Guess what’s on my Christmas wish-list? Already have my Peloton Bike and my outdoor turkey fryer. No, this year, I want a non-washable pen. That’s right – a non-washable pen. And why would one want a non-washable pen? So one can write a check without it being intercepted by a fraudster and manipulated to their desires.
As if 2020 wasn’t challenging enough, the increase in fraud is entering out-of-control status as local, state, and federal governments obviously don’t have enough resources to take on this huge threat. Just last week, we have learned that US-based FireEye, one of the world’s largest cybersecurity firms, was according to WSJ “hacked in what it said was a highly sophisticated foreign-government attack that compromised its software tools used to test the defenses of its thousands of customers.” For the good guys, it’s never too fun to hear that your front line defense to cybercrime falls victim to it, but hey, that’s 2020! Related to this, we learned a few days later that US agencies were “hacked in a foreign cyber espionage campaign linked to Russia. Hundreds of thousands of government and corporate networks were exposed to potential risk.” Noteworthy, “one person familiar with the matter said the campaign was a 10 on a scale of one to 10, in terms of its likely severity and national-security implications.”
For many, it’s easy to get numb to all the crazy news over the last several months. What was mind-blowing to many in 2019, now barely lifts an eyebrow. And that’s really too bad. Because it is prudent to remain cautious and keep our eyes and ears open to the potential danger around us.
Part of the reason I’m writing this blog now is that, even with all the precautions taken, our company has been a victim, members on our team including myself have been a victim to some type of fraud in just the last several weeks; and we wanted to make everyone aware of these issues. It may save someone from the misfortune we and so many have gone/are going through.
In researching for this blog, I found out that it’s pretty easy for thieves to open up accounts in your name with fake driver licenses. That and a social security number is pretty much all they need to open an account at a bank or credit union. The internet is home to many “dark” sites, where one can buy fake driver licenses for about $100 and also someone’s social security number for just a dollar! From there, they take that fake license, with their face but your name and SSN on it, to a bank/credit union and open an account.
Now it’s time to bring some money into that account. Many ways to do that, but I’ll start with the two my team has been dealing with.
Unemployment identity theft: Covid hit and unemployment went up. Many states have been inundated with a massive amount of unemployment applications, all while depending upon decades-old computer systems. Fortunately, the Federal Government responded with the CARES Act which provided much needed stimulus and relief for the unemployed. Unfortunately, it created an opportunity for scammers. See, the relief package also extended unemployment benefits to self-employed and gig workers. This was the loop hole the scammers relished. Self-employed and independent contractors don’t have an employer to protest the claim, so that’s one less security check-point to push the claim through. Scammers pose as you, claiming you are now unemployed, and waiting to take in the benefits. If you’re like me and another teammate within DWM, we - I guess you could say - were fortunate since we received a letter as an employee of the firm and our company received a letter as employer of the claimant. By taking quick, swift action, we were able to protest the fraudulent claims and stop the process. Unfortunately, many unemployment insurance victims, particularly self-employed/independent contractors do not know they have been affected until they file for unemployment insurance benefits and/or until they get an IRS Form 1099-G next tax season! It’s hard to tell how many people have been affected by this – a couple months ago the FTC said “tens of thousands of people” and an estimated $26B in unemployment insurance payments out to fraudsters – but my guess is that figure has exploded as I personally know many people that have been hit by this scam in the last few weeks. Yuck! If you are a victim of this type of fraud, you’ll want to report it to your employer and state unemployment agency immediately. You can find a link to your state agency here as well as additional steps you’ll want to take to protect yourself.
Check fraud via “check washing”: On November 12th, I wrote two checks and put into the mail bin located at our downtown Palatine branch. One was a check made out to “Schwab & Co” for the semi-monthly 401k contributions to our company plan. Another check was a personal check I wrote to a friend that doesn’t have Zelle or Venmo or other electronic means of money transfer. Those checks never made it to their intended recipients. Instead, I have become aware of a fraudster scheme in this Cook County area (but could also be happening in other areas) where the fraudsters have a copy of the universal key to the local mail bins! Once they obtained access to this key, they have violated mail bins all over this side of Cook County looking for checks (and perhaps other sensitive info). Once they obtain a check, they put it through the check-washing process. Apparently, with a recipe one can find online and with chemicals you can get from the local hardware store, the fraudsters make a bath for the checks. The original check comes out of the bath with your written ink removed. From there, they put in the information they want and sign the check. My local source told me that the average amount written in by the bad guys is about $9000. Fortunately, we are always on the look-out and reconcile our accounts frequently; when the checks appeared for different amounts and different payees than what was written for, we were able to take quick action. We froze the accounts. Opened up replacement accounts. Put in the claim for the fraud and filed a police report with the local police department. Note that FDIC will cover this, but it can take several months in some cases to be made whole! The time involved is enormous – just think of how many vendors you have linked to your account. Each vendor needs updating for the new info and it needs to be done quickly…ugh.
The lessons of the story here are the following:
- Fraud is rampant. Covid has only provided more opportunities to fraudsters. Don’t let your guard down to fraud, online or offline.
- Unfortunately, you almost have to assume any incoming notification is guilty until proven innocent. That goes for emails, letters, unidentifiable phone calls, etc.
- If you’re going to mail something important, don’t use your local mail bin which could be compromised; instead drop it off at the local US Postal service branch or send using a trackable method.
- We’re in a day and age where electronic transfer of money is more secure than the old way of checks; use moneylinks or electronic fund transfers where possible. And minimize the check writing. If you must continue to write checks, then let Santa know that you want a non-washable pen just like me!
Stay safe out there. 2020 may be coming to an end, but organized fraud will not be. One of the best ways to circumvent the bad guys’ behavior is for us good guys to be educated upon the latest schemes and constantly having our guards up.