On Dec. 7, the First County Bank branch on the Post Road in Darien provided community members with the latest information on how to protect their businesses from fraud.
A group of small business owners gathered to hear from Mark Rosenbloom, a vice president and the manager of cash management services for First County Bank, who began the presentation by displaying a picture of Mad Magazine mascot Alfred E. Neuman with his catchphrase “What, Me Worry?”
“Yeah, you should be worried a little bit,” he told the audience, “And definitely diligent. There are fraudsters out there and they’re succeeding from time to time.”
Rosenbloom highlighted several methods that criminals have favored recently in trying to target small businesses owners. The first method was “invoice fraud” where hackers target vendors to either gain access to their email or enough information to send a convincing copy of an invoice complete with logos and digital watermarks. They will then contact customers to inform them they have changed their routing information. If successful, the client will attempt to pay even legitimate invoices by crediting the wrong account.
He recounted an instance where a client of First County Bank had been the victim of such a scheme, an employee in accounts payable simply updating the information for wire transfers.
“I will say in this case they were a little bit lucky because one of the owners of the company had previously worked for that bank and just coincidentally had some contacts who were able to get some, but not all, of their money back,” he recalled. “They were also helped out because they had some cybersecurity business insurance. I would recommend that for everybody.”
Rosenbloom also highlighted payment scams, which he also said customers of the bank had seen recently.
“Some fraudsters went to a contractor, and they said, ‘Well we’d like to get a quote for services.’ And they get the quote and then make a down payment, they give enough time to deposit the check and they come back and say, ‘We’d like to cancel that order, could you write us a check to get back our down payment?’ Now the fraudster has a real check from the contractor, but the fraudulent check hasn’t cleared yet, so they go right down to the bank and cash it out and it took so little time for it all to filter through that you don’t even know there was fraud,” Rosenbloom said.
Rosenbloom explained that due to vulnerabilities related to checks and wire transfers, he encouraged the use of Automated Clearing House (ACH) transfers where possible. ACH networks are used for things like automated transfers, direct deposits, and online bill paying systems, and offer additional security and make it more feasible to claw back funds misdirected by fraudsters.
He emphasized that wire transfers require extra caution.
“Checks you can put stop payments on or returns, but a wire you should be extra careful of, there’s no system internally in the bank to prevent wire fraud because we’re taking instructions from you,” he said. “Yes, we have security procedures in place, but once a business owner has instructed that a wire go out, there’s nothing we can do about it. So, the prevention of fraud for a wire transfer comes from you folks making sure you have best practices at your company.”
An audience member shared her own case of falling victim to wire fraud, and noted that the first thing to do upon realizing it has occurred is to contact the bank, followed by local police and then filing a complaint with the FBI at ic3.gov.
Rosenbloom continued to extoll ACH transfers as he moved on to a resurgence of check washing, where criminals either steal and edit checks or produce convincing copies before cashing them with a bank. He noted that mobile and remote deposits of checks, which rely on a photo of the check and bypass the ability to easily check watermarks or feeling the quality of the paper as with a teller, are vulnerable to check washing methods that had previously fallen out of favor.
“Personally, I wouldn’t put a check in a public mailbox at this point,” Rosenbloom said. “There’s just too much coming out of it. Probably a better choice would be to walk it into the post office, but that’s not perfect either, something could happen on the other side after it’s delivered to the recipient.”
Allowing that ACH can also fall victim to fraud, Rosenbloom noted that because money can often be returned if the fraud is detected within 24 hours there is a simple way to make it highly secure.
“You have to monitor your account every day,” he said, adding that frequent reviews of accounts can also prevent small fraudulent charges from building up, as in the case of one customer who owned a building and allowed most processes to run automatically only to discover small recurring charges to companies that rendered no services add up to thousands of dollars when she checked for the first time in several years.
Rosenbloom was followed by U.S. Computer Connection LLC President Garry Feldman, who drew on his cybersecurity experience to stress the need for a comprehensive security strategy, particularly with keeping work and personal devices separate. In a world where televisions are not only connected to the internet but can require passwords that you may have reused across multiple sites without thinking, security missteps have become easy to make.
But alongside updating devices whenever possible to avoid known vulnerabilities, he singled out one technology as one of the most effective and worthwhile steps that a business owner can take.
“Two factor authentication,” he said. “It’s free, it’s a nuisance, but it’s going to protect you. I can’t stress that enough.”
Also speaking was Sgt. Dan Skoumbros of the Darien Police Department, who serves as the supervisor of the detective division. He answered some questions about why the police have limited capacity to handle fraud cases.
“We have a new detective that for eight hours a day just types away at the search warrants you have to do for these cases,” he said. “A search warrant to get an IP, a search warrant to get a bank account, a search warrant to get ATM video footage. It’s a lot of work.”
Skoumbros noted the sheer number of fraud cases combined with amounts that may be too low to trigger FBI interest provide additional barriers to solving crimes that can be carried out across multiple states or even foreign countries.
The sergeant also noted that check theft had occurred in Darien, including a mailbox on Corbin Road which thieves had secretly altered to allow access from underneath, allowing them to steal checks. He warned that this was an increasingly popular activity for criminals and gangs to engage in, recalling a conversation with a veteran officer of the Fairfield Police department.
“As he put it,” Skoumbros said, “’I’ve been a police officer for 28 years, I’ve worked robberies, I’ve worked larceny, and I don’t understand why anybody robs banks or robs anybody with a gun anymore. Because all you need is a mouse and a laptop. You’ll never get caught because they might not even find out that a crime has been committed.’”