The first Secret Crime Fighter that we are celebrating discovered an investment scam that also involved social engineering, identity theft, authorised push payment fraud and international money laundering. We think this is relevant for any financial product that allows digital onboarding, bank transfers and international payments. Let’s take a look at how the crime was carried out…

‍

The Typology

Social Engineering

The criminals contacted their victims, offering an investment product with one of the high street banks. Victims in both the US and UK were targeted, and most of the victims were in their 40s. When the victims were interested in the so-called investment product, the criminals requested personal information in order to open the investment product account.

‍

Identity Theft

Using the victims’ personal information, the criminals opened accounts with our Crime Fighter’s company, in the names of their victims.

‍

Authorised Push Payment Fraud

Once the accounts were set up, the victims themselves moved money from their own accounts into these new accounts that carried their names, but which they did not have access to. This made it particularly hard for our Crime Fighter to spot the suspicious transactions - a new account was opened, and it received money from another account in the customer's name.

‍

The amounts that were transferred ranged from £20k-£30k.

‍

International Money Laundering

Once the money was in the new account - the so called investment product - the money was moved abroad. The most common destination for the money was Thailand.

‍

Iterations

As our Crime Fighter identified and started to understand the typology, the criminals adapted their approach to get around the new controls.

‍

As part of their customer due diligence process, our Crime Fighter started to call customers to verify that they were the ones opening the account. To get around this control, the criminals prepped the victims that they might receive a call from a company enquiring about their account, and that this company was enabling the transfer of money to the investment product. The victims were told to confirm that the account was being correctly set up.

‍

Stopping the Typology

Our Crime Fighter introduced facial recognition with a liveness check at onboarding. This control stops criminals being able to carry out identity theft.

‍

They also introduced a series of new transaction monitoring rules that flagged the key elements of this typology - inbound transactions of £20-30k, outbound transactions to Thailand, and customers in their 40s.

‍

Thanks for reading our latest Secret Crime Fighters newsletter. If you have an interesting typology that you’d like to share, we’d love to hear about it! Please email us at [email protected].