January, 2013

In this Issue:
   Dye Packs
   by Barry Thompson
When preparing your dye packs, use $50 or $100 bills instead of twenties. Because so many financial institutions have been using twenties, robbers are getting smarter and asking for fifties and hundreds.



Training Webinars

Personal Survival: 25 Rules to Live By
January 9 — 
by Dana Turner
Statistically, one-fourth of all Americans will become victims of a violent act during their lifetime, either at home, at work -- or anywhere in between. Events like these happen every day and they can be used as "training tools." Everyone should learn simple, effective violence prevention and response tactics that can significantly reduce the likelihood of becoming a victim -- or at least increase a victim's chances of survival. This presentation will share twenty-five rules on how to navigate tricky survival decisions when faced with personal or workplace violence.

Note: See a timely Facebook blog post for a special offer extended for this webinar!
Enterprise-wide Information Security Risk Assessments 101
January 11 — 
by Susan Orr
Risk assessments are a key focus of examinations today and are mandated by regulation. They are essential to an effective and appropriate risk management program and provide the basis for your security, audit, vendor management, and identity theft red flag programs, as well as for your business continuity plan. Many organizations are still a little unclear on what is meant by an enterprise-wide risk assessment. This presentation will provide an approach for developing an enterprise-wide information security risk assessment and a framework that can be adapted to the other numerous risk assessments now required or expected by regulators.


Welcome to the January issue of Security Spotlight
In this month's Security Spotlight, December was the most busiest time of the year for bank robbers, skimmers, hactivists, and tragic events. Don't miss a special message from Mary Beth Guard - along with a special training offer - posted on BOL's Facebook page. And when planning your robbery training for 2013, get Barry's tip on new recommendations for dye packs. Have a safe and prosperous New Year!
Short Term Freedom
Back in 55 minutes...In the 2000 action film Gone in 60 Seconds starring Nicholas Cage, a master car thief and his crew steal 50 cars in one night for a mob boss. In the end, Cage walks away scot-free. Christopher Franklin Weaver, a 33-year-old convict from Oregon, wasn't so lucky. Weaver was serving time at the Lane County Jail for parole violations and for unlawful use of a vehicle when 32 inmates, including Weaver, were released in order to balance the budget for the year. Weaver took advantage of his newfound freedom to walk about a mile from the jail and rob the Pacific Continental Bank in Eugene, OR. He was arrested at the scene of the crime and returned to jail just 55 minutes after his release. Facing federal bank robbery charges, the judge ruled Weaver a "flight risk." If his prior acts are any indication, we're thinking he probably wouldn't go very far.

Boisterous bandit - Bank Robbery 101 basics include getting as far away from the crime as possible and keeping a low profile to avoid apprehension. Jason Enwright must have missed that class. The 38-year-old Nashua, NH man walked into a Citizens Bank branch, passed the teller a note and demanded cash with no dye packs. With stolen loot in hand, he smiled, said "Thank you, have a great day," and fled the bank. But Enwright drove less than a mile from the bank and stopped at a local cafe. At the restaurant, he was boisterous, unruly and flashing large wads of cash, telling patrons and employees he hit a deer and needed a ride. A restaurant employee called police to have the unwelcome customer removed. Enwright was arrested and reportedly became violent, attempting to assault arresting officers and threatening to kill them. Enright has a 20-year criminal history and numerous convictions. He is charged with two counts of criminal threatening and single counts of robbery, simple assault, theft and resisting arrest.

Check our Bank Robbery page for photos and information on the latest robbery suspects. The holidays are a busy time for bank robberies with 65 unknown bank bandits featured in our suspects gallery for December! Most bandits wear sunglasses or hats to disguise their appearance. Enforcing a no hats, hoods and sunglasses policy could help reduce the number of bandits who target your bank. Start off the new year with signs for all of your branches from the Banker Store.

In what appears to be an increasing trend, financial institutions are being robbed to support addiction to methamphetamines. As the use of meth spreads throughout the country, the link to crime is becoming clear. In this public service web page "The Horrors of Methamphetamines," the extreme effects of the drug can be seen in the near total transformation of the user's appearance. As we enter into 2013 and prepare bank robbery training for staff, make sure they know to be on the lookout for the signs and symptoms of those addicted to this drug.


