skip to Main Content
share

International Money Laundering & Wire Fraud Recovery

Tom Cronkright, Published on April 20, 2019

This month’s fraud briefing dives into Money Laundering. Watch to learn how international money laundering works and steps to recover your funds should you experience wire fraud that results in a loss.

Sign up for the next CertifID webinar!

Full webinar transcript:

Hello everyone, this is Tom from CertifID, sorry about that delay. I hit the cancel call versus the unmute, so, I’m sure we’ve all been there. Anyway, for those of you that I haven’t had the privilege to meet, I’m Tom Cronkright, I’m one of the co-founders of CertifID, I’m also a large title agency owner in Michigan, and a wire fraud victim.

So today I’m excited because we are gonna dive fairly deep for the first half, so roughly 20 minutes, I wanna unpack basically the money laundering network and share with you what we learned through our wire fraud experience. And I wanna spend the second half dissecting kind of an hour by hour roadmap of how you would recover, what things you would need to do, if you or one of your customers was hit with a wire fraud and God willing that’ll never happen, but I think you’ll see that it’s important to have an understanding of how to respond. So by way of housekeeping, a couple things. I wanna hear from you if you have questions. You have a questions panel in the GoToMeeting and just start putting those in there and my team here will start to feed those to me in real time and we’ll have enough time for a question and answer.

And then for next month’s webinar, the same link that you registered for this month, you can go ahead and register for next month. So what was interesting is the last couple days I was in Raleigh with the ALTA Innovations Summit that they put on about wire fraud, and cybersecurity, and data protection. And it was absolutely fascinating, so not only was I able to share some information as being one of the speaker/instructor members, but I also attended as a participant in the industry. And I can tell you that this issue that we’re about to talk about, and what we’ve talked about in previous monthly briefings, is something that I think it really is mission critical. And the companies like yourself that are getting the continual education and awareness and then start to do things in response are frankly gonna be here in the next year or three or five where others won’t.

I mean the issue is moving so quickly and so intensely that, again, we have to do the work to take this on. So what I’m gonna talk about today, we got kind of a packed agenda which we always do but we’ll get through it. What is money laundering, how big is it, let’s talk about the money mule network. Top strategies and then our experience. So our experience was a super-intense one, I haven’t shared it publicly in an open forum like this, but I’m happy to for the first time. And then what does it look like to recover if we do have an incident because minutes matter from a strategic perspective. We’ve talked about the roadmap over the last few series, how they profile transactions, they fish someone in a deal, they access an email account, they monitor transaction level information, they obtain that information.
Then we as transaction participants get spoofed or impersonated.

Someone is manipulated into transferring funds. So now we’re kind of at the end of this roadmap and the question that I had and many of you may have is, why can’t the banks just shut this down? Like, how can they allow these fraudulent accounts, or these accounts that end up, you know participating in fraudulent activity like money muling, why can’t those be detected and quickly shut down? And I think after this session you’ll appreciate just the challenges that the financial industry has, and I’m not defending either way, I’m kind of agnostic on this but I’m more informed, in the sense that it’s a real big challenge and it continues to grow because of how they’re recruiting money mules to move funds. So what is money laundering? There actually is a formal definition. And it is the process of concealing the origins of money obtained illegally by passing it through these layers of sequenced transactions.

So you’re just kinda, you’re laundering, or you’re washing these funds through a series of transactions in accounts that may look legitimate but the origin point is something that is fraudulent. The phases are three significant phases. So you place money, so placement is the first, you place money into the financial system, okay? Then you start to layer transactions so that you’re camouflaging the actual source of the funds, and I’ll dissect this with how the money mules moved our $180000 that we were defrauded out of in 2015. And then the last is integration where you’re acquiring wealth through this generated funds because at some point it’s converted, so you end up with illegal funds that are placed into accounts. They layer these transactions and ultimately there’s a conversion typically to another form of an asset, either real estate or personal property, or now even cryptocurrency that we’re going to get into. So think of at as, again, all this has a very significant methodology.

One of the speakers yesterday as we were ending the session in Raleigh, said something, he’s a well-known guy in the industry, and he said if you had an eight billion dollar business, that you were able to take from basically zero and now it’s eight billion dollars in a matter of a few years, would you give that up? Because that’s the size of the network that we’re talking about, and how much money they’re generating from wire fraud, from ransomware, from data theft, from those things. And the answer is no. So where did they originate from? You have to understand that it’s a complex kinda web and it’s multifaceted, so they have multiple different vectors of originating funds, okay?

