The Inside Story of Fraud Perpetrated Against Aerofund Financial
Many factoring companies have been victims of fraud, but that is a poor comfort when fraud occurs. Stephen Troy of AeroFund Financial shared his company’s experience with a recent cyber fraud and his thoughts on this growing threat to the industry.
BY PHIL NEUFFER
One Monday morning in June, Stephen Troy was greeted by a situation every business owner fears, especially those who provide capital. The president and CEO of AeroFund Financial, a factoring company based in San Jose, CA, was alerted to a fraud perpetrated against his company.
The fraud appeared to occur the previous Friday, as a wire that was meant to be sent to a client never came through. In the factoring industry, timing is important and missing a transfer of funds can be detrimental, so Troy and his team immediately investigated after receiving a call from the client. Once they had all the information in front of them, one of AeroFund Financial’s account executives saw that the client’s listed bank account was not for a bank in California where the client is based, but was inaccurately connected to an Alabama bank account.
“They changed the bank information template for some of our customers in FactorSoft, along with logging into our bank and changing the template at the bank as well,” Troy says. “So when money was sent in the morning to our clients, it went to the hacker’s bank account and not to our client’s bank account.”
As Troy and his team continued to investigate, they found that a similar change of bank accounts had occurred with three other clients.
“It was easy for us to notice that the bank account had changed,” Troy says. “From there, we went back a few days and checked all the other wires that went out looking for anomalies and other changes. Eventually we had to go through every single account to check the bank information against what we had in the client’s original file.”
After identifying the issues at hand, Troy and his team then tried to recoup as much of the lost funds as they could and freeze any pending outgoing funds before they were gone forever. Although the company was unable to avoid all losses, AeroFund caught $13,000 that “was ready to go” and worked with its bank to recover $61,000 for a total recovery of $82,000 taken via the bank account switching scheme. Troy also notes that the bank contacted the FBI, which opened an investigation and immediately helped him and his team lock down the hackers’ bank accounts.
FINDING THE CAUSE
In the meantime, Troy and his colleagues continued their own internal investigation. The fraud had been identified and mitigated as best it could, but the question remained: How did this happen?
“At first, we hated to think this might be internal. An employee, a disgruntled ex-employee or even someone who worked for ProfitStars or FactorSoft. Whoever did this knew too much about our systems,” Troy says. “It turned out it was none of that.”
In tracing back to the root of the fraud, Troy says they determined that the main culprit was a phishing scam email opened six weeks earlier that placed keylogging spyware on a computer desktop in the office. The email in question masqueraded as a correspondence from a customer and was sent to an account executive at AeroFund, and not just any account executive, but one with senior system authority. The email indicated that it included a cash receipt journal, which Troy says is a common document the company sends to its customers. Thinking the customer might have a question about the receipt, the account executive clicked through and unknowingly allowed entrance of spyware into AeroFund’s system.
“They were able to watch her keystrokes for about six weeks, everything she did. Going through FactorSoft, logging onto the bank, watching what screens she went through. They were able to see our process, how money is transferred from our bank, all the while saving passwords that were involved,” Troy says. “They were able to navigate all the screens and know what keys to push to make changes so when we made a transfer of money it went to their bank. Our IT staff said they could have easily written a script to repeat the account executive’s work the previous day, replacing the banking information and contact emails.”
A GROWING THREAT
Fraud is not a new development in the factoring industry. In fact, it is a marketplace rife with such wrongdoing.
“Factors for decades have been defrauded, but it’s usually by their customers who provide invoices and shipping documents that are defective,” Troy says. “We try to have a good relationship with our clients, and we want to give them as much trust as we can, and some just aren’t good actors and they’ll defraud us.”
As Troy notes, perpetrators of fraud in the factoring industry traditionally deal in fake invoices and phony companies to carry out schemes. Troy believes that the fraud at his company indicates a rising threat for the factoring industry as a whole.
“They’ve actually come into our company,” Troy says. “It’s a different fraud we have to worry about that’s out there now.”
Troy says factoring companies make for logical targets for this more modern type of fraud because of the volume and size of the transactions they conduct each day.
“We transferred tens of thousands of dollars, hundreds of thousands of dollars, on a regular basis, and we probably have less sophisticated cyber security than major banks do, or even small banks for that matter,” Troy says. “I think hackers are starting to look at companies like ours. Whether you’re a factor with two people operating a backroom or have a hundred-person operation, you’re sending out large sums of money each day, and that’s attractive to fraudsters.”
ENHANCED SECURITY REQUIRED
The risk of fraud is especially high for those who do not or cannot put a premium on security, particularly smaller companies that may outsource security systems to cut costs to better compete in the marketplace.
“I think this was a wakeup call for independent companies that concentrate so much on trying to stay alive, make a profit and service their customers. Security tends to get pushed down the list,” Troy says. “A company that’s small usually outsources their IT and they probably think what they got out of the box [is] sufficient. Companies like ours, who are smaller independent companies, are more of a mark. It’s not like we have an IT person that’s in charge of security inside an organization checking cyberattacks every day. We had two virus protection software programs on our computers and servers which update and scan every day and that didn’t catch this malware. We had to run three other programs before we found this and all of the other malware hiding on our systems.”
But what should a company do to protect itself against this type of cyber fraud? Troy believes security tokens are the key, both literally and figuratively.
“We can probably stop this through tokens, where in order to get into certain screens, you have a separate token that gives you a code to enter to get in,” Troy says, noting that his company has considered two-factor authentication systems as well. “I think tokens might be the only thing that could possibly prevent this. We thought of two-factor authentication, which is popular with banks, but when hackers changed the bank accounts in our system, they changed the contact emails as well. You really can’t let up on security now.”
Troy’s emphasis on continued security vigilance comes from the belief that this type of fraud is only going to happen more frequently, especially in the factoring industry. In conversations with his IT company, Troy discovered that attacks on his system are happening around the clock and not letting up anytime soon.
“Phishing scams are getting more and more sophisticated,” Troy says. “These hackers are probably trying to get back in right now since they now know we clear the computers out and what they did worked.” •