Join Now

Want news that’s as fresh as your morning coffee? Join our community and stay in the know!

How an Ex-Mastercard Exec Was Nearly Scammed of $100,000

Date:

Share:

It can happen to anyone, it seems. Even those who work in the finance industry.

A former Mastercard executive told Business Insider she nearly lost $100,000 to an account takeover scam last year.

Catherine Woneis, former vice president of CipherTrace, a service owned by MasterCard that helps secure crypto transactions, says she almost lost most of her life savings after scammers accessed her real-estate agent’s email.

Account takeover fraud is when scammers gain access to your social media, email, banking, or other personal accounts. Criminals usually gain access to accounts with stolen credentials that they purchase through the dark web or social engineering tactics that trick you into sharing your password, Woneis said. They then use these accounts to siphon away your hard-earned cash.

The number of known account takeover scams grew by 354% year over year in 2023, resulting in $13 billion in losses, according to AI fraud detection service Sift Science.

In Woneis’s case, Scammers accessed her real-estate agent’s email using “credential stuffing,” a tactic that uses AI bots to try every possible username and password until they fall on the correct answer.

The fraudsters used information found in emails about Woneis’s transactions to impersonate the title company for her home. The fake title company then emailed Woneis, asking for an “accelerated” payment.

“This is a very typical thing that criminals use in frauds: They try to implement some time piece,” Woneis said.

Woneis said she checked to see if the email address was real and noticed it was appended with another address, but she assumed it was part of the company’s automated email system.

“They sent me wire instructions that perfectly mimicked the wire instructions from the title company. They had an example of what that looked like,” Woneis said. “It was the exact same typography, the exact same letterhead, and everything else.”

The only differences from the real wire instructions were a fake phone number and email, along with incorrect bank information. Woneis said she thankfully called the phone number she originally received from the title company, who informed her the bank account information was incorrect on the form.

“Had I been in a rush and called the phone number on the form, that would have been them, and they would have pretended to be the real estate company saying, ‘Yes this is authentic, and it’s come from us,'” she said. “We could have potentially been caught in wire fraud.”

Woneis said she would have lost about $100,000 if the transaction went through.

Woneis now works for a cybersecurity company called Fingerprint, which she says is developing tools to combat the rise of account takeovers. Some of the keys to fighting this kind of fraud are algorithms that can determine where a website visitor is located (if they’re using a VPN) and systems to identify when bots are trying to access a website through brute force, Woneis said.

If you think any of your accounts may be compromised, Woneis says to quickly change all of your usernames and passwords, set up two-factor authentication for any sensitive accounts, and report any fraud to the FTC fraud reporting website.

Unmatched Baby Essentials

baby

━ more like this

DOGE’s death blow to education studies

A virtual wrecking ball took aim last Monday at the relatively small, wonky corner of the Department of Education that I write about every week:...

Humanities education is in trouble in the state of Florida. We need a shift in culture

I’ve always known my educational goals: enroll in college as a humanities major, explore the literature I love and eventually attend law school. I’m...

Pentagon moves to take back troops booted for refusing COVID vaccine

The Defense Department has told the military services to reach out once again to service members who were forced out or voluntarily left the...

Black Hawk crew in DC crash may have missed key air traffic messages

A U.S. Army Black Hawk crew may not have heard critical air traffic control messages instructing it to fly behind the commercial regional jet...

Pentagon officials are bracing for Musk’s DOGE

Few would deny that the Defense Department, with its $886 billion budget and byzantine ways, could be run more efficiently. Many have called for...

LEAVE A REPLY

Please enter your comment!
Please enter your name here