Business email compromise, and I’m gonna unpack some stats that are fresh that we received from the FBI okay. Business email compromise is a type of fraud targeted to redirect wire or ACH transfers from business or individuals, okay, that’s the target of BEC, so think of it as like wire fraud. Online job scams. So hey, work from home, you guys have seen those stapled up on telephone poles or you’ve seen them on Craigslist. Work from home for $25 an hour. And I’ll show you some of the recruiting tools for money mules. Romance scam, this is a absolute heartbreaking and devastating scam for so many individuals around the country, and I got very close to this during our trial because we were wrapped up in a bunch of romance scam victims. Mystery shopper scams, advanced fee, reshipping, grandparents, I mean and then it gets a lot more, I wouldn’t say sinister but kinda heavy with drug trafficking and human trafficking.

So just know it’s not just one thing, and I tell people they’re kinda crime agnostic, they’re brand agnostic, they’re transaction agnostic, they just want to generate funds and start to run that through the middle of money laundering both domestically and internationally. So what’s the size and scope of the problem? The most recent estimate that we saw was it’s generating about $300 billion in potential money laundering proceeds on an annual basis. It’s just massive amounts of money that are being moved. So last week before the event in Raleigh I actually went through the IC3 reports again. It had been a while since I stacked them side by side, and I’m sorry, what’s an IC3 report? So the FBI set up the Internet Crime Complaints Center and it is this IC3.gov and if you go there you’ll be able to pull down FBI bulletins and on the right, kind of on the bottom it says, maybe we can put that, Frank, in the chat put the link to the IC3? We’ll throw that up for you guys right now. This is where you can read the annual reports and you need to read the annual reports, they are fascinating ’cause they’re showing different strategies and trendlines. So I wanted to focus on business email compromise. Okay the issue that we’re facing with wire fraud and let’s see real estate and other financial transactions. So if you look at what’s reported, you can see that the complaints went from a very low number, and then people had visibility of where the FBI wanted these claims to funnel through. So we get more and more complaints as more and more activity comes in.

And in 2017 they’re reporting roughly 11- to 12000 complaints, okay? With losses of you know roughly 600 and some thousand dollars. But they’re about ready, if you look at the trendline of what was reported late 2017 and then into spring of last year, they’re gonna report that the losses are a billion and a half, with complaints, if you kinda cast this out, now spiking to roughly 35000. So the report that we’re gonna get next month or the month after is gonna show a significant tilt in kind of the aperture of this issue. But what’s interesting is that is basically, this graph here is shown here, but there’s roughly only 15% of what’s actually taking place that’s getting reported. So if you normalize that number, the activity level is actually much higher. In the sense that we’re probably looking at you know a few hundred thousand instances over or actually 20000 instances, I’m sorry, with you know roughly 10 to 12 billion in loss. Okay because you know I’ve had on our brands and the title company different attempts last year, I didn’t report those. Some of them we’ll report to the IC3, some we won’t. But the reputational risk and branding risk of having a news station show up and say, hey you didn’t have a loss but you had an attempt, is there something wrong with your brand, it can get twisted really quick and I empathize with all of you that are going through that same issue. But as I looked at these graphs and I’m talking to many of you around the country, either at, you know, national events or as we’re looking to implement the certified solution, it just seemed like the loss was bigger, it seemed like the instances were much greater than even what is extrapolated here. So I actually sent a FOIA request to the FBI last year, so it’s a Freedom of Information Act request, and any governmental entity has to respond, if they’re obligated and can, to the request.

And I won’t bore you with the back and forth of the four months of negotiating on what was gonna be released, but ultimately this is what released. So now if I normalize this number, it falls way down here and the FBI from the IC3 website had instances from June of 2016 to roughly the end of last year where people went onto the IC3 and were reporting a wire fraud incident. Not necessarily a loss, but they went onto the IC3 and said, I have a wire fraud incident.

Well that crested to 80000 over you know $90 billion that were reported. So if that includes only 15%, now you’re cresting several hundred almost a trillion dollars of attempts. So what I was explaining in Raleigh the last few days is what we think we know about this issue, we’re hearing just a small fraction of those people that unfortunately lost funds. You know the retired couple buying their dream home and their life savings is whisked away in an instant because the wire gets rediverted. A millennial couple that’s been saving for you know three years to buy a house, they’re suddenly without a place to live, you’ve heard the heartbreaking stories. But just know, and I’m gonna pivot to solutions very quickly, is look it’s just simply bigger than we have our heads around. And I was surprised when I got this number because I was expecting something closer to a middle range here of activity. So let’s talk about money muling. So what is a money mule and why is it so hard to stop?

