DANCING NEBULA

DANCING NEBULA
When the gods dance...

Thursday, December 20, 2012

A Lake Arrowhead man loses $8,600 when hackers use his email account to tell his accountant to transfer funds to a Texas bank.



  •  Google has seen "nothing unusual" lately in terms of security breaches involving Gmail, a company spokeswoman says. They recommend using strong passwords and two-step verification. (Karen Bleier, AFP / Getty Images / January 11, 2011) 

  • By David Lazarus
    December 20, 2012, 7:33 p.m.

    Think your email, and your money, are safe? Think again.

    Earlier this year, the FBI warned that "cyber-criminals are compromising the email accounts of U.S. individuals and businesses" and using the accounts to arrange fraudulent cash transfers.
    Lake Arrowhead resident Bernie Williams never saw that warning. Nor did he think anything like this could happen to him.

    Now he's $8,629 poorer.

    "It's such a sophisticated scam," Williams, 70, said with grudging admiration. "If it wasn't a crime, I'd give the guy an Oscar."

    That's not a totally offhand remark. Williams has served as producer, executive producer or associate producer on more than two dozen movies, including "Ragtime," "Daredevil," "Star Trek: Generations" and a little something called "A Clockwork Orange."

    Maybe it's fair to say that if Alex and his droogs were around today, they'd be hackers.
    Williams told me he received a call from his accountant earlier this month with some questions about a wire transfer to a Texas bank that Williams had instructed him by email to make.

    "I said I never asked for a wire transfer," he recalled. "My accountant said that I had asked for the transfer and even confirmed it in a separate email."

    Turned out that not only had someone gained access to Williams' Gmail account, the hacker also had perused enough of Williams' correspondence to figure out who his accountant was and how to tailor an email that would seem as if Williams had written it, including references to past conversations.
    The hacker apparently kept such a close enough watch on Williams' account that he or she was able to intercept replies from the accountant and delete them before Williams could see them.
    "Obviously, this person was reading all my emails," Williams said. "They were in my life."
    Andrea Freund, a Google spokeswoman, said the company had seen "nothing unusual" lately in terms of security breaches involving Gmail.

    The hacker had requested a wire transfer of $8,629 from Williams' account at City National Bank in Encino to an account at First Convenience Bank in Sulphur Springs, Texas.

    Yet when Williams contacted first his own bank and then the Texas bank, he was told there was nothing anyone could do. The wire transfer was legitimate in their eyes — it was the accountant, after all, who'd been duped. So that was that.

    Williams reported the theft to the FBI and the San Bernardino County Sheriff's Department. But he came away with the impression that he shouldn't hold his breath waiting for the money to be recovered.
    "As far as everyone is concerned," he said, "I've lost it. It's gone."

    Cary Walker, a City National spokesman, confirmed that likelihood.

    "Unfortunately, in this case, we received the information too late and weren't able to stop the funds from leaving the account in time," he said.

    No one at First Convenience Bank could be reached for comment.

    The Financial Industry Regulatory Authority, an independent overseer of U.S. securities firms, said earlier this year that it had received an increasing number of reports of customer funds stolen "as a result of instructions emailed to firms from customer email accounts that have been compromised."

    FINRA said the incidents highlight "some of the risks associated with accepting instructions to transmit or withdraw funds via email."

    Both the securities group and the FBI called on companies and financial professionals to do a better job of authenticating transactions.

    Williams' accountant, you could argue, should have known better. But he was receiving emails from his client's email address that appeared to be genuine, including information and turns of phrase unique to Williams.

    "The reality is that we've all become comfortable with technology, and technology makes it easier for scammers to carry out their crimes," said Gerri Walsh, FINRA's vice president of investor education.
    The take-away for me from Williams' tale of woe is that consumers should get in touch with their financial institutions and agents and insist that all requests for transactions be confirmed by phone — at a number on record with the banks. Never allow money to be moved on the strength of an email alone.
    Google, like most Internet companies, also recommends paying close attention to your password — make it strong, change it often — and enable so-called two-step verification that requires a code also to be entered for anyone to access your email account.

    Also be very careful with mobile devices. Many people leave themselves logged in to email accounts on their smartphones or tablets. That can be a recipe for trouble if you lose or misplace your gadget.
    In Williams' case, he's now $8,629 wiser as a result of his experience. But that's a pretty darn expensive lesson.

    Pay phone charges

    Anyone who has had to use an airport pay phone knows you can be smacked with sky-high charges.
    In response to a column I wrote about calls that can run $20 for just 20 seconds of chit-chat, state Sen. Ted Lieu (D-Torrance) said he'll introduce a bill Friday that would require signs on all California pay phones warning users of potential costs.

    "Pay phone companies are ripping off consumers by taking advantage of misleading signage on their phones," Lieu told me. "Taking advantage of people who are stranded because of plane delays and bad weather, or troops in areas with no cellphone service, is not right."

    Lawmakers shouldn't hesitate to approve his common-sense solution to a ridiculous problem.

    David Lazarus' column runs Tuesdays and Fridays. He also can be seen daily on KTLA-TV Channel 5 and followed on Twitter @Davidlaz. Send tips or feedback to david.lazarus@latimes.com.
    Copyright © 2012, Los Angeles Times

    No comments:

    Post a Comment