Skimmers, Hactivists...and a Recorded "Confession"!

Booster Bags - In an episode of the 1950s crime show Dragnet starring Jack Webb a thief used a booster box to steal items off the counter tops in stores. Even if you don't know who Jack Webb was or remember the then-popular TV show, we have a video that demonstrates how old techniques can make a comeback when a booster bag is used. Could a customer's deposit "disappear" in your lobby? Can an executive's laptop "disappear" at an airport? It can happen and this video will show you how.

Skimmers in the Bank Lobby - In Bakersfield, CA thieves put a card skimmer on an ATM in the outer lobby of a Chase branch. Using surveillance video footage, the bank used its security video to identify one of the thieves who installed the skimmer. Detectives watched the bank for the thief's return and when he did they followed him to a car where the other three were. The four suspects attempted to escape on foot, but three of the four were apprehended and arrested. Of the three arrested, two are sisters, Rhianna Lyn Lawrence, 35, and Dawn Marie Lawrence, 40 and there was a 16 year old juvenile. .

Proactive Against Hactivists - One day after Izz ad-Din al-Qassam Cyber Fighters, a "hacktivist" group announced they would launch a second wave of distributed-denial-of-service (DDoS) attacks on five U.S. banks there were problems reported. SunTrust reported intermittent outages and Bank of America and PNC reported some customers having problems accessing their websites. PNC was proactive and used its social media channels to warn customers that there may be intermittent problems but assured customers that log on credentials would be safe. While there are no confirmed reports that hacktivist activities lead to any of these disturbances, we applaud the banks' proactive measures. Providing warnings and reassurance to customers means having more informed customers who are better equipped to make more secure decisions and less likely to fall for scams.

ID Theft Can Be Childish - We have been warning adults for years to protect Social Security numbers, bank account information and other confidential personal information. But what about kids who don't have any credit yet? Identity theft targeting minors' personal information can go undetected for many years. The Identity Theft Assistance Center has released a new report "2012 Child Identity Fraud Report" that reveals one in forty households with minor children have had a child fall victim to ID theft. Children ages 6 to 11 are the most vulnerable, and 27 percent of respondents said they knew who stole the child's identity, which is often a family member or friend. Review the full report and when educating customers about protecting themselves online and from identity theft, don't forget to include their children.

Confession? or just plain stupidity - When a person does something wrong that they later regret, they may confess the wrong to a member of the clergy or a friend. Hannah Sabata, a 19-year-old woman from Nebraska, took a different approach. Known as Jellee Beanie on YouTube, Sabata recorded a seven minute video in which she brags that she stole a car and robbed a bank. In the video she is also seen displaying and smoking pot. The popular idiom "Stupid is as stupid does" comes to mind in this case. In the video, Sabata claims she is the victim and that is why she committed these crimes. York County Sheriff Dale Radcliff said they received numerous calls about the video and that Sabata was identified as a suspect by her ex-husband. She sent him a text message bragging that she "had a pile of money after robbing a bank and asking if he wanted to go get a new tattoo with her." She was seen showing off the stolen loot in her video. Sabata was arrested and the video will likely be marked as "exhibit A" at her trial.

Threads of Interest
If you are looking for peer-to-peer discussions with other security officers, the public security forum is available for general topics about security. One discussion, which has intensified since the tragic events in Newtown, CT, deals with Open Carry Laws and signage to keep guns out of your bank. Is this a problem in your area?

We also have a thread discussing the security of areas, such as restrooms, that are shared with common tenants in the building. This can present some physical security challenges. Could this be an issue in one of your branches?

We also have a "private" security forum hidden from view for discussion of more private, sensitive topics. The private security forum has discussions between security officers that includes a poll of users asking who in the bank "owns" email data, and who authorizes the review and investigation of bank email messages, and more.

To comment in the BOL threads you must be a registered user. You can register here. If using your bank email account, you will be given access to the private forums. The Private area is a group of forums under the heading "Private - Financial Institution Personnel Only." It will look like this:
If you are already registered for the threads, but don't yet have access to the private forums, using your bank email address send a request for access to andyz@bankersonline.com. Please verify that you do not yet have Private access. Once your registration request is approved, you can access the Private Security forum here.