So one of the things that I’ve been beating my head against the wall, and this is frustrating because we’ve had so many fraud attempts and we were, you know obviously we were hit, is why can’t the bank identify, with the Know Your Customer requirements and the other things that Dodd-Frank and other regulations require from them, how do you not know your customer well enough that you could see kind of on a future state that something bad is likely gonna happen? Well I think over the next couple minutes here we’re gonna unpack what they’re struggling with and how it’s nearly undetectable on the front end. So a money mule, think of it as someone who transfers illegally acquired money on behalf or at the direction of another. And they recruit these mules to move money electronically through these bank accounts, through a variety of different ways. And these money mules fall into three kinda categories. So if you haven’t seen it, the FBI in December put together a really good piece on money muling, and you can find it online. And I’m borrowing some of that content here. So you have the unknowing or unwitting, meaning, I think I’m just helping somebody out, I thought this was a legitimate job, I’m not trying to break the law, I’m just engaging like I’m being asked to engage. So they really have no knowledge that they’re working probably for an international cyber crimes syndicate to launder illegal funds through a bank account as part of this function that is a ruse, frankly, to get them to do that.

The next is witting, where, I suspect something, but I’m not gonna ask too many questions. Because I kind of like this flexible arrangement I have, and it’s easy to go to the bank, you know deposit some checks, wire some funds, kind of a, you know, don’t ask, don’t tell type of thing where I’m just gonna play along with this, right, dangerous place to be. And then those that raise their hand and say, you know what, I’ll help you do this, international syndicate, I want to be a professional money mule. We ran into two of those in our fraud. So know that this is the toughest right here, and this is what they’re targeting and how do we get people that believe they’re doing something lawful that could benefit them and maybe this cause that they’re helping out with, but in fact they’re working for illegal gains. So how do they do it, they do it for a variety of reasons or ways. So Compliance Alert had a really good graph I’m borrowing right now that it can come through an online posting, some social media feed, a direct contact so they could actually kind of spear in and target someone of a certain profile. What’s interesting is folks that are kinda new to the country, unemployed, looking for an opportunity to get their feet under them, are big targets, as are men between a certain age, 18 and 34.

They just have more of a aptitude to respond to these things. And it looks like some type of a legitimate job or cause that they’re supporting. And what they’re doing is they’re asking the mule, say hey, you know, you have the ability to go in and we’re asking you to open up accounts, receive funds, and move those funds to other accounts. The FBI has a significant awareness campaign running on this. In the sense that, the hashtag #DontBeAMule, and like I say if you look at this they have a bunch of materials on it. And the penalties. So the penalties from a federal standpoint, ’cause a lot of times when you transfer funds across state lines it becomes a federal offense, the state usually loses jurisdiction. So you have mail fraud, which is a sheet of glass wide, but comes with a big stick from a fine and a possible imprisonment standpoint. Wire fraud, so all of these could be layered into the different fraud attempts. If you look at the recent college scandal that’s taking place in the news, look at how many accounts that line up with this are in those indictments, right?

Almost nearly all of ’em except maybe money laundering, it’s a big big issue. But you can see here that, you know, 20 years, 20 years, 30 years, 20 years, 20 years, each one of those instances that the US Attorney’s Office can prove if they prosecute. So let me go back to something, let me give you an example of recruiting and money muling, and I learned this during our trial experience. So let’s say that I’m a fan of a certain rock band, okay? And as part of that I’m part of a fan club on Facebook. I’m like a superfan, they can see I’m super-active, I’m posting, I’m sharing, I’m doing all these things. And one of the band members becomes ill with some sort of an incident, I don’t know what, a medical issue okay? And it was kind of life-threatening for a while but he or she healed from that, and then the fraudsters because it’s all public and it’s on Facebook, they say, wait a minute, here’s an opportunity.

So they pose as the manager of this rock band for example, and they go to their superfans in different areas of the country and they reach out and say hey, I’m the manager of so-and-so. You probably heard all over the news and on Facebook that you know there was that medical incident. And he or she wants to set up a charity to prevent this from happening in the future. And they thought that the best way to get the word out were some of the most active fans on social media, we wanna start there first, would you be interested? And as a superfan I’m like, oh yeah, this is fantastic, I’m so glad he or she was healed, I’d love to participate and this sounds like a great social cause, awesome. And then down the rabbit hole we go, where they explain, look to do this, I need you to walk into a bank and I need you to open up a few accounts because we’re gonna be receiving money from people donating funds for this cause. Can you do that? Sure, so I’ll think about it. I walk into a bank, the bank sees me as, you know, hey, you got perfect credit, no flags on a background check, Know Your Customer boxes checked all over the place, and I open an account for, whatever, Acme Charity. And I start depositing checks and receiving wires and at some point they say, hey, great job.

We have some causes now, we have some children or whatever that are going through this and we wanna to start to fund some hospitals and we wanna fund some other companies that will start to distribute this directly to people suffering from that same disease. Can now you move the money, can you transfer the money, to some of these different accounts? Some of them are gonna be by certified check that you have to overnight. Some of them by wire transfer. Sure, I’ll do that. So now I feel like I’m doing something, right, I took the money in and now I’m helping people as I push it out. What you’re doing is you’re pushing out to another money mule in another part of the country, part of the same scam, and you’re starting to launder and wash funds. The other thing they’re doing is they’re seasoning these accounts and what I mean by that is, if the average wire transfer in real estate is, for the sake of argument, 200 grand, that’s roughly the amount that we see over and over, 180 to 230000 lost.

