Project Description

Music Up/Intro

From Wells Fargo Treasury Management, this is True Stories of Fraud – I’m Aaron Grayson, your host for this investigative fraud series.


From Wells Fargo Treasury Management, this is True Stories of Fraud – I’m Aaron Grayson, your host for this investigative fraud series.


Today’s story is about a large school district out west that fell victim to imposter fraud. Not because they were negligent. But because they thought, like many of us, who would defraud a school district?


They’re not after me. They look for the big title, the one that makes the big money. That’s the target.


Jerry is an accountant for the school district. The biggest financial challenge they usually face is getting money from the state, not having it stolen by fraudsters. Until now.
On a typical day in January, someone in payroll received an email from who they thought was the school district superintendent. He was asking to change his banking details and override the prenote for his payroll direct deposit.
A prenote—or prenotification—is a test that they run to validate the employee bank account before setting up a direct deposit transfer.
Here’s Jerry.


We have everything prenoted, but if someone like the superintendent asks us to override it, we do.


Jerry told me you wouldn’t expect a school district to be targeted by fraudsters. They go after big companies. But that’s the point. You wouldn’t expect it. And when you don’t expect it, you overlook things.


It looked legitimate. They’re good at what they’re doing. It appears to be that person’s name and address, but if you hover over it, it’s some other weird email address.


The fraudster breached the school district’s email system. And the target was clear—the man at the top.
Using compromised information, the scammer emailed the payroll department, requesting a change in bank information and prenote override. Then they asked for a copy of the direct deposit form.
Payroll obliged.
The fraudster returned the filled-out form along with a bogus check—also by email.
Payroll missed the mismatched signatures and overwrote the bank information.
After all, no one was expecting it.


Music Up/ raising suspense


Two weeks later, on pay day, the superintendent contacted payroll. Nearly $14,000 hadn’t arrived.


I went in after the fact and tried to stop it, but it didn’t work.


Music Out


Almost $14,000 was transferred because of two things: the payroll department was duped by the phony email, and no one imagined a fraudster would target a school district.
Here’s the thing. The real key to pulling off impostor fraud is knowing who to impersonate.
A fraudster will pose as a person or entity you know and trust—like the school district superintendent.
Once the email system has been compromised, the impostor can monitor email correspondence, study payment patterns and—leveraging the hacked system—submit fraudulent requests that look legitimate.
The tough thing about impostor fraud—and the fraudsters know this—is that because the transactions are consistent with regular payments and are made by authorized personnel, it’s very hard to detect.
And technology, so often, so helpful, can also make it all too easy for the fraudster…


We’re trying to go paperless these days, which is good except for the fact that someone having to hand you a piece of paper is a good safeguard too.


Music under


Jerry and the payroll department aren’t alone. The 2019 AFP Payments Fraud and Control survey reported over 80% of those targeted by impostors received emails from fraudsters posing as senior executives using spoofed email addresses so slightly changed, you would never notice.


We got a little more than half of it back. We were surprised that we got anything back. Wells Fargo was more than helpful. They’ve always been accommodating, and if they didn’t have an answer, they were quick to get back to me.


I checked in with the fraud prevention experts with Wells Fargo Treasury Management. They shared with me a few ways to protect against Imposter Fraud.

  1. Make sure to use a different contact method to confirm any changes or requests. If the request comes by email, use the phone, and call the individual to verbally verify payment requests or changed account information.
  2. Always use the contact information you have on file to verify requests. Never use the phone number or account numbers contained in the email. They could be falsified.
  3. Use dual custody – that means both the person who initiates the payment and the person approving it must pay close attention to the payment details. Don’t assume the payment is fine because you recognize part of the information like the individual’s name, or their bank’s name.
  4. Monitor account activity – the quicker you spot a suspicious transaction, the sooner you can start your recovery efforts and take steps to help ensure you don’t become a victim again.


[Since the fraud] our own superintendent has asked to be overridden and we said, uh uh, we’re not doing that anymore.
Slow down and really look at things and if it doesn’t feel right, check it. Call that employee and say, are you really doing this? That’s just gut instinct, because if it looks like a duck and walks like a duck, it’s a duck.


Good advice. And now, the next time fraudsters come calling, I bet Jerry and the team will be the ones taking them to school.


Music resolve


Wells Fargo shares these true stories to give you insight into possible scams and the guidance to help protect your company from these serious threats of financial loss.


Join me for more True stories of Fraud. I’m Aaron Grayson.
Thanks for listening.
And stay vigilant.


Music OUT

Related content

Click edit button to change this code.