Security Spotlight: Bank heists as a hobby & an art form, internal fraud, & more! 

Idleness is the Devil's Workshop

Needs a New Hobby...

People generally take up a hobby - an activity or interest in something they are enthusiastic about - for pleasure or relaxation. For 78-year-old Dale Jenkins, his favorite pastime is a bit unusual. Wearing a three-piece suit and fedora, Jenkins was arrested for robbing a Comerica Bank branch by threatening to throw acid in the teller's face. The teller complied with his demands and Jenkins left the bank with his ill-gotten gains in a rolling suitcase. His take: $80.00. Police arrested the smartly-dressed thief shortly after his heist just two blocks away. At the time of his arrest, Jenkins told a TV reporter on the scene: "I rob banks. It's my hobby." At his first court appearance, he told the judge that he is "guilty as charged," alleging that this robbery was his seventh. Despite Jenkins' advanced age, there is no evidence to suggest that he is the infamous Geezer Bandit -- an elderly-looking man who robbed 16 banks between 2009 and 2011. We suggest he spend his time in prison cultivating a new hobby.

Desperate for a Disney Vacation

A North Carolina man who traveled to Florida with his girlfriend and her two kids for a Disney cruise landed a vacation in Brevard county jail instead - alone. When Cedrick Swinson, 37, arrived in Florida and realized he came up short on cash to pay for the Disney cruise promised to his girlfriend's kids, he made a spur-of-the-moment decision to steal the funds for their magical vacation. Swinson made a quick stop at the Navy Federal Credit Union Satellite Beach branch, left the girlfriend and kids waiting in his SUV, passed a demand note to the teller, and fled with the loot. Driving off in a hurry, his girlfriend reportedly asked him, "What did you do, rob a bank?" Five minutes later she got her answer. Armed with a description of the suspect and the SUV, police pulled Swinson over and apprehended the alleged bandit, along with the stolen cash. The girlfriend and kids were released. Swinson was charged with robbery, grand theft and driving on a suspended license. The only magical place on earth he's going is jail.

Finding Fault, Designing Heists, and Scamming Consumers

Finding fault - customer vs. bank

Former Dixon, IL Comptroller Rita Crundwell stole nearly $54 million from city funds over a 22 year period. Crundwell pleaded guilty to wire fraud and will serve nearly 20 years in federal prison. Meanwhile, Fifth Third Bank is battling the city in a lawsuit that blames the bank for the city's loss and seeks $53 million in damages. Citing a deposition by Fifth Third's former branch manager Amanda Powers, the city alleges that the bank was negligent in following reasonable commercial banking standards when it cashed unendorsed checks from Crundwell, cashed checks made payable to "treasurer" without further inquiry, and allowed Crundwell to open a secret city account without proper verification. Fifth Third counterclaims that the city itself was negligent in failing to detect the theft until a colleague filling in for a vacationing Crundwell became suspicious. Who will the courts side with in this case?

Artistic bank heist

WIRED magazine recently published an online article about an artist from England who has designed a fictional plan depicting how to rob five downtown Los Angeles banks at the same time. Stating that her heist plan is simply an "artistic endeavor," Ilona Gaynor is looking for funding to complete her project. Gaynor has interviewed LAPD officers, FBI agents, Hollywood stuntmen and attended the LAPD academy over the last year as part of her research. Her goal is to create an art exhibit with models depicting how the robbery might occur and the publication of a book containing photographic documentation, interviews and essays. What is disconcerting to us is what research might be shared in this "artistic endeavor" that could be used to plan a real robbery.

Gaynor spent years researching her plan for the "perfect" heist. After spending 25 years dealing with criminals, David Hirst from Ohio decided to rob a bank. Entering a bank adjacent to the Guernsey County courthouse on November 1, Hirst handed a teller a note demanding cash. He then took the teller into the vault and exited out the back door with $60,000 in cash. Hirst didn't get far - he was met in the parking lot by a Cambridge police officer. Carrying a loaded .40-caliber Glock and .380-caliber Ruger handgun, Hirst didn’t resist but he did tell police he had an explosive device, prompting the evacuation of several downtown blocks for half a day. The device was later found to be a dummy.

Hirst pleaded guilty and was sentenced to nine and a half years for aggravated robbery, kidnapping, grand theft, inducing panic and weapons charges. The twist to this story - Hirst is a retired fraud detective who served 25 years with the Dayton Police Department and received numerous commendations, one of which was for his arrest of a bank robber. Stating that he was "not himself" and had trouble adjusting to retirement, he apologized to his family, his fellow officers and the people of Cambridge.

Hoodie bandit busted

Police have arrested a man suspected of three bank robberies in Santa Rosa and Rohnert Park, CA. What is unusual about these three robberies is that they all occurred inside grocery stores. In-store branches were once thought to be less likely targets because of their location, which is no longer considered a safety feature. Sebastian Miranda, dubbed the "Hoodie Bandit" for the grey hoodie sweatshirt he wore during all three heists, is a suspected Norteño gang member. A tip led police to Miranda, whom they observed driving near his home, and followed to avoid a risky traffic stop. They apprehended him when he stopped and parked - right in front of the Sonoma County Courthouse. With methamphetamine and a pipe in his possession, Miranda was arrested and booked into the Sonoma County Jail on suspicion of the three robberies, methamphetamine possession as well as a gang enhancement.