They will actually season them so they start to transfer in blocks of 180 to 250 from other accounts. Right, so they’re just moving this money around the country to themselves basically, so that when the fraudulent payment comes in it’s likely gonna go undetected. By contrast, if I was taking in deposits of $3500 or $800 or $8000 at a maximum, and then I get a block of a half a million in, a lot of systems now with banks thankfully will flag that and say something looks suspicious. So just know that this is a huge challenge because when you walk in the front door of that branch, it’s somebody that is a law-abiding citizen thinking they’re helping someone to do something good, when in fact behind the curtain is a very sinister plan to recruit them and activate them as money mules. Alright so how do they mule to avoid detection? So I wanna show you kind of the evolution of what’s being happening and we saw this in our queue.

First, when you wire funds to a fraudulent account, it always ends up in one account. Right, one big block gets sent from your bank to what you think is the right destination but it’s diverted to another account at another bank, and they always give you the right wire instructions, believe me they’re not gonna send you wiring or payment information for some place that’s not gonna land. So it lands at a destination unknown, but a legitimate destination, and then they start to splinter that, they start to mule that through their network. A lotta times they’ll pull it out in cash, they may send it to Western Union, maybe immediately pay off a credit card, put it on as a down payment on real estate, maybe some commodities, all of that happened in our $180000 and within a few hours. But now they’re getting smarter and they’re saying look, that takes some time, right, to break these packets up and spread it around the country. So what about online payments, could we start to move it quicker and convert it faster through some of these online portals?

And now we’re seeing, and that takes hours, now we’re seeing where they’ll take it from US dollars, convert it to one of the crypto wallets, and then reconvert it to a different fiat currency overseas and then mule it overseas. This is the future state and this is the real challenge I think that we face, and we’ve seen instances of this, this year. Where the level of sophistication and guess what, they’re training the money mules on how to, think about this, cryptocurrency is a fairly sophisticated transfer. It’s not hard to do but it’s pretty sophisticated to take money from an account and convert it to a crypto wallet. Even setting up a crypto wallet, it doesn’t take a lot of time but to get your head around it.

They have basically a how-to that if I’m recruited as a money mule, not only am I opening up these accounts but I have this convert to cryptocurrency for dummies video that I watch and then it trains me on how to open up the wallet and then quickly sweep it into a cryptocurrency and I don’t really know what I’m doing, right, we’ve seen instances of that. The chances of recovery here, as you can imagine, become exponentially more difficult because cryptocurrency is kind of this amorphous idea, what really is it? But what it can be, it can be converted to other fiat currencies in different countries without having to go through the international banking system. So just know, be alert for that.

So our fraud experience, and then I wanna get to the wire fraud and recovery roadmap. Our experience was a pretty intense one. So we were hit with a $180000 fraud. What really happened was we took a cashier’s check in for 185 on a commercial property in the southeast side of Grand Rapids. And after due diligence closed, but we had deposited this check for a few days in the banking system, we were asked to wire 180 of that 185 to the seller for hard money or hard money EMD, earnest money to the seller. So we would never do it again, not entirely uncommon but the amount was uncommon looking back.

But the check had been deposited, it had no flags, you know that whole thing. And then after being in the banking system for several days, and the wire had been gone, the check bounced. I mean it was a shocking event. And we were out 180 that instant. What we didn’t realize, that I’m gonna unfold for you, was just simply how sophisticated the network was that hit us with our fraud, and this is conservative, you know, west Michigan, a place that you think this is the last place there are fraudsters looking. So our money went from our bank in Grand Rapids to a bank in New York, right, one of the largest financial institutions in the world.

What we didn’t know is that an international money mule by the name of Antonella Mendelson, had flown in the day before from Germany with instructions that said get to New York, New York, and await further instructions, we’re gonna receive a wire likely tomorrow. So this is her and her husband, the timestamp on it’s hard to read but it’s on April 10th of 2015 at 12:01. This is her moving our money and breaking it up into three different wires. She received her instructions earlier that morning at 9:42, so this is happening in real time.

And what this is telling her is, and this is from a person involved in, you’ll see the Nigerian cyber syndicate in a second, right, so this is global direction from this person that was in New York. Take 40 out here, push a wire there, and then she was allowed to take out 20 and she got back on a plane to Germany, that was her whole job, okay? But think about the timing of that. Go to the country, await further instructions, roughly two hours before she shows up the instructions come through. What we didn’t realize is what was gonna unfold next.

And that is our money ended up in the hand of a cast of characters, I call it, down in Texas. Perez Cortes this guy in the center, they call him Perry at the federal level, was an attorney that was laundering money through his attorney trust account, okay so he had a bulk of our funds. And why they’re hiring attorneys, so think about this.

