Quick Hits

Seven Indicted In Bank Of America Scam

Complex two-year scam exposes weaknesses in Bank of America's user authentication approach
Michigan authorities have charged seven people with pulling off a complex account takeover scam against Bank of America and stealing nearly $360,000.

According to the indictment, the two-year scam of online and telephone banking involved individuals who were to open fraudulent accounts and withdraw funds at Bank of America.

The seven suspects moved funds from legitimate accounts to accounts opened under false pretenses, the indictment says. The indictment alleges that leader Xavier Hicks used new accounts opened by runners to transfer stolen funds from legitimate accounts. Hicks also allegedly opened joint accounts in the names of runners and existing BofA customers by accessing personally identifiable information about those customers through Bank of America's telephone and online banking systems.

Hicks allegedly set up joint accounts involving legitimate customers and then initiated fund transfers online or through the call center from the legitimate accounts to the fraudulent joint accounts. After funds appeared in the joint accounts, prosecutors say they were transferred to the runners' accounts, where they could be withdrawn by the runners.

The scam suggests that banks need to give more thought to how they authenticate customers who work through on-site tellers and call center operators, the indictment says.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Editors' Choice
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading