Cybercriminals put new twist on old ruses

Cybercriminals put new twist on old ruses

Types of threats and criminal activity are continually evolving.

March 27, 2019

Getting ahead of “tough to catch” financial criminals means being aware that creative crooks may repeat old ruses even as they devise new ways to misuse evolving technology.

Detective Mark Solomon tracks both types of activity for the Greenwich (Conn.) Police Department. He also remains active in the International Association of Financial Crimes Investigators, the CT Financial Crimes Task Force, and the ATM Skimming Intelligence Network, which he helped found.

Building on relationships

Financial criminals are aware of the deep, “family-type” relationships that credit unions build with members, Solomon says. They attempt to twist those relationships to persuade members to divulge sensitive information or hand over assets.

Solomon has seen financial crimes evolve throughout his career, which he began as a patrol officer before moving on to the detective division and a focus on financial crimes.

Solomon pursues cases where people are exploited through misuse of technology or by falling for phishing emails or other scams.

“This is a constantly evolving type of crime and criminal activity,” Solomon says.

Mark Solomon

‘If we don’t take these types of complex crimes seriously, there’s going to be significant losses to both our members and credit unions.’

Mark Solomon

Growing activity

There are four types of cybercrimes are currently rising rapidly, Solomon says. They include:

  1. Phishing based on spoofed emails and spoofed websites, often in combination with telemarketing calls and text messages.
  2. Skimming credit card data. Delaying liability for magnetic stripe technology until 2020 on automated fuel dispensers gives criminals more time to steal magnetic stripe information before chip-based technology takes over and makes it more difficult.
  3. Impersonating members based on counterfeit identification. Criminals use fake identification to open new accounts in person or use technology for remote attempts to impersonate members and get new credit cards or access accounts.
  4. Hacking attacks on credit union databases.

Solomon added that big losses of as much as $100,000 or more can be tracked to two types of tactics:

  1. Business email compromises (BEC), where criminals either hack your email or create a “spoofed email” to persuade employees or business partners to release funds or disclose sensitive information. Common targets are CEOs, chief financial officers, attorneys who handle real estate closings, and accounting staff at companies that use subcontractors. These scams seek to persuade employees or other trusted agents to authorize wire transfers for large amounts to the wrong accounts.
  2. ATM malware, also known as “jackpotting.” Criminals break into an ATM and then either infect existing ATM software or swap out the hard drive for another hard drive preloaded with malware. When they reboot the ATM, it disburses all the cash stored in the machine within 30 to 90 minutes.

Education matters


Solomon will address the CUNA Cybersecurity Conference with NASCUS, June 10-12, in Austin, Texas.

Local and regional law enforcement agencies are training officers to handle these complex crimes because of the pure volume of cases that federal agencies are already dealing with. Law enforcement agencies are pooling their resources and creating task forces on the local, state, and federal level to address high-tech cybercrimes.

As more private and public groups address financial crimes, Solomon says sharing resources and information is critical. Credit unions must also continue to educate employees and members.

“If we don’t take these types of complex crimes seriously, there’s going to be significant losses to both our members and credit unions,” Solomon says.