They’re recruiting attorneys knowing, okay, that if a company like ours loses money and we file an injunctive order or we somehow press the bank to freeze an account, so we froze his attorney trust account, as an attorney he’s hired by the cyber syndicate network to go absolutely ballistic on bank counsel and threaten all kinds of litigation if those funds are not unfrozen because of a lack of due diligence, like you just can’t do this automatically without us having a say in what happens, and they’re very successful at it. Okay then Dean Morgan. So Dean Morgan owned Morgan Insurance and Dean Morgan Realty and he put a down payment on a piece of property, okay?

Mark Hopkins was a guy that put a down payment on a container of aluminum figments that were originating from overseas, like little aluminum pellets, if you will. And then Priscilla Ellis was ex-US military, professional international laundering mule. Okay, like actively, hey I’m here, I can get a lot done in the US. What was interesting though is we had to civilly litigate to recover our funds. So if you think about like spring of 2015, nobody was talking about wire fraud in real estate. Okay there just wasn’t the awareness, there wasn’t the roadmap, we had to kinda figure this out on our own.

So we sued everyone that we could find, including this Mark Hopkins guy. So what was interesting there is Mark Hopkins, we litigated for two years, we settled with Mark Hopkins’ lawyer and this was at the end of first quarter of 2017, and we recovered roughly 140 of our 180. And then my phone rang in June of 2017, and it was the US Attorney’s Office out of Tampa, Florida. And he started to ask me, the US district attorney, who is a phenomenal guy, said look I need to talk to you about your civil litigation in Texas.

So we start to answer, you know, questions about you know what do you know about Perry, what do you know about Dean, tell me about Mark? So he starts to hone in on Mark Hopkins, and what I knew and the counsel that was representing him and this and that. And then it ultimately came out that there was no Mark Hopkins. I said, what do you mean? I just settled with his lawyers three months ago. He said well what we found is that Mark Hopkins, because you named these other individuals is actually an alias of one of the main cyber syndicate leaders in North America, called Ikechukwu Amadi, they call him Ike, this guy right here, upper right corner.

And Ike is responsible for running the North American syndicate of the Nigerian Black Axe. And that’s where I knew the conversation was pivoting in a much different direction, alright? So if you back up just 60 days from this phone call, there was an FBI bulletin that actually profiled the kinda Texas fraud syndicate, and referenced that Priscilla Ellis actually tried to take a hit out on a few witnesses that were gonna be testifying in her trial and got an additional like 66 years added to her sentence. So as Patrick is relaying this information on the phone, I said, hey, Patrick, the US attorney, I said did you read the bulletin from the FBI because these don’t seem like really good people, why are you calling me?

And the reason for the call is that they connected through the civil litigation and other information that Ike and his brother Desmond were really the number one and number two guys in North America and they had picked up Desmond and I was about ready to receive a grand jury subpoena to come down and testify so that they could extradite him for trial in the US. And as you can imagine, a disconcerting conversation followed with the US Attorney’s Office.

We worked it out, I did it through affidavit, they extradited him and ultimately they were going to try to do a plea deal to get further up into the network, which ultimately fell apart okay. So that fell apart actually in the summer of last year where I was then called to testify live for Desmond’s trial along with eight other victim witnesses. And had to do that under an FBI detail obviously for security reasons. And I only share this story with you because it’s one thing to say, okay, I lost 180 and thankfully we’re in a financial position where, yeah it sucks, but you know you can make that whole. But if you’re called to go, kind of the distance on this, when you need to bring people to justice you’re in a completely different realm of impact for your business and your life. So as it unfolded I started to get Department of Correction letters from the US Department of Corrections, and realized that our money had actually spanned through seven different states. The network included five countries that I was unaware of, and like you say the testimony included not only the subpoena for the grand jury but also an actual trial.

So I can’t express enough that this is something that you would just want to avoid, if you can, and you want your clients to avoid it as well, ’cause it’s incredibly disruptive. So that’s our experience, we call it tuition, so we look at everything that happens for a reason and now we’re not only on the path to try to alleviate wire fraud, you know starting in real estate transactions, but also what we were doing in our business as we service our customers, really doing the reps, doing the works, and making the investment so that it wouldn’t happen to others. So pivoting to solutions, what happens if you have a wire fraud and you need to recover it? So in the chat panel, correct? We are putting a link to our white paper that we published, boy, sometime early last year called When Minutes Matter. I’m redacting some of this information to show you what you need to do on an hour by hour basis that will increase your chances of recovery.

So hear me, this is not a 100% guarantee that you’ll recover anything because the timing and the sophistication of this is moving so quickly that they’re trying to do everything they can to avoid detection. But if you wanna better your chances, this is what we found from a roadmap perspective, so we’ve lived this in how we were initiating our recall and our fund recovery, but also recently we actually participated just to help people out in a few different recalls and it actually worked, so, not all of it, but the maximum amount you could.

