other approach only some of the time.

“He knew better than that,” Dunn said of his boss’s logging into the family Windows machine. “The thing about it is this wouldn’t have been able to happen if the security had been place that is currently in place, which means he can only access the bank’s site from his Mac. We no longer allow access from any other computer other than his.”

Dunn said that not long after the fraudulent transfers were sent out, he heard from one of the money mules that were sent the firm’s money and asked to wire it overseas to the fraudsters.

“This guy, he went to go use his debit card to fill up his car at a gas station and his card was declined,” Dunn said.  “He was trying to figure out what had happened, so he researched where the money came from, went online and called the first number he could find and of course he got me. All I could do is refer him to the FBI. I think he’d figured out by that point what had happened.”

Dunn added the company’s bank is disavowing any responsibility for the incident, but that there is a small silver lining.

“Our take is we weren’t provided the utmost security to prevent this from happening,” he said. “It’s sad in this day and age, and we’ll probably have to take it as a hard lesson learned. On the bright side, though, the owner’s wife now has a new Mac.”

Further Reading: Target: Small Businesses

Treasury Credit Union -- Image courtesy Google Streetview

In most of the e-banking robberies I’ve written about to date, the victims have been small to mid-sized businesses that had their online bank accounts cleaned out after cyber thieves compromised the organization’s computers. This incident is notable because the entity that was both compromised and robbed was a bank.

The attack began Thursday, May 20, when the unidentified perpetrators started transferring funds out of an internal account at Treasury Credit Union, a financial institution that primarily serves employees of the U.S. Treasury Department in the state of Utah and their families. Treasury Credit Union President Steve Melgar said the thieves made at least 70 transfers before the fraud was stopped.

Melgar declined to say how much money was stolen, stating only that the total amount was likely to be in the “low six-figures.”

“We’re still trying to find out what net [loss] is, because some of the money came back or for whatever reason the transfers were rejected by the recipient bank,” Melgar said, adding that the FBI also is currently investigating the case. A spokeswoman for the Salt Lake City field office of the FBI declined to comment, saying the agency does not confirm or deny investigations.

Many of the transfers were in the sub-$5,000 range and went to so-called  “money mules,” willing or unwitting individuals recruited over the Internet through work-at-home job schemes. Melgar said other, larger, transfers appear to have been sent to commercial bank accounts tied to various small businesses.

Melgar said some of the money mules apparently had a change of heart, but only after they’d withdrawn the stolen cash from their bank accounts and wired the money overseas to Ukraine as instructed.

“Some of the money mules went back to their banks after they’d Western Unioned the money, went back and talk to their branch manager or whoever and say they felt they may have committed fraud,” he said. “I guess something must have clicked in their head at that point.”

Melgar said it wasn’t clear whether any of the mules who reported the fraud to their banks had returned the “commissions” they make for helping thieves launder the money. In previous attacks I have written about, the mules were permitted to keep roughly 8 percent of the transfer amount, with any wire fees to be taken out of the commission. Earlier this month, the FBI said it is planning a law enforcement action against money mules in a bid to raise public awareness about the damage from these types of work-at-home employment schemes.

According to Melgar, the perpetrators who set up the bogus transactions had previously stolen a bank employee’s online login credentials after infecting the employee’s Microsoft Windows computer with a Trojan horse program. Melgar said investigators have not yet determined which particular strain of malware had infected the PC, adding that the bank’s installation of Symantec‘s Norton Antivirus failed to detect the infection prior to the unauthorized transfers.

“That’s all part of our investigation, and we’re going to try to see  how it was that this PC got infected,” Melgar said. “The truth is if you invite malicious software in, there’s probably not a lot at that point that’s going to stop it.”

Last July, organized thieves used money mules to steal tens of thousands of dollars from Huntington, W.V. based First Sentry Bank.

Patrick Carney, acting chief of the FBI’s cyber criminal section, said mules are an integral component of an international crime wave that is costing U.S. banks and companies hundreds of millions of dollars. He said the agency hopes the enforcement action will help spread awareness that money mules are helping to perpetrate crimes.

“We want to make sure that public understands this is illegal activity and one of the best ways we can think of to give that message is to have some prosecutions,” Carney said at a Federal Deposit Insurance Corporation (FDIC) symposium in Arlington, Va. today on combating commercial payments fraud. “We realize it’s not going to make the problem go away, but it should help raise awareness and send a signal.”

Money mules typically are first contacted by e-mail, usually with a greeting that claims the prospective employer found the recipient’s resume on Careerbuilder.com, Monster.com, or some other job search site. The fraudsters usually represent themselves as international finance or tax companies that are looking to hire “financial agents” to help customers move their money abroad speedily. Candidates often are told the position is a work-at-home job, that no experience is necessary, and that they need only have access to a computer with an Internet connection.

