Jardine: Overseas thieves do in direct deposit

E-Mail

Comments (0)

Text Size:

tool goes here

Until recently, David Johnston's 30 or so employees received their paychecks via direct deposit, saving them a trip to the bank.

Now, they're handed an old-fashioned printed check and must deposit it themselves.

Isn't that sort of a backward step in this high-tech age?

Modesto Bee - At left Abel Magallon, manager of MacDonald Screen Print, a division of Sign Designs, Inc. goes over with David Johnston, president of Sign Designs Inc., a vinyl graphic job. Johnston and his company was a victim of internet fraud to the amount of $99,000 in July and has been working to get that money back. (DEBBIE NODA/dnoda@modbee.com)

Certainly, said Johnston, owner of Sign Designs in Modesto. But after cybercrooks in Ukraine pilfered $99,953 from his company's bank account, he said it's the safest way to protect his employees' and his business's interests.

"It's bank robbery, 2009," Johnston said.

The big question is, who's responsible for the security breach that allowed the money to flow from the company's accounts?

First, the basics of this caper.

Computers have made the criminals' jobs that much easier. Why burst into a bank, guns drawn, when they can hack into someone's account half a world away and achieve the same result without leaving their apartment in Kiev or wherever?

Internet security is big business in its own right, but security providers, for the most part, can react to new viruses, threats and breaches only after — and because — someone was hit. Predicting the next move of some highly intelligent deviant is a guessing game at best.

In Sign Designs' case, someone compromised the company's account with Bank of Stockton. Using malicious software known as malware — mal means bad — the thieves managed to obtain Sign Designs' passwords and other vital security information. They used the information to create what appeared to be legitimate transaction instructions that were accepted by the bank and the multitiered money distribution network known as the Automated Clearing House. They made 17 withdrawals July 23, sending the money to

17 accounts established elsewhere by "mules."

The individual transactions ranged from $1,490 to $29,900.

In 11 of the transactions, all involving accounts at the same Ohio-based bank, Johnston believes the money was converted into prepaid debit cards. The mules then would go to ATMs, drain the cards of their balances and wire the money to their contacts in Ukraine.

These mules are real people, some of whom were unwitting accomplices. Others, Johnston suspects, knew exactly their role in the scam. They were supposed to keep 8 percent of each transaction as their commission, he said.

Washington Post Internet security reporter Brian Krebs contacted some of the mules, who originally had been hired by the crooks through legitimate job search Web sites such as Careerbuilder.com. Initially, they edited tax files, Krebs reported. Later, these people were elevated to become "local agents," but had to provide a bank account to do so because they would have to manage money transfers.

Boy, did they ever.

One of them told Krebs she recognized the scam after discovering a deposit of $9,810 into her account — money stolen from Sign Designs. Her so-called bosses wanted her to forward the money to their account in Ukraine. But she left it in the account instead, and Johnston's bank was able to retrieve the money and restore it to his account.

M ichael Savelli, Bank of Stockton's chief administrative officer, said the bank recovered the $29,900 transaction because the mule gave the crooks the wrong bank routing number and the system rejected the transfer.

Some other funds have been recovered as well, but Johnston said he is still out about $56,000. The bank and Johnston contacted the FBI, and Savelli said an agent is aware of roughly 120 similar cases across the country.