First hour you’re gonna notify the bank and you have to initiate a SWIFT recall. So lemme go to 40000 feet, if you’re hit with a wire fraud, or you learn your customer is hit by a wire fraud, you gotta go a little crazy on the banks and the FBI and counsel. I mean you think of yourself as your patient advocate in a situation that is life threatening. There isn’t anything you won’t do, there isn’t any stone you won’t unturn, and anything you will, you know, you just have to get the information in real time.

So you initiate, you call your bank, you demand the SWIFT recall and you have to confirm that the funds are in kind of a hold or frozen status. And then ask ’em did the funds move anywhere else? So if I sent from bank A to bank B, you need bank B to confirm that it hasn’t gone to bank C, D, E, and F, and if it has you need to identify who those banks are, they’re not gonna give you account information because they can’t under privacy rules, but you have to identify where they’ve gone. Then you gotta file the IC3 complaint at the FBI.

Takes a few minutes, I won’t go over all of this, but you have to have the transaction-level information to input in that system, okay? Who you are, the financial institution, you gotta select wire transfer, who the subject’s name was, how you were victimized, the email header, they want the detail because what they’re doing is they’re seeing all of these different complaints and it might be a similar syndicate or account that they’re tracking already. But you have to have an IC3 complaint on file within that first hour. And then retain the complaint number ’cause you’re gonna need it when you contact the local FBI field office, okay.

Notify your bank, IC3 complaint hour one. Hour two, go to the field office, call them and contact somebody that is in the cyber crimes or complex financial crimes unit. And make a connection there and let them know what’s going on, okay? Here’s a link, there’s also a link to the white paper by each county in each state, we’re providing you the direct contact information for each FBI field office. Now they may not, like, Grand Rapids for example in Michigan, the actual center is through Detroit, so you have to ask do you process it here or is there a larger hub that’s centralized within the state or the region.

Some states are sharing because of borders one office that crosses different states. And then share with the special agent what you know, the complaint number, and align expectations. What can I expect from you in the next few hours as you look into this? You gonna call me back, you gonna email me, are you gonna be radio silent, align those expectations okay? And then contact legal counsel. In that white paper I give you a redacted but a roadmap if you will for an injunctive order.

What’s an injunctive order? An injunctive order is where you walk into your local court with the paperwork to ask a judge to sign off on an order that you can serve on the banks that would restrict them from moving the funds any further or transferring from the account that they’re holding it in to another institution or even pulling into freeze the account, you can do that through an injunctive order maybe, depending on the jurisdiction. We were fortunate enough that I learned of our fraud at 11 AM in the morning on a Tuesday morning, as we were walking out and had served an injunctive order on four different banks by 4:30 that afternoon, okay, and that was critical to our recovery.

Hour three, contact all the banks in the chain, so now you circle back to your bank and you say okay, what has the fraud prevention desk learned over the last couple of hours and has the recall notice, or I call it, a fraud alert, been issued against the bank accounts where your money may have ended up. And it’s shocking how quickly you can get from one to three and maybe five accounts spread around the country that your money has dropped into. Again, share the contact information, and align expectations.

So now you’re at the bank. What are you doing, what can I expect over the next two or three or four hours, this isn’t days guys, this is like right now, what can I expect? And then you actually have a duty if you have errors and omissions or cyber or anything like that, you have a duty to notify your carrier that an incident took place, especially if you have wire fraud coverage, if you have social engineering coverage, if you have cyber crime or general crime coverage, if you have third party loss coverage, it goes on and on, right. But they may want to engage and may have a team to help engage and minimize the loss as well. So hour four, now contact your local authorities.

Well why are you saying that? Why wouldn’t I go down to a local police station and let them know what’s going on? Minutes matter in this guys, and this is why I’m saying, look, if you can get through hours one through three, all those steps in the first hour, awesome, then go to local authorities. But by the time your money moves state lines, you typically the jurisdiction, at least what we found, your city, your county, and your state-level jurisdiction truly to prosecute and draw this thing to a close has been lost once it transfers from one bank to another in another state. But it’s good to have a police report, share the contact information, and read them into what’s going on, they may be able to help. In our case, they weren’t, but I’m not saying that you don’t have some, I did hear Kent County helped a couple in a pretty big way because they were able to engage the FBI and kinda do steps one to two because they knew what the roadmap was, and that was really impressive ’cause it’s pretty complicated. And then, hour five is alright, we gotta figure out what’s going on.

