Security Spotlight: A corporate tax scam, traveling serial bandit, and more!

Welcome to the February Issue of the Security Spotlight

Barry Thompson's Monthly Security Tip

The Tax Scams Cometh

Tax documents have been sent out and the 2018 tax season is officially open. Your employees and customers are eager to file returns in anticipation of refunds. Criminals are just as eager to take advantage of unwitting taxpayers. It's a good time to remind them that the IRS will never contact them by phone or email with threats or promises of a quick refund if they clink on a link or provide them with personal data. The IRS issued a warning earlier this month to employers about a tax-related phishing scam wherein cybercriminals send emails pretending to be executives requesting copies of W-2 forms for employees and con payroll or human resource personnel into disclosing payroll information. The criminals use the information to file fraudulent tax returns or sell the data on the dark Web. Pass this warning on to your institution's corporate office and to your commercial accountholders.

Most Wanted

Traveling bearded bandit...The FBI is on the hunt for a serial bank robber who changes his location and his disguise to evade capture. The suspect is in his mid- to late 30s, about 5'11" to 6'2" tall, around 180 to 240 pounds, with a medium build, brown eyes and hair, and a light complexion. He wears glasses and often changes the color of his beard, earning him the moniker "Chameleon Beard Bandit." The suspect's crime spree began on September 29, 2017 when he held up a Bank of America branch in Durham, NC. From there he traveled to London, KY, and robbed the 1st Trust Bank on October 13. The following month, he hit the Virginia Commonwealth Bank in Henrico, VA, on November 14. A few days later, he was back in North Carolina and robbed another Bank of America branch in Greensboro on November 17. He traveled to Virginia again in December and held up a Wells Fargo Bank in Roanoke on December 12. Leaving the East Coast, he headed to the South-Central region of the country for his latest heist at a Chase Bank branch in Longview, TX on January 5. The traveling bearded bandit produced demand notes and either displayed a gun or threatened to have a gun during the robberies.

The FBI is offering a $10,000 reward for information leading to the arrest and conviction of the Chameleon Beard Bandit. Anyone with information should contact the Richmond FBI's Central Virginia Violent Crimes Task Force at 804-261-1044.

Check our Bank Robbery page for photos and information on the latest unknown bank bandits, many of them with sunglasses, hats or other head and facial coverings disguising their identity. Enforcing a no hats, hoods and sunglasses policy can help reduce the number of bandits who target your bank. Purchase No Hat Cling signs for all of your branches from the Banker Store.

Hot Topics from the Bankers Forums

You'll find security-related discussions covering sensitive topics in our Private Security forum, where bankers discuss issues out of public view. Discussions last month included who gets the money when an ID thief opens a bogus account and it's detected, why you should remove cameras that don't work, and reducing risk by splitting up vault cash. There's also a private forum that invites participation by bankers, regulators and members of law enforcement.

If you have a sensitive question you'd like to get input on, post it now in one of the private forums. If you're a registered user of BOL's Discussion Forums, but don't see the Private - Financial Institution Personnel Only forums near the top of the Forums list, use your bank email address to send an access request to brenda@bankersonline.com. Once your request is approved, you can access the Private Security forum here. If you have a non-sensitive question or topic to share, you can post it for discussion in our Public Security forum.

CrimeDex Alerts

Frigid temperatures don't slow down criminals —
News stories of record cold weather across most of the United States may have kept many honest people close to home in January, but criminals and scam artists kept CrimeDex users busy posting alerts, asking for information, and otherwise fighting to put felons away or hinder their activities. Over 400 CrimeDex alerts found our inbox last month, featuring account takeovers, cloned cards, a phony private investigator, identity theft, counterfeit checks ... the list never seems to get shorter. Here are some of alerts that caught our eye last month:

