Chapter 11. Double Play

DELENA D. SPANN

Mollie Garrett was a talent in the corporate banking sector of one of the largest financial institutions in the nation. She'd moved up the ranks in Buck's Bank much faster than many of her peers. She was the consummate professional — dependable and well educated in her field — and she was considered the creme de la creme of the industry.

I met Mollie during the fall at a quarterly meeting attended by law enforcement and financial industry employees. As soon as we were introduced, I knew Mollie wasn't average — she was a graduate of one of the most prestigious universities in the state of Illinois and every detail of her demeanor expressed that she was accomplished and talented. A group of us sat at a table prior to the meeting and shared our work experience and our alma maters. I distinctly remembered Mollie, who said that she had received a bachelor's of science degree in accounting and minored in finance.

The group at the table engaged in friendly conversation. We were a diverse mix but we had one thing in common — we had come to share our expertise and experience in the area of fraud. We discussed the common features of some of our most recent investigations, new trends that had been discovered and the growing pains we faced in attempting to stay at least two steps ahead of the fraudsters. It was an insightful meeting.

As our discussion came to a close, Mollie approached me privately and said she wanted to help me with investing opportunities at her bank. She gave me detailed information about new options she had available, and I was impressed with her knowledge. We agreed that we would touch base in a few weeks or so to discuss it further.

Buck's Bank, Mollie's employer, had more than 50,000 people working in its domestic and global offices. It was so well run and successful that many other financial institutions used it as a model. In the first quarter of the year, the company grossed $1.3 billion in revenue. It had the reputation of a solid and stable financial institution, and I had no reason to suspect otherwise. When I met Mollie, I remembered an article I read a few months earlier in the Financial Times that said Buck's Bank had been one of the only financial institutions to have mastered the derivative and hedge-fund market. Buck's Bank was where I maintained my checking account.

Free Lunch for Fraudsters?

The following February, I was deployed on a two-week assignment to provide analytical assistance to an ongoing, high-profile white-collar crime investigation that encompassed a variety of fraud schemes committed by the suspects Roger Cranson and his brother, Thomas Cranson. The Cransons were involved in telemarketing fraud, mortgage and title transaction fraud and pump-and-dump schemes. The investigation, dubbed "Operation Money Bag," uncovered one of the largest fraud schemes cultivated in the South to date.

I was excited about being assigned to such a high-profile investigation. I estimated during my initial analysis that the fraud loss well exceeded $5 million and the attempted fraud totaled more $20 million, with more than 80,000 unauthorized bank drafts. During the first few days of the assignment, I was given the task of providing very detailed and specific analyses on a plethora of financial statements that had arrived the week prior. The work was tedious and exhausting — sifting through financial statements, Suspicious Activity Reports (SARs) and the like is not the most exciting job assignment. I had to work diligently, be precise in my findings, put in overtime and provide significant recommendations that would foster other investigative leads.

My first day was spent in a briefing with other investigators and analysts assigned to the task force to ascertain the direction the case was going. After a few productive meeting hours we had worked up an appetite and decided to go to lunch together. On our way to a restaurant, I stopped by an ATM to get some cash. When I punched in my PIN number and requested a withdrawal of $200, I received a message that I needed to contact a bank representative because the transaction couldn't be completed. I was startled — I knew I had enough money in my checking account to cover the request. My facial expression clearly told my companions that something was wrong.

The Investigator Became the Victim

I returned to the car my colleagues had rented and told them what happened. As we were driving to the restaurant I called the bank and asked about the message. I was told by the customer service representative that there were no available funds in my checking account. I was confused, embarrassed, angry and utterly dismayed. I simply could not imagine what had happened. Was I not the expert in fraud detection and analysis? How could this possibly happen to me? The bank representative said it would be best if I came into the branch to discuss the matter in person.

After lunch, one of my colleagues was kind enough to give me a ride to the nearest Buck's Bank branch. When I met with a customer service representative, I was asked the standard questions: "How may I help you?" and "Do you have an account with us?" I explained that I needed to speak with someone regarding a message I had received while attempting to get cash from an ATM.

She politely asked when and where I last used my debit card, if I paid any bills online and if I made any other transactions or transfers online. I said I had used the card at my local grocery store last weekend. I also used online banking to pay my mortgage and other miscellaneous bills, and I told the representative that I had used my card at a Buck's Bank ATM before departing on my business trip two days ago. The representative asked if I had used it at the main branch, and I told her yes, it was where I had initially opened my account several years ago. It was also the branch where Mollie Garrett worked.

The customer service representative said it was likely that my debit card had been compromised, and that it appeared as though there had been a key logger attached to my computer and/or IP address that retrieved my Internet banking information and pass code. I asked her how that could have happened, because my PIN number was supposed to be encrypted. I also thought that when I used online banking, the automated clearing house (ACH) terminal encrypted the pass code. The representative did not know how to answer these questions, but she assured me that an investigation would be opened.