Like where was the breach, were we breached, how did this fraud take place, is there something that we need to be aware of you know do I gotta take the system down and do an analysis or what, so, you know determine the source, contact either your internal or your external teams and explain the situation and you take a full image of the actual database, ’cause you’re gonna be asked for this if there’s a trial, in our case, three years down the road where they asked for all the information we had on everything. And then maybe even a forensic investigator to come in and do a deeper dive on what the impact is with the environment. ‘Cause you don’t want something, wire fraud may be the tip of the iceberg, somebody may have gotten in, inserted malware or other software that’s kinda latent in the system and they’re just starting to mine information, you gotta make sure that those bad guys and those programs are thrown out automatically. So, main takeaways.

If you’re going through the process, details will come quickly typically, or should come quickly if you’re really advocating hard for yourself and your customer, but the money is gonna come back rather slowly. And I say that because you think about it, transfer funds, you voluntarily transfer funds to an account. There wasn’t a gun to your head. So they voluntarily went to an account that you find out was a illegal or an unlawful or an unconsented transfer because the account was bogus or fraudulent. That puts the banks in an awkward legal situation because you’re asking them to just push the money back to you, but there’s no due process, well I need to hear from the other guy because what would happen if I claim a fraud on a legitimate transfer and we just started wiring money back to people, that’s another fraud vector that they could do, right? So be prepared to indemnify the banks to return your funds.

What does that mean? The bank is gonna send you an indemnity letter that says, look, I’m kinda taking your word for it, I see everything lines up. Now that we look at this account a little bit more it seems suspicious. But you’re gonna have to sign something that if you’re wrong you will make us whole. Not just on the amount that we send back to you, but on litigation fees if we’re sued, if blah blah blah blah blah and guess what? You’re gonna have to sign it, they’re not gonna negotiate, I haven’t found any bank that would negotiate on this because everything’s happening so fast. And then don’t trust anyone, so the fraudsters are so good that when they notice a fraudulent transfer comes in they may proactively call you or someone in your organization that says, hey, you know hey Tim, I’m Tom from ABC Bank. I saw this wire transfer come in, we’ve actually flagged that because it looks a little bit suspicious.

So just letting you know that our fraud department and our risk team is looking into it, and we’ll be in contact with you in the next few hours. And then a few hours goes by and they call back and say, you know what we’re still digging into this, we have some other transfers we’re trying to figure out, I’ll probably give you a call first thing tomorrow morning, how does nine o’clock work? And by that time guys, they’ve bought themselves the time they need to splinter out and convert the funds so that you can’t have a recovery. I’m not saying a bank won’t legitimately call you. I’m just saying be very suspect of a bank proactively calling and saying, hey I noticed something and I’m here to help. Just be very suspect. So the action item, and I cannot stress this enough, is to put a process in place where you run the traps on this in advance of it happening to you.

So you’ve gotta take this information, take a step back and say, okay, what if I was hit with a fraud at 12:30 today? Would we be prepared, who would run point? Who do I call, right, who’s responsible? So you have to have the preparedness, who to report to, a response plan, I mean all of these three things. Frankly, knowing what I know now, if I have an escrow account, I’d be sitting down with every single bank that is holding some of our escrow funds and many of you have multiple escrow accounts and I get it, it’s hard to manage but I get it. But I would be sitting down with their fraud team and their risk department to say okay, assuming I had to call you, or, I just realized there’s a wire fraud, what do I do to maximize your engagement to go through this process and what can I expect from an information-sharing standpoint?

And then get a commitment, and do what I call, create a red phone to red phone link, to your banking institution. I would do the same thing with the FBI. So I’d find that local field office, even if you gotta show up in person and create relationships matter like anything else, guys. And if you humanize yourself and you create a relationship in advance, I’m not guaranteeing anything but I would suspect that you may be able to get a little more activity or treatment faster because you’ve created a relationship and at least you’ve set up kind of the rules of engagement.

The other thing is with your insurance carrier, your clauses are very specific and none of us read them, that what is the claim response reporting requirement in your policy so that they can’t deny you if you sat on it too long where they could have stepped in, a lot of those policies say, look, I have the right to defend. I might wanna step in here and make sure that we mitigate what could be a risk profile for us to try to actively recover these funds. And then the same thing with legal counsel and your IT department. So do you have a post-incident response plan that includes all these things? Banking, the authorities, the IT, you know what’s the red phone to red phone internally if something were to happen so you can start moving quickly.

And I’ll say this if a wire fraud hits, and I hope it never ever does guys, you’re gripped with this fear and this energy and it’s almost like an aura, it’s like a blind spot almost. But you can’t stay there more than a few minutes before you start to engage and activate. When Minutes Matter is the white paper, so I would definitely download this, digest it, train on it for your key incident response folks, and then give it to your key referral partners. They need to know also because you can’t collect for a broker or a real estate agent that may have had a client wire funds but you could guide them through the process of what to do, and you can’t because you’re not the account holder. Alright, so monthly briefings. We’ve had an awesome first quarter now that we’re into April I was super-excited to share this. It’s only gonna get, like I say, as or more intense as we go through the year.

