Project Description

Hear how the fraud was detected and ways you can protect your company.

Aaron:

From Wells Fargo Treasury Management, this is True Stories of Fraud – real customer experiences to help you understand and deal with the gravity of fraud attacks on American business today. I’m Aaron Grayson, your host for this investigative fraud series. Welcome to episode 2.

Before we start, I was thinking about how we’re all victims of routine. Everyone of us.

From waking up to how we get to work. How we do some tasks at work. Things become routine. Fraudsters know this. And they will use it against you.

Which brings me to this story about a hardworking company in the Midwest that fell victim to account takeover fraud. The name of the company I have to protect, but the events are all true.

Kathy is an account payable supervisor at the company. We talked to her about how the attack happened.

Hey, Kathy.

Kathy:

Hi, Aaron.

I was going to do a standard wire transfer — like I always do —  a note popped up on my screen. It said the system didn’t recognize my login.

Aaron:

Well, we’ve all been there, right?

Kathy:

Right. So, I tried about 4 more times. I was frustrated, but then someone from Wells Fargo phoned me. He said he could see I was having trouble logging into our account.

Aaron:

Well, that’s pretty helpful.

Kathy:

Right, and once I was in the system, he asked me to get my boss to log in his information, too.

Aaron:

Is that normal, Kathy?

Kathy:

Well when you have your bank on the phone, you trust they’re helping you.

Aaron:

Yeah.

Kathy:

So, my boss entered all his information and same result. It wasn’t working. The support person on the phone said not to worry, he’d fix it. We were on the phone for 20 minutes.

Aaron:

Okay?

Kathy: Finally, we got into the CEO portal and saw a bunch of ‘new book transfers’ to vendors we didn’t even know.

Aaron:

Right then, Kathy’s boss confronted the person. It became clear this was not a Wells Fargo rep.  It was a fraudster. He quickly hung up. Gone. Was the money gone, too? Kathy called her contact person at Wells Fargo to share what just happened. The falsified wire transfers totaled $187,000. A lot of money, headed right to the fraudsters’ phony accounts.

Kathy: 

Your heart starts racing — thinking what have I done?  I just remember, I was so scared.

Aaron:

The Wells Fargo rep immediately disabled access for the user with the infected device — Kathy’s computer. Her company was lucky. No money was lost. They had protocols in place with Wells Fargo to stop the fraudulent wire payments.

Aaron:

So what happened here? How did the fraudsters get into her computer? How did they get full access to the company’s wire transfer account? John Kohler, fraud protection manager with Wells Fargo Treasury Management helps us break down the account takeover scheme.

John:

Well Aaron, I suspect some time earlier, Kathy clicked on an email attachment or a link to an infected website.

Aaron:

Here’s what else John told me.

John:

In this scheme, fraudsters will trigger a fake pop-up window — that looks real — when you’re logging in to the CEO portal. That’s how they capture your username and password.

Aaron:

But why did they phone Kathy?

John:

Well Aaron, for a couple reasons. First, to get the customer to enter their credentials so they can initiate the malware installation on their PC. Then, by having you on the phone, they urge you to go get a colleague to come to that same PC and enter their credentials. That gets them through the dual custody process.

Aaron:

John, what does dual custody do?

John:

Well, it’s the best practice to mitigate fraud, and the hardest thing for the fraudsters to work around.

Aaron:

Okay.

John:

It’s a safeguard process where one user initiates a payment or a change, and the second user must approve that payment or change — and always on a different device.

Aaron:  

So they needed her boss. And she routinely went to get him. It’s unbelievable. John, what else can be done to help protect a company from account takeover?

John:

Well Aaron, people need to be wary of unusual onscreen messages or unsuspected token prompts. And never click on links in emails from unknown senders. That’s how malware gets delivered.

Aaron:

Okay.

John:

And calls from your bank should be questioned when they are unsolicited. Especially when the caller requests your banking credentials or offers to help you with your log-in issues that you didn’t report.

Aaron:

Yeah, you’re right, my bank really doesn’t call me out of the blue like that.

John:

Right. Finally, people should monitor their accounts daily to check for suspicious activities. And if you ever detect any suspicious activity on your own, contact your banker or relationship manager immediately.

Aaron:

So, I guess in a word, beware.

John:

I’d say three words, Aaron — beware, prepare, and verify.

Aaron:

John, a man of few words you’re not.

John:

Heh, heh.

Aaron:

Hey, I saw a statistic from the 2019 AFP® Payments Fraud & Control Survey Report. It said 82% of U.S. companies experienced a payments fraud attack in 2018. And that number, it just blew my mind.

John:

And the number is rising.

Aaron:

Wells Fargo shares these true stories to give you insight into possible scams and the guidance to help protect your company from these serious threats of financial loss.

Join me for more True Stories of Fraud.  I’m Aaron Grayson. Thanks for listening. And stay vigilant.

Announcer:

Copyright 2019, Wells Fargo Bank, N.A. All rights reserved. Member FDIC.

True stories of fraud caution tape