Issued by FDIC
BankersOnline Security Spotlight
You never know when an emergency will occur that requires you to close a branch office.A proactive way to handle this situation is having signs prepared in advance that look professional instead of handwritten stating:
"Our branch is closed. 0ur next branch location is [X], which is located [X] miles away. This office will reopen on [date] at [time]."
This will reduce the number of calls to your call center during an emergency. It will also eliminate the need for customers tocall your branch to determine when you will reopen.
Training WebinarsIs Your Bank Penetrable?
January 12 —
by Barry Thompson and Steve Stasiukonis
If you think your network is safe from cyber attacks, you need to attend this webinar.We will discuss social engineering techniques and myriad ways a bank network can be compromised. Information Security Expert and Penetration Tester Steve Stasiukonis will detail the processes and technologies criminals use to infiltrate a bank network, and share real world experiences on how his company used these techniques to demonstrate the vulnerability of banks and financial institutions networks.Mobile Banking
January 25, 2012 —
by Paul Carrubba and Dan Fisher
Technology once again has transformed the banking space. Smart Phones and Wi-Fi availability are placing extreme pressure on financial institutions to keep up with the pace of change. It is no longer a matter of what to do as much as it is a matter of when your institution will implement a mobile banking solution. Customers are mobile and you need to be too! What are the options? Will text only banking be enough? What about bill pay and internet enrollment? What are some of the legal and regulatory issues? Learn about these issues and others in this information-packed two-hour presentation by Paul Carrubba and Dan Fisher.When Social Media Attacks
February 9 —
by Barry Thompson
Social media websites are changing the world. Banks use the social networking phenomena as an effective channel for attracting tech-savvy consumers of all ages. However, social media can also be used as a weapon against a bank. In this training program, we will demonstrate how a social media attack can be constructed and how, if left unmonitored, social media can become a public relations nightmare - with catastrophic results for a bank.
in the Banker Store
Is Your Bank Penetrable?
Managing and Reporting Fraud
Combatting Internal Fraud Before It Happens
Stealing From Within: Embezzlement & Data Theft
Embezzlers: Working With Liars, Cheats & Thieves
Welcome to the January issue of Security Spotlight
In this month's Security Spotlight, read about clues that may help nab a notorious bandit and the thief who made a pit stop at the local tavern.Barry Thompson shares a tip on notifying customers when your branch has to close.Read about funny money changing hands and a group of phishermen hooked by authorities, and find out how CrimeDex can be a great tool for investigators and institutions to share information and train staff.
Sprint Away or Stop for Suds?
Man, Myth...or Mask - The notorious "Geezer Bandit," once thought to be an elderly man in his 60s, is in really good shape for his age or may have discovered the coveted Fountain of Youth. After pulling his 16th heist in December, the shrewd bandit was caught on surveillance video "sprinting" across the parking lot after a dye-pack exploded during his escape. In all the confusion, he dropped a day planner that was used to conceal his weapon in the heist that may provide some clues about the mysterious moniker. Authorities now believe the "little old man" appearance may be nothing more than an elaborate disguise and the old geezer is a much younger man - or woman.They have tracked a mask with deep wrinkles and blemished skin sold as "The Elder" - bearing a striking resemblance to the bandit's face in surveillance footage - to SPFX Masks, a Southern California-based company. Warrants for the company's sales records are being issued to aid in tracking the purchase of this mask to the bandit, who has become somewhat of a celebrity in Southern California. A Facebook page in his honor has received more than 12,000 likes, andT-shirts, mugs and bumper stickers with his photo can be purchased online. A $20,000 reward is being offered for information leading to the arrest and conviction of the infamous bandit.
A cold brew after a hot heist
Bank robbers generally formulate a plan before robbing a bank that includes getting as far away from the bank as possible after pulling the heist. Not John Robin Whittle. He stopped in a local Port Richey bar, ordered a cold beer, told the bartender he had to run out for some cash, and then returned to the tavern about 30 minutes later.Whittle went out for his beer money at a nearby Wells Fargo bank where he demanded cash from the teller, left the bank, and headed back to the bar to finish his brew - where he was arrested 10 minutes later. With his take from the robbery, he could have bought several kegs of beer, and maybe enjoyed the freedom to have a cold one.
Check our Bank Robbery page for photos and information on the latest robbery suspects. We ended 2011 with nearly 60 unknown bank bandits in our suspects gallery this month.Only three of these suspects are seen without some type of hat or head covering.Putting up signs and enforcing the "no hats, no hoods, no sunglasses" policy could reduce the number of robbers who target your bank.
A Fleeing Fugitive, Counterfeit Cash and a Modern Day Robin Hood
Hiding Across the Border - The gentleman on the right in this photo looks like your average, happy customer. You'd be willing to shake his hand at the new accounts desk and open an account for him. But he is the same man pictured in the mugshot on the left - obviously not your next loyal customer. James Louis Whittlesey was arrested in Montreal, where he was found living in a homeless shelter after fleeing there following his alleged bank robbery in Winchester, VA. Authorities believe Whittlesey is the man who walked into a bank in the middle of the afternoon and held a gun to the faces of three tellers until they handed him money. As he fled the bank, while being pursued by police he fired on the responding officers but none of them were hit. Whittlesey is also a suspect in other armed robberies, including three in Pennsylvania and one in Delaware. Bank staff must always be on guard, for even those who appear least likely to pull a heist may be the very ones they find themselves up against.
$300K in Funny Money Found at JFK - U.S. Customs and Border Protection Officers at John F. Kennedy International Airport say they found nearly $300,000 in counterfeit cash during a bag search last week. The money was being smuggled into the U.S. from Colombia by Karol Andrea Chilito Solarte. She has been remanded to the U.S. Secret Service for further investigation.