We’re gonna talk about arming the workflow to prevent fraud. We’ll have a special guest that will provide some real tactical advantages in how to educate employees and referral partners and some folks that I heard speak in Raleigh last week. And I’ll see if I can elicit them to participate in half that. We’ll have some stats come out from the FBI on business email compromise and wire fraud loss, I’m anticipating those’ll come out late next month, early June. We’ll spin those up and share those with you. Still working on our next white paper, which is recent court decisions on wire fraud losses and where the liability lines fall. And then we’ll talk about insurance and then data security, so if you have any other topics we’re always open to those. I can triage these accordingly. But again I hope you found this information useful. Last, I’ll leave with this. One of the main themes that came out of the wire fraud conference earlier this week, is to slow down, we have to slow roll some of these decisions. And we have to read all of the information with more of a critical eye. Okay so we were unpacking, you know, countless fishing examples in the last few days to show just these little nuances of how it could have been picked up as the fraudster is coming in.

The other is we have to educate our consumers earlier in the process that wire fraud’s an issue and what to watch out for. So if you look at the court cases around the country that are either being decided or pled or in kind of the process being decided, one of the main themes is we have as an industry, and I’m talking about brokerage, title, legal, and financial services including mortgage, we have an obligation to identify this as a risk that’s on the shoulders or kind of at the doorstep of our customers. And if we don’t do that in a timely way, in a comprehensive way, that’s where that liability could ultimately shift over to one or all of us where we have to pay for the loss. So, I hope you found this helpful, I’m gonna take a few questions. I know I’m running a little bit over from what we normally do. Will a link to the presentation be distributed, we get this question every time, absolutely. You’re gonna get it I think within about three hours, so you’ll get it kinda mid-afternoon today.

Feel free to use it, train against it, whatever you’d like. What are the risks of accepting cashier’s checks? So we get this question all the time. Cashier’s checks are great, if they’re drawn on the right institution, okay. If we think wire fraud’s a problem, so if wire fraud is this big, check fraud is like this big, okay? So the challenge, if you’re in a table-funded state, and not an escrow state, is with cashier’s checks if I’m taking a cashier’s check in at closing, so I’m taking it in and I’m gonna deposit it, it’s likely not gonna clear the Federal Reserve for between three and seven days depending on where it’s drawn. That’s what we learned. It’s no different than a personal check these days. There’s no such thing as certified funds anymore. It’s the same as a starter check. So you just have to season that in your account, make sure it’s fully iron-clad clear, I mean cleared through the Federal Reserve before you wire against it. Because you know the dirty secret is I take in a check and then I wire out a few hours later, I’m not wiring funds off that check. I’m wiring funds off a check that had cleared you know yesterday or the day before, somebody else says it’s afloat, right, and it’s afloat to the tune of a ton of money every single month.

So that’s the risk. Haven’t found the ability, ’cause we’ve searched, we take so many in, and haven’t found the ability to certify the sequence, the integrity, and whether or not the check has absolute good funds. So we deposit it and we have to let it season for 10 days.

I mean so, okay Tom, that’s great but pragmatically, if we know the lender or we know the banker and they’re coming to the closing and they’re presenting the check, you’re in a much better state than if it’s coming in a mail away, or it’s coming just randomly through an overnight or an envelope or something like that. I don’t know so that’s a great question. What are the chances of recovery these days, with all the wire fraud instances? So again we have to have a little bit of empathy and grace. The FBI is inundated, this is the fastest-growing cyber crime in the US. They’re just slammed with inquiries every single day. Do not be surprised that if your fraud does not amount to, I’m gonna say, at least a million dollars, possibly two, they’re not going to prosecute the person that stole your $50000 or $250000, they just don’t have the bandwidth to do it.

Now what we found is our syndicate was responsible for over three billion in fraud attempts, over a five year period. So I was mashed into a much larger silo if you will with other victims, and that’s how we ultimately got prosecution. Desmond was sentenced last week, I think it was Friday, and from the federal bench the judge had noted that this was simply the worst that he had ever seen as far as financial crime. And actually a quote came over that said, there was just simply no lengths that they wouldn’t go to defraud people from their funds. So what I experienced and what these people are doing, they just simply won’t stop.

So again I wanna wrap up, if we have not connected let’s connect on LinkedIn, I’m constantly putting little 60, 90 second videos on topics that are trending. If you wanna reach out and talk about how we can you know guarantee the safe wire of wire transfers for incoming outgoing funds but also lower your litigation risk profile through standard email templates in your workflow, I’d love to talk about that ’cause we’re taking that to the next level right now. Until then have a safe month, I know that we’re off to spring market right now and there’s a lot more activity out there. Hopefully the refinances with rate drops will start to kick in as well. And I hope you guys stay safe and we’ll see you in May. Take care.

AUTHOR

Tom Cronkright

CEO and Co-Founder @ CertifID

Back To Top