Footprint selected by Money2020 as one of top 7 fintechs at 2024 conference. Read more
Back
Peter Sweeney
Peter Sweeney

Not Fraud Advice

September 11, 2024

4 min. read

How People Commit Wire Fraud and How to Protect Your Company

I want to introduce you to a new series we are running: THIS IS NOT FRAUD ADVICE.

Through conversations with customers and users, we have found that "fraud" is a very broad term, and can come in many shapes and sizes. We want to dedicate space to explain different types of fraud and exactly how people commit each type.

We want this to be tactical, informative and entertaining. But we want to make something very clear: this is not fraud advice.

Wire Transfer Fraud

Let’s say you are a clever (or think you are clever) 20-year-old who has spent the past two years watching too many Andrew Tate videos. You are committed to getting rich on the internet, just like all of your idols.

You find yourself in a Telegram group where they are discussing how to make free money. You want to take a whirl and make some for yourself. Here is what you are going to do:

  1. Stolen Identity
    1. First things first, you need a stolen identity. The good news is, supply is up thanks to breach number 1, breach number 2 and breach number 3. Mega companies like Dell, Ascension Hospital and AT&T were compromised and over 100 million people’s personal identity information was affected. These are 100 million new stolen identities floating around the web waiting to be purchased. All of these breaches were disclosed over the last 3 months.
      1. Side note—wouldn’t it be great if the companies that had your data protected it? In maybe secure, memory-gapped compute environments called Nitro Enclaves?
    2. You don’t have much cash, but the good news is that full stolen identities (with all associated information), dubbed “Fullz” are selling on major dark web marketplaces for just $40. It is like a pack of trading cards! But just fake identities. You send over some crypto and you are good to go (after the 20% gas fee because crypto is #thefuture).
  2. Fake ID
    1. You are looking to open a bank account with your new identity and you know you are probably going to need a driver’s license. Good news is this isn’t too tough either!
    2. You head over to one of many online tools that can get you pictures of fake licenses and search for the state of your choice. Pop in your new identity information, pay $8.99 in crypto (#thefutureofmoney #stillearly) and you have your new DL photos. There are even 20+ options of beds/tables the fake DL can be placed on that you can upload. This way it looks like you took a photo of it yourself!
      1. Side note: this is why a cutting-edge company called Footprint does not permit photo uploads—they can increase fraud by as much as 50%
  3. Open your account
    1. You do some digging on Reddit to decide which banks have particularly easy to spoof onboarding. It is likely one using a KYC tool that really is just a backend API (IYKYK)
      1. You likely type in your fake information at a different speed than your own information. Which makes sense—you don’t know it by heart. Detecting that difference in key typing confidence is a great tool, that a company called Footprint uses with KYC to detect possible fraud. Backend APIs could never.
    2. You land on Acme Bank (purely illustrative, if you wanna do it, you gotta pick your target yourself, but again, this is ABSOLUTELY NOT FRAUD ADVICE)
    3. When you input your info to the bank, they have a tool (likely the backend API mentioned above) that is just taking this SSN and making sure it exists in the major databases like Experian, Lexis Nexis, etc. Because this is a real SSN that you purchased that matches all other identity info, this “KYC” won’t do a whole lot.
    4. There is a chance you are asked to submit a picture of that driver’s license I mentioned. If so, you are going to go ahead and upload the front and back that you bought. Good news is that it has a barcode that really scans to all this info, so you’ll be good there.
      1. Side note: Again, not advice, but if I were you, I would target a bank not using Footprint. We are running a bunch of checks that would likely catch you before you reach this point, but even if you make it all the way to submitting your ID, we launch the flow in the app clip and get an attestation from Apple or Google that it is your phone’s camera taking the picture (so you are going to need to actually print out the ID). And even if you printed it out, we have ML models that have been trained to detect even the slightest tampering and we can check with the DMVs to see if the information on the driver’s license is legit
  4. Bang, you are in
    1. First thing you do is fund your account. Safest bet here is probably just scam someone into sending you cash with a nice AI generated phising attack.
    2. At this point, banks typically over you a line of credit. Yes, please.
    3. You now have a line of credit in someone else’s name. You are going to go ahead on wire out some cash!
    4. Here you have a couple of options: you can pop back into your Telegram chat and find some mules, who you can wire cash to and they will wire cash to different accounts before returning it to you for a fee. Or, if you are keeping it relatively small scale, you can go ahead and wire it to a another P2P account that you open with a new email and then convert to crypto and shoot over to your crypto wallet

OPTIONAL STEP: If you want, you can be extra sure you are good by buying an ID printer, like this one available on Amazon and print your new ID onto a physical card. We gave it a whirl:

You are then good to go, probably about $5k richer and the bank is left holding the bag (not to mention the poor person whose credit you probably just wrecked.)

If you run some type of fintech, financial institution or really anything that helps facilitate the flow of funds or store sensitive data, and this made you shiver a little bit, we would love to chat! I think we can be helpful.

Ready to start?

If you're looking to onboard customers quickly and securely store their sensitive data, we'd love to help. Schedule a call, reach out by email or stay up to date with the latest updates by following us on LinkedIn and X.

Penguin

Subscribe to our newsletter

Receive updates on new blog posts & investor updates