This year a group of people in Bangkok, Thailand will have a very fine Christmas. How do I know that? Because one of our clients was a victim of wire fraud and a small part of their portfolio was wired to a bank there. All’s well that ends well, so I will cut to the ending and tell you that Charles Schwab & Co. Inc. credited their account for the amount that was stolen. Though the client suffered significant anxiety along the way, they ultimately didn’t suffer a financial loss.
In hopes of helping others avoid the headache of dealing with this type of fraud, let me describe the scam.
It started with an email hack. After some research, the client discovered that their email had been hacked more than 2 years ago, and the fraudsters patiently waited to accumulate enough information to execute the fraud. From what we can tell, it seems the fraudsters determined the person was financially independent and gathered enough personal details that they could answer many security questions and stand a good chance of successfully executing a scam.
Next, the client received a phishing email on the day before Thanksgiving. With that timing, the fraudsters probably calculated that the U.S. financial system was running slower and would take more time to catch irregularities. The phishing email was a good one and looked very legitimate. Ironically, the gist of the phishing email was to encourage additional computer security in the form of a installing a firewall. Receiving a phishing email isn’t enough to put you in danger but clicking on any of the links is. The client clicked on the link and ultimately was connected with a “computer security consultant”. The “consultant” convinced the client to allow them to have remote access into their computer to look for problems and help them with additional security. In the computer security world this is known as a “remote access scam”. While the fraudster had remote access to the computer, they installed malware that allowed them to lock the client out. The client literally could not control their computer and watched helplessly as the fraudster posted a message that he was in complete control.
The fraudster used the accumulated personal information from their emails, logins and passwords that were stored on their computer to access their account online at Schwab. Once in the Schwab account, the fraudster initiated four fraudulent wire transfers to a bank in Bangkok. Schwab’s security system stopped three of the wires from leaving the account, but the fourth wire made it out.
The client was unaware that the fraudster had gained access to their financial accounts but was concerned that something like this might happen. They promptly called Schwab and their bank to notify them that their computer had been compromised. Schwab and their bank immediately locked down the accounts and added additional security protections. At that time Schwab discovered a fraudulent wire had been sent from the account.
Schwab assigned a case number and investigator from their fraud division and worked diligently to manage the situation. They attempted to electronically “call back” the fraudulent wire but were unsuccessful. Schwab has a policy that if money is fraudulently stolen from a client’s account, they will refund the money. It took a few days to sort out, but Schwab came through and refunded the entire amount that was lost due to fraud.
Once a fraudster knows that you are vulnerable, they don’t quit. The client received phone calls that appeared to come from different parts of the U.S. every hour or so for several days. The fraudsters wanted more information and access to their computer. Unfortunately, the only way to make the calls stop was to change their home phone and cell numbers.
The clients took additional proactive measures to stop future fraud associated with identity theft. They shut down their compromised email accounts and got new email addresses. They froze their credit with each of the credit monitoring bureaus. As an extra precaution, they also signed up with LifeLock, the identity protection monitoring service. If your credit is frozen, then LifeLock is not necessary, but the clients felt it was worth the additional peace of mind for a small monthly fee. We worked with Schwab to assign new account numbers and recommended the clients use two-factor authentications for their web access of the accounts and work with Schwab to put voice recognition passwords on each of the new accounts that would be required for any future withdrawals.
We hope this story gives you some insight into how criminals, worldwide, are targeting our financial resources. But know that Schwab and Foster & Motley are looking out for you! In the unlikely event of a loss due to fraud (this marks the first actual fraud loss in the Foster & Motley’s 20+ year history), Schwab has the security professionals and protocols to guide you the process of recovering losses and enhancing your account protections. If you would like to discuss adding additional security protections to your accounts, talk with your team at Foster & Motley. We will all work together to make sure that the fraudsters in Bangkok, or anywhere else, don’t have as nice of a Christmas next year!
*Permission granted by client to share details of their experience in hopes of helping others.