« California journalist defending anonymity of commenters on his blog | Main | FTC Affirms Consumer Rights Under "Holder" Rule »

Friday, May 11, 2012


Baarr Suvo

Institutions also are more likely to fall victim to social engineering schemes that target branch and call center staff as they undergo conversions linked to acquisitions. "Any time there is a change event, like an acquisition, there is opportunity for a fraudster to exploit a weakness," Speare says.
For M&T, the change event that proved fortuitous for fraudsters came in May 2011, when M&T acquired Wilmington Trust Corp. "We did not see anything significant, but we did see an uptick," Speare says. "You have acquired customers being migrated over, usually over a weekend, and the bad guys know that's going to occur. So they will attempt to hit you on the day that conversion is going on. There is a website which give you the information about your plan, here it is http://callnotes.org"
Fraudsters call in to have an account opened or some credential changed, knowing call-center staff won't be able to fully verify all the details until a few days after the conversion is complete. "The employee is trying to be helpful, so they sometimes end up giving out information they shouldn't or they set up accounts or make changes based on information provided by those who are not the actual accountholders," Speare says.

The comments to this entry are closed.