The mule recruitment process can be very convincing: Some scammers go through the trouble of conducting phone interviews, following those up with a barrage of online questionnaires. At some point in the recruitment process, however, the fictitious company will require the recruit to hand over their bank account numbers, so that the erstwhile employer can deposit their clients’ funds. The employees eventually receive checks, wire transfers or automated clearing house (ACH) payments, and are asked to pull the money out of their bank in cash and wire the money overseas through establishments like Western Union and Moneygram. The typical “commission” for each transfer (most money mules get a single transfer before they’re fired) is about 8 percent, minus the fees for wiring the money.

I have interviewed more than 150 money mules in the course of my investigations over the last year into this type of fraud. I can safely say that most mules fit into one of two camps: Those that are simply not the sharpest crayons in the box and really did get bamboozled (at least up to a point); and those who are out of a job, laid off, or otherwise in need of money and simply aren’t asking themselves or anyone else too many questions about the whole process.

I find most mules fit into the latter group, and you can usually tell because these individuals often will admit to having set up a new account for the job – separate from where they keep their meager savings or checking. When pressed as to why they did this, if they’re honest most will say they weren’t sure about the whole arrangement and wanted to protect their investments just in case their employers turned out to be less-than-honest.

Alexander “Sandy” Jackson‘s world started crashing down on Apr. 20, the day he learned that more than $70,000 of company’s cash had been transferred to 10 complete strangers scattered about the United States. Since then, the owner of Jackson Demolition Service has spent a good deal of time trying to retrieve that money. So far, he and his bank have recovered about one-third of the amount stolen.

Oddly enough, Jackson first learned of the fraud after being contacted by an individual who received close to $5,000 of the firm’s money.

That individual was Montgomery, Ala. resident April Overton. In March, Overton responded to an e-mail from a company that said it found her resume on Careerbuilder.com, and would she be interested in a work-at-home job entering tax information on behalf of American tax filers? Overton said she accepted the job, and for more than a month worked several hours each day completing various tax forms with personal tax information sent to her via e-mail, forms that she then had to fax back to her employers, who claimed to be Tax World LLC, at www.taxreturnsworld.com.

“I was basically processing tax returns, and they’d have me log in to a site every morning between the hours of 8:30 a.m. and 11:30 a.m., and would send me information, have me filing out [IRS Form] 1040 tax returns,” Overton said.

The information at taxreturnsworld.com indicates that the company is based in New Jersey, and that it has been in business since 2002. However, the state has no record of a business by that name, and the domain name was registered in March 2010 via a Russian domain name registrar. In addition, the same Web server hosts an identical site reachable through the domain worldtaxreturns.com. A message left at the phone number listed on both sites was not returned.

Overton said she spent more than a month entering and faxing tax information for Tax World before she was paid. The payment took the form of an unexpected $4,700 deposit into her bank account from a company in North Carolina. She said she spent that money, assuming it was payment for her work, until the deposit was recalled by the issuing bank, at which point her account went thousands of dollars into the red.

A few days later, she received another $4,700 deposit, this time from Jackson Demolition Service. Suspecting that the rug was about to be pulled out from beneath her yet again, she picked up the phone and called the wrecking firm, effectively alerting workers there to the missing money. Overton’s bank, however, appears to have used the deposit from Jackson to replace the overdraft amount from the previous deposit from the North Carolina firm.

“She got a $4,700 deposit and spent it right away, but her bank overdrafted her account because that deposit got recalled,” Jackson said. “Then my money comes flying in there and her bank grabs that to replace the missing money.”

Overton has promised to repay the $4,700 to Jackson. Meanwhile, it remains unclear what Overton’s employers were doing, if anything, with the completed tax forms, although experts say it’s not uncommon for organized criminal groups to secretly file taxes on behalf of other people, request a refund and then later request that the refund check be sent to a new address.

The closing slide in my presentation up in New York included a list of tips that I urged small business owners in the audience to consider in order to avoid becoming the next victim of this type of crime. The thrust of my speech was that today’s attacks against online banking have become so sophisticated that banks need to adopt authentication mechanisms that work even when their customers’ PCs are already compromised by organized criminal gangs.

Unfortunately, very few commercial banks are prepared to meet this threat. As such, I encourage small business owners to take a few simple precautions, such as banking online only from a dedicated computer. This can take the form of a laptop or desktop that’s used only for online banking and nothing else; a Mac OS X system (all of the malware used to steal online banking credentials simply fails to run on non-Windows computers); or a bootable Linux installation that runs off of a CD-Rom or DVD.

By the way, if you ever get a chance to visit Cooperstown, N.Y., consider staying at the picturesque Otesaga Resort Hotel there, where I snapped this photo last week right before a thunderstorm moved into the area.

Further reading:  Target: Small Businesses

Of course, ignorance of the law is no excuse, and this blog entry is in no way meant to defend the mules. But I did want to shed more light on the efforts that some mule recruitment gangs take to help potential mules believe they are in fact working for a legitimate company.

Take, for example, the efforts of what we’ll call the “Back Office,” mule recruitment gang — so named because the Web sites used to recruit and manage these folks almost always include the term “backoffice”. Potential Back Office mules are recruited via e-mail, with a message stating that the employer found the recipient’s resume on a job search site and would he or she be interested in working as a financial agent in an international finance company?