"Make it quick" bandit

As further evidence that in-store grocery store branches don't afford additional security, in San Pedro, CA a man dubbed the "Make it Quick" bandit robbed eleven U.S. Bank grocery store branches. One of those eleven was hit three times by the same bandit.

Internet scams

The FBI is warning that cyber criminals are increasing their use of photo-sharing programs for malicious purposes. In a May 30th release, the FBI said "These criminals advertise vehicles online but will not provide pictures in the advertisement. They will send photos on request. Sometimes the photo is a single file sent as an email attachment, and sometimes the victim receives a link to an online photo gallery. The photos can and often contain malicious software that infects the victim’s computer, directing the user to fake websites that look nearly identical to the real sites where the original advertisement was seen." Further, "...these fake websites, include 'tech support' or 'live chat support' and any 'recommended' escrow services." After the victim agrees to purchase the item and makes the payment, the criminals stop responding to correspondence. The victims never receive any merchandise.

In a similar scam, a BOL staffer in Texas recently received a notice that a package had been sent to him. The notice looked official, with a logo, colors, layout, and just a couple of links to click on for more information. The email was purportedly from DHL, which hasn't directly delivered in the U.S. for about ten years. And since the recipient wasn’t expecting any packages, the email was determined to be a scam and deleted. Whether they are expecting a package or not, remind your customers to be aware of emails like this and to be cautious about risking their information to avoid account takeovers.

The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). Their internet safety tips we've shared on the left can be passed along to your customers to help protect them from online scams, guard their personal information and avoid account takeovers.

Hot Topics from the Bankers' Threads

In the publicly accessible threads, a poster shares a link about ATM skimmers from KrebsOnSecurity.com. An additional link on how NOT to install a skimmer on an ATM from Krebs can also be found here. Your comments and experiences on ATM skimming devices are welcome.

Additional discussions include the resurrection of an age old question about security logs, a question regarding vaults in the lobby, and cell phone usage in the lobby from a new banker, and more in the Public Security area. When commenting on these discussions, keep in mind this is an unprotected public forum and comments should be limited to generic content.

We also have a "private" security forum for discussion of more private, sensitive topics. That is where security officers were discussing training and testing employees on fraudulent card transactions, removing silent alarms from teller positions, a GPS vendor, all clear signals, bank robberies and more in discussion threads that are filled with a wealth of knowledge shared by your peers.

To comment in Bankers' Threads you must be a registered user. You can register here. If using your bank email account, you will be given access to the private forums. The Private area is a group of forums under the heading "Private - Financial Institution Personnel Only." The Private forums do not include access to Bankers Hotline or Compliance Action, premium content areas that require paid subscriptions to those respective publications.

If you are already registered for the Threads, but don't yet have access to the private forums, using your bank email address send a request for access to andyz@bankersonline.com. Please verify that you do not yet have Private access. Once your registration request is approved, you can access the Private Security forum here.

CrimeDex produces another bumper crop of alerts

As the weather warms up across the country, it seems that the pace of CrimeDex alerts has increased, too, because the month of May brought another overflowing Alerts inbox. One of the first to hit our desk was a request from Colorado Springs, where police sought help in identifying a suspect using cloned credit cards. There is, of course, the usual collection of forged customer check alerts sprinkled throughout the month. An alert identified as "IRS Tax Fraud" caught our eye. It involves a series of H&R Block Tax Refund debit card ATM withdrawals that pulled over $47,000 out of the company's accounts over three days. ATM skimming is still being reported by CrimeDex members, including the US Secret Service, which posted an alert on skimmers attached to ATMs in North Carolina and Tennessee. There was also an alert about cash advance fraud with a new wrinkle, involving a telephone call from a confederate to a bank teller and a bogus authorization code.

There were 178 CrimeDex alerts in our inbox during the month of May, and at least thirty of them included information that bank security officers could use to both illustrate criminal techniques during security training sessions and protect their banks from similar scams and fraud attempts.

Did you know that CrimeDex has over 5,000 active members exchanging information that you can use in your bank security efforts? And that one of the other benefits of subscribing to BOL CrimeDex is receiving alerts about specialized security training opportunities, like the May webinar on "Vehicle Finance Fraud"? Keep up on the latest scams, crimes and other threats facing your bank and other businesses with a free subscription to BOL CrimeDex

Don't forget to follow us on Facebook for information that can be helpful to you in your role as a security officer (or one of the many other hats you may be wearing!) or for use in staff security training. Some of the topics you may want use or share with colleagues are: our May 21 entry discussing audits. How closely is your Security Officer working with internal auditors to avoid problems like this $7 million loss? Read the "Why we audit!" entry.

Bank robbery is taking a new form with an increase in electronic theft resulting in greater losses than traditional bank robbery. In our May 10th post, read about the roles of the backers, hackers, and cashers charged by U.S. prosecutors for stealing $45 million from banks. In this case, eight men withdrew $2.4 million from 3,000 ATMs in New York in just ten hours. Check out the "Bank robbery like no other" entry for the details.

And, also on May 21st our "FBI Reaching Out" post shares how the FBI is reaching out to bankers as a way to increase communication and reduce crime.

Read about these topics and more on our Facebook page. Be sure to "like" the articles so we can continue to post more articles of interest to you!