• Florida's Office of Agricultural Law Enforcement sent a nationwide alert on a woman posing as a private investigator offering to recover victims' funds following timeshare resale scams.
• Santander Bank sought help identifying suspects in surveillance photos (we congratulate the bank on its camera angles) in two separate cases. The suspects are allegedly involved in ID theft and account takeovers.
• A New Jersey detective posted an alert concerning losses from a $165,000 counterfeit check apparently drawn on TD Bank, payable to an unknown trucking company, and negotiated at a BB&T location. The detective asked other agencies working cases involving the trucking company to contact him.
• A January 2 alert from the Secret Service with the subject line "ATM Skimming Motorcycle Bandit" caught our eye. The alert carried several photos of the alleged "bandit" riding up on his Honda, affixing a skimming device and speeding away. Diebold Optiva 750 ATMs in Kansas and Iowa were the suspect's targets in June, August and December of 2017. The post includes a detailed description of the bike used.
• A new Jersey credit union asked for help identifying a suspect in an account takeover involving a debit card mailed shortly after the address and phone number on the account was changed from New Jersey to Florida. This incident should serve to remind readers that a new card request on the heels of an address and/or phone number change should raise all sorts of "red flags" for identity theft and account takeover.
• U.S. Postal Inspectors sought help locating a known criminal involved in mail theft and alteration and negotiation of stolen checks.
• Orlando, Florida, police posted a list of four Orlando addresses being used in a "Jamaican lottery" scheme targeting elderly victims who are persuaded to send prepaid cards for "advance fees." A follow-up alert added the names of six persons of interest in the fraud, and a request for replies if any active accounts are found in those names.

BOL CrimeDex subscribers use their subscriptions to identify suspects in surveillance images, gather information they can use in prosecuting thieves and scammers, and learn about criminals and scams in their area. They also pick up information they can use in their security training sessions. If you have access to our private forums, you can find instructions on how to sign up for CrimeDex alerts as a BOL Group member in the second thread of the "Private - FI Personnel Only" forum.

Facebook Blog

Throughout the month, we share news-related incidents on Facebook that can be informative examples for training employees on security issues and more. August was a busy month for Security Officers, unfortunately, providing a lot of news for us to share. Visit our BOL Facebook page to catch up on all the latest news. The headlines were full of stories on bank robberies, counterfeit cash, embezzlement and more of what keeps you up at night and gets you out of bed in the morning. We have some great security news this month. If you missed it, look for the November dates, and here are a few highlights:

• Last month's posts started off on January 3 with a man who robbed two banks, firing a shot in one robbery and laying his weapon down on the teller counter during the other heist.
• We posted about another robbery on January 7, during which shots were fired but thankfully no one was injured, and the shooter was caught.
• In another incident involving shots fired we shared on January 8, the volatility of an 18-year-old robber who jumped the teller counter brandishing a semi-automatic handgun was a recipe for disaster.
• On January 10, we linked to the story of another robbery with a counter-jumper, which undoubtedly heightens the fear for bank staff who feel more exposed and at risk of harm.
• Our January 12 post is a reminder for bank staff and your customers that early tax filers are less at risk of identity theft.
• We shared a story on January 16 about an 80-year-old man who robbed a bank, but surprisingly it wasn't his age that led to his capture.
• In another robbery story shared on January 16, a GPS tracker placed in the stolen cash was a factor in the unknown suspect's apprehension.
• Want some tips on detecting counterfeit bills? Check out our January 18 post with the $100 bill showing for some tips you can pass on to your tellers, and to your commercial depositors dealing in cash.
• Remember the 80-year-old robber we mentioned earlier? Check out our January 24 post, which is a follow-up on a previous story we shared about an 86-year-old woman who has been sentenced for armed bank robbery.
• Other noteworthy posts last month included a robber who left his car keys on the teller counter, a case of DNA leading to the identity of a robber, an ATM thief who used a bomb, a hostage situation, and the story of a K-9 officer who didn't need GPS to track a bandit.

Check out these and all our Facebook posts. And check back throughout the month for new posts. Be sure to "Like" the articles so we can continue to post more articles of interest to you. Share our page with your fellow Security Officers and bankers, and ask them to "Like" us so they, too, can keep current on the latest news!