more-arw search

Q&A Forum

New bank scam/malware exploit

This is a new twist on a tried and true method of scamming businesses and individuals. And its being very successful. I just had my Controller sit down with all that have access to the company's accounts (whether read-only or not) to discuss this article. Lesson-learned here is a) never give out your password to anyone, period and b) never give the token info (seed value) and lastly c) never ever give them together! Given the increase of banking fraud, I have moved the client to a piece-meal bank reconciliation schedule (depending on activity, daily but no less than weekly). This has two effects, 1) we can catch fraud quickly and stop its activity and 2) the month-end reconciliation is basically done, more accurately and saves time. Based on your technology, accuracy and time savings will vary (this accounting system doesn't interact with the bank, so we have to do it more on the old fashion way then the new fangled way).


Topic Expert
Christie Jahn
Title: CFO
Company: Prime Investments & Development
(CFO, Prime Investments & Development) |

I just shared with my team as well after reading this yesterday. We also have our IT looking into further safeguards. Scary thought but I'm thankful for articles like this to give us a heads up and what to look for!

John P. Hart
Title: Vice Pres - CFO
Company: Nova Pressroom Products, LLC
(Vice Pres - CFO, Nova Pressroom Products, LLC) |

Thanks Wayne! I got an email to a personal account a couple of days ago that had the file attachment. For sure, I didn't open it.

Can't imagine anyone would give username, password and token info via a phone call, but it is all a numbers game.

Topic Expert
Wayne Spivak
Title: President & CFO
LinkedIn Profile
(President & CFO, |

People are still getting caught by the "I was on vacation and lost all my money and am trapped. Please wire me money" scam...

Wasn't it PT Barnum who said a "sucker is born everyday!"?

Topic Expert
Christie Jahn
Title: CFO
Company: Prime Investments & Development
(CFO, Prime Investments & Development) |

From what I read, they have the exact script down that the real bank would use when calling. I have two other associates with bank access. I would hope they wouldn't give out that information, however this has become a concern because people are. I think it's always good to revisit security practices often.

Sara Voight
Title: Controller
Company: Critical Signal Technologies, Inc
(Controller, Critical Signal Technologies, Inc) |

Our banking relationship is such that I only receive calls from one of a handful of known people all associated with my account. I only receive a call from an unknown if I am trying to initiate a wire (which we have chosen not to have set up on our online banking system, as it is such a rare occurence).

That said, I recall being at Kmart and one of my staffers came to me crying after she gave out her log on information down to the key questions and they took her through to locate her IP address. She didn't realize it was a scam until she was complaining about the inconvenience to a group of friends at the office. I would like to think I would never do such a thing, but I can think of times I have made silly mistakes that I am very embarrased about.


Get Free Membership

By signing up, you will receive emails from Proformative regarding Proformative programs, events, community news and activity. You can withdraw your consent at any time. Contact Us.

Business Exchange

Browse the Business Exchange to find information, resources and peer reviews to help you select the right solution for your business.

Learn more

Contribute to Community

If you’re interested in learning more about contributing to your Proformative community, we have many ways for you to get involved. Please email [email protected] to learn more about becoming a speaker or contributing to the blogs/Q&A Forum.