Fourteen Phishermen caught -The Federal Bureau of Investigation (FBI) and the U.S. Attorney for the District of Connecticut have indicted 14 Romanians for their involvement in an identity theft scheme that relied on phishing attacks to steal from customers. People's Bank (Conn.), Citibank, Capital One, Bank of America, JPMorgan Chase, Comerica Bank, Regions Bank, LaSalle Bank, U.S. Bank, Wells Fargo, eBay and PayPal customers were targeted as far back as June 2005. The victims of this scam received common scam letters advising them they were locked out of their accounts and would need to submit detailed information to regain access to their funds. Account and credit card data, including CVV numbers, were emailed to the 14 Romanians listed in the indictment.All 14 members of the fraud ring could face 35 years in prison for conspiracy, fraud and identity theft.
More Funny Money - Making $50 from $5 - Brandy Mueller of Pasco, WA pleaded guilty to manufacturing counterfeit money for her family and other acquaintances. Mueller would bleach $5 bills and reprint them as $50 bills. Ronald Mueller, Brandy's father, distributed the cash to at least 11 other associates who kept a percentage of the profit from passing the fake bills through various merchants.Merchants and banks were the first to report the problem bills. There were at least 80 known cases of passing $50 and $100 counterfeit notes manufactured by Mueller, $5,000 of which was passed in the Spokane, WA area. Mueller was apprehended after she passed the phony bills at a Motel 6 in Spokane where she provided her driver's license for identification when she registered for a room. Following her arrest, Brandy Mueller reached a plea agreement with the authorities for her cooperation in the arrests of others involved.
More Justice - Bad Cards - Gabriella Graham, a 21 year old woman from New London, CT pleaded guilty to her crimes involving ATM skimming. Between February 2011 and July 2011, Graham and others installed skimming devices on ATMs at 12 banks and credit unions in Connecticut, Massachusetts and Rhode Island. Using the skimming devices, they allegedly stole an estimated $336,000 from 250 accounts. Graham is facing up to 30 years in prison and $1 million in fines.
Robbing Hood - What we can only imagine was done in the spirit of giving, Jasmin Rivera, a 30 year old homeless woman, is accused of robbing the Citizens Bank and then passing the stolen money to children playing in a park. When Rivera appeared in Boston Municipal Court, she was ordered to undergo psychiatric evaluation at Worcester State Hospital. Clinicians noted in their report that Rivera's medications were allegedly stolen in a recent attack and she was not taking her prescribed meds at the time of the heist. At the bank, Rivera handed the teller a poorly written note claiming she had a gun and would follow the teller home if not given money, adding such courtesies as "please" and "thank you" to the note. Fleeing the bank with $652, she got in a cab and offered the driver a large tip if he would take her to another bank to rob. Seeing the stolen cash Rivera had with her, the cab driverdropped her off at a nearby park, where police arrested her as she was giving $1 dollar bills to kids.
Alerts & Threads
If you are looking for peer-to-peer discussions with other security officers, the public security forum has a discussion on the use ofVisitors logs and why they are or are not used. What is your opinion on them? There is a little more discussion on the fraudulent use ofRelay Service Calls / TTY Relay. There are many more discussions taking place so jump on over to our public security forum now.
The Private Forum also has a security section where more sensitive discussions take place over things like branch access, mystery shoppers letters scamming customers, tribal banks, IRS email and thieves turned consultants. What is your opinion on the black hat to the white hat - should it be allowed?All these topics and a lot more are being discussed in the Private Security and Private +Law Enforcement forums.
To comment in the BOL threads you must be a registered user. You can register here. If using your bank email account, you will be given access to the private forums.
CrimeDex tool has many uses
This month's CrimeDex alert emails provided great illustrations of the many ways the powerful CrimeDex tool can be used. Investigators from Nevada, Nebraska and New Jersey posted alerts looking for accounts in suspects' names as they pursued Medicaid fraud, embezzlement and other financial crime investigations. A Baltimore, Maryland police department posted an alert looking for information on a suspected credit card thief. A Boston area savings bank posted a warning about counterfeit checks on the account of a construction company customer, and a credit union across the country in California warned CrimeDex subscribers of two suspects who have been depositing worthless checks from a closed account. A clone of a credit card issued to an Illinois child advocacy center used to make $1000 in fraudulent purchases is the subject of an alert posted by the Stamford, Connecticut police. Finally, Fremont, California police are attempting to identify a woman who has been using checks stolen from the mail to make fraudulent deposits to inflate compromised accounts and withdraw the balances at ATMs before the checks are returned unpaid.
BOL CrimeDex can help your bank recover losses through cooperation with law enforcement, retailers and other bank security professionals. Subscribers can also help avoid losses by using CrimeDex alerts as training examples for staff members.
CrimeDex is now FREE to registered members of the Bankers' Threads
Private Security Forum! Get the details and subscribe now!
If you are a current registered user for the threads, but don't yet have access to the private forums, using your bank email address send a request for access to firstname.lastname@example.org. Once your registration/request is approved, you can access the Private Security forum here.
Blogging on Facebook
Many interesting posts are on the BOL Facebook page this month but read down to December 12. You're used to reading about bank robbers who seem to get little more than a slap on the wrist. Here is one who got 26 life sentences.
Another entry that day has a story of a data breach that many bankers would have dismissed as a common occurrence because commercial lenders "are expected" to take some business with them. But what about the data on the customer which is still protected? Read the where, why and how on ourFacebook page.
Support the vendors who support BOL!Through their advertising and sponsorships on BOL and BOL Vendor Connect, companies offering banking products and services help to make this site possible. When you're looking for a supplier, give your business to companies who support B
Find them now in our Sponsors or BOL Vendor Connect.
First published on 12/31/2011