Those who respond are directed to create an account at a Back Office site, and from there the new recruits are processed through a series of interviews. According to conversations with multiple mules recruited by the Back Office gang, the process normally starts with a lengthy telephone interview, wherein the recruit is asked about his or her work history, ethics and attitudes.

Following the verbal interview, mules are asked to complete a lengthy questionnaire that asks roughly three dozen questions, including many that one might expect to find in a legitimate interview for a professional position.

“How do you evaluate success?”

“What classes or seminars have you taken on your own during the last three years to advance your careers and personal growth?

Clicking on this Google Maps link brings up an interactive version of this map showing the names of the victim at each point on the map, as well as their monetary losses.

What’s interesting that I hadn’t realized before seeing this map is that the victims appear to be heavily clustered in the East Coast and Midwest. I’m not sure if there is a connection, but the thieves perpetrating these attacks typically recruit their money mules almost exclusively from these regions. The thinking is that the criminals — most of whom reside in the Eastern European Time Zone (EET), don’t want to spend all night managing these mules. As such, they crooks tend not to solicit mules from those living in the Western United States. Again, there may not be an actual link between the mule trend and the grouping of victims, but just thought it was worth noting.

On Wednesday, Apr. 7, Ft. Smith based JE Systems Inc. received a call from its bank stating that the company needed to move more money into its payroll account, chief executive Melanie Eakel said. Over the course of the previous two days, someone had approved two batches of payroll payments — one for $45,000 and another for $67,000.

“They said ‘You’re overdraft,’ and I told them that was impossible because we didn’t do our payroll…we do it every Thursday,  not on Mondays at 2 a.m., which was when this was put through,” Eakel said. “I told them we did not authorize that.”

A few days later, however, the First National Bank of Fort Smith sent JE Systems a letter saying the bank would not be responsible for the loss. First National did not return calls seeking comment.

“They said it was our [Internet] address that was used to process the payments, and our online banking user name and password,” Eakel said. “I feel like the bank should have caught this.

ANALYSIS

As Eakel discovered the hard way, businesses do not enjoy the same legal protection against online banking fraud afforded to consumers. All the attackers need to do is trick an employee with access to a company’s bank accounts into opening a booby-trapped e-mail attachment or specially crafted link: From there, the attackers can plant malware on the target’s system and siphon any credentials stored on or transmitted through the infected PC.

Whether or not that company will ultimately lose money from such an intrusion depends on a great many factors (including whether or not the bad guys who stole the credentials ever get around to using them). Having interviewed more than 100 companies that have been hit with this type of attack, however, I can say that when a victim loses money there is usually plenty of blame to go around for the both the bank and the customer.

First off, far too many banks still rely purely on user-facing security mechanisms for authentication, such as passwords, secret questions, and one-time tokens. All of these — even when used in tandem — have been defeated by the organized criminal gangs that targeted the companies I have interviewed.

Part of the problem is that most banks — even the smaller ones — no longer know their customers, by sight or by name. Consequently, few banks actually have a good feel for what their customers’ normal transaction activity looks like. That wouldn’t be such a big deal if most banks substituted that lack of knowledge for some type of technology that builds a profile of customer transactions, and then alerts the bank and/or the customer when anomalies arise. However, relatively few banks employ this type of technology today, particularly for their commercial customers.

Many of the business owners who lose sizable amounts of money from this type of fraud are not in the habit of reconciling their books on a daily basis. Indeed, a majority of the victims I’ve interviewed who lost substantial sums failed to detect the missing money for more than 24 hours. This is not to say that victims who discover the fraud on the same day it is perpetrated always recover some or all their money, but they stand a far better chance of doing so than those who don’t detect it right away.

Back to the banks for a second: At what point are the financial institutions of this country going to begin placing giant red flags on new accounts that suddenly receive deposits of slightly less than $10,000, money which the account holder shows up to withdraw in cash shortly thereafter? For that matter, shouldn’t the companies that facilitate the subsequent wire transfers be held to a higher standard?

IGNORANCE OF THE LAW…

JE Systems was robbed with the help of at least a dozen different “money mules,” willing or unwitting individuals in the United States who are hired through work-at-home job scams to help crooks launder their money. In every case I’ve covered, the mules pulled the money out in cash, wired the funds overseas to Ukraine and Moldova, and kept about eight percent in “commission” (minus the hefty wire fees).

For her part, Eakel said her company certainly could have been more vigilant with its books. But she added that she’d like to see some of the money mules prosecuted for aiding and abetting fraud.

“It’s overwhelming my emotion to talk about this,” Eakel told Krebs on Security in a phone interview, audibly choking on the words. “These mules or whatever they are need to find a real job and a legal, honest way to earn their money just like the rest of us, and stop stealing from innocent small businesses. Honestly, I don’t understand how these individuals can sleep at night.”

RELATED POSTS:

Category: Small Business Victims

eBanking Guidance for Banks and Businesses

Regulators Revisit eBanking Security Guidelines