I knew that I had to devise my own plan, so I contacted Mollie; I was certain she would make every effort to assist me in this matter. I also felt that Mollie and I had established a rapport when we first met. And we were supposed to meet in the upcoming weeks to discuss other investment opportunities — this would be the perfect time to kill two birds with one stone. I decided to do the following before meeting with Mollie:

  • File a formal complaint with the Federal Trade Commission (FTC) based on the Internet Intrusion Laws. The FTC is the chief consumer-protection agency to protect against Internet fraud.

  • File complaints with the three major credit bureaus (Equifax, Exper-ian and TransUnion) and place fraud alerts on my reports.

  • File a complaint with Buck's Bank to close the hijacked account and establish a new account immediately.

  • Review consumer rights acts regarding Internet fraud to ascertain any other avenues that I needed to pursue.

  • File an Internet fraud complaint with Consumer Sentinel — a consumer online database of Internet, phishing and spam victims.

  • File a complaint with the Internet Crime Complaint Center, which is cosponsored by the FBI in conjunction with the National White Collar Crime Center.

The Tables Were Turned

After completing these tasks I phoned Mollie and explained what happened. I gave her specifics about the transactions, such as where they were made and what amounts had been paid. Mollie listened closely as I gave her the details. After I finished, she told me that she would help in any way possible to rectify the situation and to put my mind at ease.

But then Mollie said something strange. She told me that this was a way of life for the intruder. It happened all the time; I should not worry about it — it was only money. "Money comes and goes," said Mollie. I paused while I tried to understand how a person who was supposed to be a savvy banker could make such a statement to a customer whose account had just been compromised, let alone someone who was also a fraud investigator. Adding to the puzzle was that Mollie didn't seem interested in helping me. Our conversation came to a close; she did not give me any specific encouragement or tell me how she planned to address the problem. My confidence in Buck's Bank and Mollie was waning quickly.

As the days passed and I didn't hear from Mollie, I wondered why she seemed agitated and unsympathetic during our last conversation. On the third day of my assignment, a call came in on my cell phone from a number I didn't recognize. Normally, I did not answer unknown calls, but I thought it might be the bank. Indeed, it was Ted Ramon, an investigator at Buck's Bank. However, my guard was up, so wanted to I ask him a few questions before giving him any of my personal information. I asked for his direct office number, e-mail address and supervisor's name.

The bank investigator asked sarcastically, "Am I being investigated?" I replied, "You just never know who you're speaking to through a bunch of wires." And after what had transpired just three days ago, my new philosophy was to scrutinize everything, if need be. Ted assured me that every effort would be made to determine how my account was compromised, who did the compromising and how the culprit used my banking information.

Ted asked me very specific questions about my account, my debit card transactions, the account balance, online transactions and so forth, and I provided him with the requested information. As the interview progressed, I began to feel as if I were the criminal being interrogated. I was on the other side of the fence and realized at that moment how victims feel. I vowed to be more sympathetic when interviewing individuals who report frauds. As Ted continued with his questioning, I also realized that the interview technique he was using was one that I used with suspects. Wow! I had not imagined being victimized, let alone being considered a suspect by my interviewer.

Before our phone called ended, Ted asked me if there was anything else that I would like to add. I remembered the last conversation with Mollie and how strange I thought it was, and decided it was worth mentioning. Ted was quiet for a minute before he told me that when he received my case, it was marked as a non-priority investigation and that Mollie's was the final signature on the complaint. However, luckily for me, Ted decided — based on his own experience as a bank investigator and a fellow Certified Fraud Examiner — that every fraud case was important. He also told me that he would be assisted in the investigation by a cybercrimes specialist named Jake. I was beginning to feel better already.

After the conversation with Ted, I clearly remembered that I had last used my debit card at the bank branch where Mollie worked. As I recollected, when I was approaching the ATM in the lobby, Mollie had walked over and exchanged a greeting with me; she hovered near me as I used the ATM. After I made my withdrawal, I stepped aside for her to use the same ATM. It appeared as though she was checking for something, but what that was, I couldn't begin to imagine.

I now thought to myself, was there a skimming device on the machine? Is that how my information was compromised? Or did someone hack into my computer and log my every keystroke when I conducted Internet transactions? Were my passwords not encrypted, as Buck's claimed they were? Was my spyware not functioning at its capacity? I also had the nagging feeling that Mollie was not the consummate professional that she appeared to be. But what would her motive to commit fraud be?

Double Agent

As the investigation unfolded and new details began to surface, Ted provided me with some astounding information. Apparently when customers went to the main branch of Buck's Bank and used a particular ATM, the transactions were immediately duplicated on the bank's end — meaning that someone was retrieving stored and encrypted information from the customer via a skimming device attached to the ATM. Ted told me the device fit neatly over the card-swipe slot and the customer would be oblivious to it — and to the transaction duplication.

