Skip to main content
close search
site logo
Wayne Spivak's headshot
Wayne Spivak President & CFO

New bank scam/malware exploit

Asked on April 5, 2015

This is a new twist on a tried and true method of scamming businesses and individuals. And its being very successful. http://go.cfo.com/tgK52202Lz0u800AHa0009z I just had my Controller sit down with all that have access to the company's accounts (whether read-only or not) to discuss this article. Lesson-learned here is a) never give out your password to anyone, period and b) never give the token info (seed value) and lastly c) never ever give them together! Given the increase of banking fraud, I have moved the client to a piece-meal bank reconciliation schedule (depending on activity, daily but no less than weekly). This has two effects, 1) we can catch fraud quickly and stop its activity and 2) the month-end reconciliation is basically done, more accurately and saves time. Based on your technology, accuracy and time savings will vary (this accounting system doesn't interact with the bank, so we have to do it more on the old fashion way then the new fangled way).

Answers

Christie Jahn's headshot
Christie Jahn CFO • April 5, 2015

I just shared with my team as well after reading this yesterday. We also have our IT looking into further safeguards. Scary thought but I'm thankful for articles like this to give us a heads up and what to look for!

John P. Hart's headshot
John P. Hart Vice Pres - CFO • April 6, 2015

Thanks Wayne! I got an email to a personal account a couple of days ago that had the faxxxx.zip file attachment. For sure, I didn't open it.

Can't imagine anyone would give username, password and token info via a phone call, but it is all a numbers game.

Wayne Spivak's headshot
Wayne Spivak President & CFO • April 6, 2015

People are still getting caught by the "I was on vacation and lost all my money and am trapped. Please wire me money" scam...

Wasn't it PT Barnum who said a "sucker is born everyday!"?

Christie Jahn's headshot
Christie Jahn CFO • April 8, 2015

From what I read, they have the exact script down that the real bank would use when calling. I have two other associates with bank access. I would hope they wouldn't give out that information, however this has become a concern because people are. I think it's always good to revisit security practices often.

Sara Voight's headshot
Sara Voight Controller • April 8, 2015

Our banking relationship is such that I only receive calls from one of a handful of known people all associated with my account. I only receive a call from an unknown if I am trying to initiate a wire (which we have chosen not to have set up on our online banking system, as it is such a rare occurence).

That said, I recall being at Kmart and one of my staffers came to me crying after she gave out her log on information down to the key questions and they took her through to locate her IP address. She didn't realize it was a scam until she was complaining about the inconvenience to a group of friends at the office. I would like to think I would never do such a thing, but I can think of times I have made silly mistakes that I am very embarrased about.

Want to join the conversation? Submit an answer or ask a question by emailing us at [email protected]

Submit an answer
Filed Under: Risk Management
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell