Security expert: Banks must stay alert as attack sophistication grows

Fraudsters are becoming increasingly sophisticated in how they commit financial crimes, said Mike Burke, a senior robbery and crisis management consultant at Shazam. 

Speaking May 9 before hundreds of community bankers during the Nebraska Bankers Association’s annual convention, Burke said most recent business fraud has come from email compromises. Scams from fraudsters using scare tactics to make people pay for unnecessary technical support services along with romance schemes have also been reported.

Mike Burke image
Shazam Senior Robbery and Crisis Management Consultant Mike Burke speaks May 9 during the Nebraska Bankers Association conference in Omaha. (Sam Wilmes/BankBeat)

Fraudsters sometimes seek an instant-issue debit card as they open accounts, Burke noted. They sometimes seek to secure five $1 money orders before altering the check, swapping in $1,000 for each check. The fraudulent checks are then deposited, with the criminals taking some of the ill-gotten gains when a portion of the check clears at midnight. 

Criminals sometimes steal a check from a legitimate business and create a similarly-named fraudulent entity to deposit the ill-gotten gains, Burke noted. The IRS is advising bankers to hold the money for up to two days when they suspect a check is fraudulent to ensure its validity.  

Banks are also being victimized by armed robberies during which ATMs are disabled with chewing gum or gummy bears. The criminals then wait for a technician to arrive to commit the robbery. ATM skimming devices are also widespread: Burke noted investigators in one case found 60 hotel key cards wrapped with a rubber band. 

Criminals looking to commit a denial-of-service attack install malware on a system looking for an email thread back to a financial institution. Burke said bankers must respond by calling a trusted number for the customer when they are asked to significantly change an account. 

Burke cautioned bankers to be aware of the red flags of a smishing email or “grandparent scam,” in which fraudsters portray themselves as a grandchild in jail who needs money immediately to be released. 

Bankers can prevent fraud by regularly educating customers on the signs of potential criminal activity through both social media activity and townhall meetings on financial fraud with relevant law enforcement experts, Burke said. He also advised using contactless payments if possible to ensure safer transactions. 

Customers must slow down when contacted by someone claiming urgent action is needed to prevent an adverse circumstance, or when there is an unnerving message intended to scare them into taking action. 

Burke identified three significant red flags for fraud:

  • Someone with an out-of-state driver’s license depositing only the minimal amount when opening an account. Burke noted fraudsters frequently claim they are opening an account far from their listed address because they have been transferred with UPS or FedEx. 
  • A customer parking in the parking lot of an adjacent building and walking over when there are already open parking spots in front of the bank. 
  • If a banker informs someone looking to open an account that they need to see another form of ID, they will say they need to step out of the branch to make a phone call and never return, leaving their existing ID in the branch.