I also learned that I was the victim of another malicious act by the ATM skimmer. I had received a message on my home computer that the manufacturer of a software program installed on my PC had created an upgrade. However, unbeknownst to me, once I installed the "upgrade," hackers could track my keystrokes. When I made an Internet banking transaction, they had access to my account number and password. Jake, the cybercrime specialist on my case, was able to determine that the information from the ATM skimming device and from my hacked computer were going to the same place — the e-mail account of a Buck's Bank employee.

Ted reassured me that Jake was conducting more detailed analyses of this new information, and in the meantime shared some interesting facts he had uncovered about Mollie. Prior to being hired at Buck's Bank, she had been employed with Trust Dive Technology, a computer firm specializing in malware and spyware intrusions. Mollie was considered one of the top innovators at the company and was on the technology board at the Trust Dive Institution.

She was known as a go-getter of sorts at Trust Dive — a sought-after genius in her field. Ted confirmed that Mollie received a degree in banking and finance; however, she also earned a graduate degree in computer management systems. In addition, she had acquired several IT certifications — CISS and CQSA to name a couple. Mollie had not disclosed in her Buck's Bank employment application that she had worked for Trust Dive. Why hadn't she mentioned this? What else was she keeping secret?

After being employed with Trust Dive for four years, Mollie had resigned. Ted decided to dig deeper into her resignation and discovered that Mollie had been asked to leave the company because she infiltrated the computer systems of Trust Dive and sold their top clients' information to an industry competitor. It was revenge to get back at her boss when she didn't get a promotion that she felt that she deserved. Not only was she asked to resign, she lost her pension, had to pay restitution for the bonuses that she received, had to return the company car and relinquished her company stocks.

When the additional findings were uncovered, Ted scheduled a conference call including himself, me and Jake. Jake indicated that there had in fact been an Internet intrusion on my Buck's Bank account by an expert hacker who knew how to block his or her IP address. Lucky for us, Jake was experienced enough to know how to work around such defensive measures. The same hacker also changed the configuration of the bank's computer that was used to decipher my personal information. Yes, indeed, Jake confirmed that Mollie was the culprit behind these fraudulent actions. She had befriended me, used a skimming device to gather my ATM card information and hacked into my computer and Internet banking system to steal my money.

Sweet Relief

Ted Ramon wrote an internal report to the president and chief operating officer of Buck's Bank, alerting them to his findings. Mollie was notified that the bank had discovered her previous employment issues and her fraudulent actions. As a result of previous complaints regarding possible online fraud and identity theft, the bank had been conducting an Internet sting on Mollie's office computer for the past year. However, I did receive some relief. The bank deposited the money Mollie stole from my account into a new, interest-bearing money market account, and the president offered me a lower interest rate on my credit card. I was also given a free safe-deposit box, and the last few bills I paid online during the inception of the fraud were restored to my new account. Mollie was fired from Buck's Bank but, regrettably, no charges were filed against her.

When Internet fraud occurs via online banking and an individual's home computer, the trust and confidence the customer had in her financial institution is undermined. Depending on the scale of the attack, it can ruin the business relationship permanently. When this type of fraud occurs, there is usually a direct loss to the financial institution.

Note

Lessons Learned

This was an overwhelming learning experience. When I met Mollie, I judged her by her appearance and later learned firsthand how true the old adage, "never judge a book by its cover" is. This distressing experience gave me different insights into how frauds are committed by the very elite, sharply dressed and well educated. Like so many others, I was almost conned by someone who exuded confidence. If it can happen to a fraud investigator, it can happen to anyone. I shudder when I look back and remember that this con artist wanted to "help" me with my investments. This whole episode could have been so much worse.

I also learned to be cautious of my surroundings when using public ATM machines. I now take the necessary precautions when using online banking and consistently — at least twice a week — check the balance of my accounts. The FTC and other organizations advocate consumer education about the risks of online fraud and the legal measures that can be pursued if the perpetrators of the crime can be identified. I now use them as resources not only in my professional research but also in my personal dealings.

Most important, I learned what it is like to be the victim and, trust me, it isn't fun. I experienced the pain and confusion that comes from being taken advantage of by a fraudster and understand better the victim's point of view.

Fraudsters are constantly becoming more creative, but according to the Anti-Phishing Working Group, this fraud trend isn't new; it began about four years ago when scammers began to realize that some banks were taking cautious measures to reduce cyber attacks. The stricter our anti-fraud controls become, the more deviant the fraudsters' methods for subverting them will become. This is nothing new; criminals have historically tried to be a step or two ahead of efforts to catch them.

About the Author

Delena D. Spann, MS, CFE, CCA, is regent emeritus and vice chair of the 2009–2010 Association of Certified Fraud Examiners' Board of Regents. Ms. Spann's fraud analysis expertise includes white-collar crime. She is employed with the U.S. Secret Service, Chicago Field Office, assigned to the Electronic and Financial Crimes Task Force.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.141.12.202