Seven Indicted In Bank Of America ScamSeven Indicted In Bank Of America Scam
Complex two-year scam exposes weaknesses in Bank of America's user authentication approach
August 18, 2012
Michigan authorities have charged seven people with pulling off a complex account takeover scam against Bank of America and stealing nearly $360,000.
According to the indictment, the two-year scam of online and telephone banking involved individuals who were to open fraudulent accounts and withdraw funds at Bank of America.
The seven suspects moved funds from legitimate accounts to accounts opened under false pretenses, the indictment says. The indictment alleges that leader Xavier Hicks used new accounts opened by runners to transfer stolen funds from legitimate accounts. Hicks also allegedly opened joint accounts in the names of runners and existing BofA customers by accessing personally identifiable information about those customers through Bank of America's telephone and online banking systems.
Hicks allegedly set up joint accounts involving legitimate customers and then initiated fund transfers online or through the call center from the legitimate accounts to the fraudulent joint accounts. After funds appeared in the joint accounts, prosecutors say they were transferred to the runners' accounts, where they could be withdrawn by the runners.
The scam suggests that banks need to give more thought to how they authenticate customers who work through on-site tellers and call center operators, the indictment says.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023