SAN ANTONIO – Cyberhackers are finding bigger payouts by attacking banking systems, lending companies and municipalities.
U.S. Secret Service agents in the San Antonio said business email compromised crimes are on the rise, in which companies are breached through the email system or through malware.
Steve Gemperle, senior special agent for the U.S. Secret Service, said the agency is seeing a lot of attacks over email in which people receive emails in a normal transaction of business in an invoice they’re expecting from a real company, bank or person.
“The bad guy will take the email, change the wiring instructions and then continue the email to the person who was expecting to receive it,” Gemperle said.
The new wiring routing number will go to a fraudulent account. Many times, the transfers will take place on Thursdays or Fridays, so that crooks can have more than 72 hours to complete the illegal transfer before it is caught.
The city of Hollywood Park recently had a fraudulent wire transfer for about $485,000, but $301,000 was frozen before the transaction was complete. The city is still trying to recover the remaining amount.
The mayor said the fraud happened because there was a weakness in one computer that allowed the fraudsters to break in while they were in the city’s payroll account. He urged other cities to train their staff members better and have good insurance in case they face an incident like this.
The U.S. Secret Service in San Antonio said it recovered $14.4 million for victims last year in 124 cases. Worldwide, it quoted the FBI statistics as showing $26 billion in fraudulent wire transfers over the last three years. Last year, 19 arrests were made overseas in a big case.
The agency urges people and customers to be vigilant when they must wire funds, especially if they haven’t done it before.
“If you normally pay a bill by check or by credit card and all of a sudden you get wiring instructions, you should think twice,” Gemperle said. “Take that extra moment to call the person that you're supposed to send it to verify the account that you're supposed to send it to, and then make sure that they receive that money.”
The agency recommends creating strong passwords, and setting up two-factor authentication for bank accounts.