December Desperados
December always seems to bring out the best and the worst of behaviors. Children want to be on Santa's "Good Kids" list and messages of goodwill and charity abound, but 'tis also the season of the "grinches" whose scams or schemes or violence become subjects of BOL CrimeDex alerts.

This December there was a large number of alerts seeking information on deposit accounts of various individuals or businesses allegedly involved in various types of nefarious activity. If you're a banker who has received similar requests, we want to remind you of the GLBA privacy rules in Consumer Financial Protection Bureau Regulation P, which you'll want to check out before responding.

Also in the month's alerts was one from a large east-coast bank whose Massachusetts customer's debit card had been compromised and more than two dozen fraudulent purchases showed up from a massage parlor in Dallas, Texas (that must have prompted an interesting conversation or two). Scarsdale, New York, police reported an apparent credit card skimming incident that involved a counterfeit card used to purchase $8,000 in CVS gift cards in Las Vegas while the legitimate cardholder was traveling, with her card, in England. A U.S. Secret Service investigator asked for help in identifying suspects in bank surveillance photos who have cashed more than $1 million in counterfeit checks at a number of eastern U.S. banks. Maine police sent an alert to New England and Mid-Atlantic CrimeDex subscribers describing a disturbingly thorough ATM robbery that occurred on a Sunday night at the Kittery, Maine, outlet malls. The ATM hinge pins and large sections of the enclosure were cut with a Sawzall reciprocating saw. According to the alert, the monitoring company lost contact with the machine just before 10 p.m. Sunday and lost communications with the machine's modem at about 1:30 Monday morning (and never reported either event to police!) The thieves also stole a DVR connected to the outside cameras, and apparently left no fingerprints at the scene. We can only imagine the thoughts running through the head of the first mall employee to show up Monday morning.

But our favorite alert of the month arrived on December 11. It described a money mule ring in which the mules and fraudsters all met using Internet romance website Match.com. Can't you just imagine it? "I'm a fraudster looking for a mule between ages 18 and 35 near ZIP/Postal code ________."

Keep up on the latest scams, crimes and other threats facing your bank and other businesses with a free subscription to BOL CrimeDex

CrimeDex is now FREE to registered members of the Bankers' Threads
Private Security Forum! Get the details and subscribe now!

Blogging on Facebook
As 2012 came to a close, we had several interesting posts on the BOL Facebook page. In a December 13th post, we shared news about the FBI's arrest of a group using malware to steal $850 million. That's quite a large haul and we’re glad these thieves are off the street and off the web. We’ve got more details about their scam in our post, including how social media was used and how your bank may have contributed to the $850M stolen, but we hope not. Taking preventative measures against these types of scams is the key to protecting your customers and your institution.

In the wake of the Newtown, CT tragedy, BOL invites banks to take part in a January webinar presented by Dana Turner on "Personal Survival: 25 Rules to Live By." Get the details about this informative, and unfortunately timely, program from our December 14th post and find out how everyone within your institution can participate at the cost normally reserved for a single location. There is a link to a special message from Mary Beth Guard on the events of 12-14-12 and her personal invitation to attend the webinar that could save your employees in the event of an incident like the one at Sandy Hook Elementary.

Read about these topics and more on our Facebook page. Be sure to "like" the articles so we can continue to post more articles of interest to you!

We’ve updated several tools this month that aren't directly related to security, but you can pass the info on to your Operations and Lending personnel who will appreciate your efforts in helping them stay informed about updates on Reg Z and Reg CC.

As we usher in 2013, it may be time to present the board with your annual security program report. Whether you’ve done this before or this is your first year, check out the "Annual Security Program Report - How to Prepare" tool provided by Dana Turner for some guidance on preparing your report.

Did we mention all these Banker Tools are FREE?! You can find these and more at the BOL Banker Tools page.


Subscribe to the monthly Security Spotlight!
Access archived issues of the Security Spotlight on BankersOnline's
Security Spotlight Archive page.
  
Support the vendors who support BOL! Through their advertising and sponsorships on BOL and BOL Vendor Connect, companies offering banking products and services help to make this site possible. When you're looking for a supplier, give your business to companies who support BankersOnline.com.
Find them now in our Sponsors or BOL Vendor Connect.