The phone hijacking scam that robbed NeighborWorks Columbus of more than $100,000 appears to be pretty prevalent in the Atlanta area and has grown locally the past 18 months, the agency’s president said Tuesday.
“I’ve talked to other businesses who said this happened to them,” said Cathy Williams. “And I talked to the fraud department at our bank, who said they’re working on several cases.”
The money was stolen from NeighborWork’s SunTrust bank account after someone falsely identified himself as an employee and convinced the agency’s service provider to forward phone calls to a number with an Atlanta area code. The number, forwarded on Thursday, was used to authorize 12 checks over the weekend, mostly at banks in the Atlanta and Jacksonville, Fla., areas, Williams said.
But Williams said Columbus police have told her there’s not much they can do to catch the perpetrators since the employee impersonation and bank transactions all appear to have taken place outside of Columbus. Still, she believes the agency will get the money back.
“My bank would have to initiate action to recover the money from the banks that cashed the check. And the banks that cashed the check are the actual victims and that’s where the crime occurred. They will have to initiate police reports in their communities,” she said. “Part of this kind of (scam) model is that they spread the pain out across the greater Atlanta area or the greater Jacksonville area so that no one community takes a really big hit.
“So, Conyers lost $9,000, Norcross lost $6,800, Jacksonville lost the most ... about $39,000,” she said. “Now it’s going to be up to those banks and those police departments to decide whether it’s worth it to aggressively pursue and prosecute.”
On Tuesday, Williams identified her agency’s service provider as Earthlink, an Atlanta-based company. But she said discussions with other victims revealed the problems have occurred with other companies.
“The service providers, in my opinion, are allowing this to happen because they’re not verifying security information on people that are calling in and saying, ‘You know, I have a power outage. I have a gas leak. I have whatever. I need you to forward these numbers,” she said. “It’s not just Earthlink that needs to tighten up their security. It’s service providers period.”
Efforts by the Ledger-Enquirer to reach officials at Earthlink and SunTrust Bank were unsuccessful Tuesday. But Wells Fargo, which received one of the fraudulent checks at a Norcross location, issued a statement saying the case was still under investigation.
“We were able to stop payment on a NeighborWorks check deposited at an ATM in the Atlanta area that appeared to be suspicious,” said Jay Lawrence, southeast communications manager for Wells Fargo. “We have sophisticated ways to detect this type of activity and work hard to prevent it. We are investigating further and cooperating with police.”
Williams said the 12 checks cashed ranged from about $4,000 to $14,000. She said the agency found out Tuesday that someone cashed a NeighborWorks counterfeit check as early as June 21 to test the system. She said banks that authorized the transactions called the forwarded number and were given permission to cash the checks by someone who falsely identified themselves as David Fox, a NeighborWorks employee. She said only three people are listed on the SunTrust account as having the authority to authorize checks, and Fox is not one of them.
“On our account we have signature cards and those people on the signature cards are the only people authorized to make any changes to our account or to authorize any transactions,” she said. “All of our checks require two signatures.”
Leonard Crain, president and chief executive officer of the Better Business Bureau in Columbus, said phone fraud goes all the way back to party lines and people are coming up with new scams every day.
“Criminals are very knowledgeable about how you do things in regards to capturing or hijacking either cable lines or telephone lines, those kind of things,” he said. “We see it from time to time, but it’s more prevalent actually on the Internet now than the hijacking of phone service systems.”
Crain said large retail organizations, banking institutions and government organizations like the Pentagon have all been hacked. Even the Better Business Bureau has been spoofed, he said.
“About the best you can do — it doesn’t matter whether you are a non-profit or a for-profit organization — is just to be sure you have a lot of confidence in your technical folks and those folks that provide those services for you,” he said. “And make sure those services are encrypted, password protected, and internally there are only a few folks that can make any authorizations.”