Scott Augenbaum was an FBI agent when he decided to join a new division of the agency, focusing on a specific wave of crime. Peers told him the work was needed but wouldn’t be necessary for long.
Welcome to the cyber division.
“All my friends made fun of me in 2003,” Augenbaum said. “They said the cyber crime problem would go away by 2006, and it would be solved by technology.”
Phishing, Fraud & Firewalls: Safeguarding Your Business Against Fraud. Jeff Taylor, Regions’ head of Commercial Fraud Forensics
Instead, 22 years later, Augenbaum is still fighting cybercrime as a post-FBI career author and expert. He recently joined Regions Bank’s Jeff Taylor and Mary Beth Coke in Atlanta for a breakfast discussion with local Commercial, Consumer and Private Wealth clients to discuss the latest fraud prevention efforts.
“Phishing, Fraud & Firewalls: Safeguarding Your Business Against Fraud,” produced nearly an hour of interactive dialogue led by Taylor, Regions’ head of Commercial Fraud Forensics.
We’re here because we face the common threat, fraud. Fraud is something that affects all of us. Mary Beth Coke, the Atlanta market executive for Regions
Despite what Augenbaum’s FBI peers believed, cyber fraud is bigger than ever, producing $16 billion in reported losses in 2024. Because of Atlanta’s stature as an international marketplace, it ranks among the top cities criminals target.
“We’re here because we face the common threat, fraud,” said Coke, the Atlanta market executive for Regions, kicking the event off. “Fraud is something that affects all of us.”
But, according to both Taylor and Augenbaum, 90 percent of cyber crimes could be easily prevented. The best way to protect yourself? Understand the threats.
Start with Social Engineering
“So many of these attacks occur through phishing emails and phishing texts that we receive,” Taylor said. For example, “Who has received the toll scam (text) from a state you’ve actually not even been in the last few years?”
By responding, by providing information when requested, you’re providing scammers with personal information they can exploit. But one also has to be careful with what they put out in the world of social media, too.
Scammers will take “information posted on social media sites to become even more believable,” Taylor cautioned. “So, when you get a call from what looks like a trusted partner – it could be (posing) as your bank, your financial advisor or your doctor – all this information is pulled together.”
Fraudsters are baiting you, whether the payoff is small or huge.
“I always encourage clients: share this information with your family members – not only older members but younger family members, because they live on their devices and are just as susceptible to these kinds of messages.”
Everyone is a Target
It doesn’t matter about the size of your business or organization. Criminals don’t care.
“None of my victims ever expected to be a victim,” Augenbaum said. “They ask, ‘Why would anyone target me? I’m a nonprofit, for goodness sake.’
“But I’ve seen churches victimized, small businesses and senior citizens – even kids becoming victimized by sex extortion. Cyber criminals do not care who you are. They want access to your stuff.”
Financial institutions are here to help. But that’s not enough.
“As a bank, we’re going to do everything within our power to try to recover your funds,” Taylor said. “But we’re not always successful. Once money moves offshore or into cryptocurrency, it’s almost impossible to retrieve.”
Pig Butchering and Romance Scams
“Pig butchering – it’s a horrible term,” Augenbaum said. “That’s what they call a cryptocurrency/romance/investment scam, and it’s happening.”
Augenbaum related the story of a client who was contacted by someone offering them help investing in crypto. The criminal, a female who was also flirtatious, built a rapport over a week using psychological tactics to deepen the trust. The conversations led to the client downloading an investment app.
“He downloads the trading app, puts it on his phone and all of a sudden, they give him $10,000 in funny money to play with,” he continued. “She does three trades for him and takes the $10,000 and turns it into $250,000.”
Sounds incredible, right?
Precisely, said Augenbaum. “The hook is in his mouth. So, she asks, ‘would you like to invest $100 of your own cash?”
She sets up a crypto wallet and gets him to transfer his money. But the money is transferred to a fake bank account. All the while, the scammer is telling him the money’s building (which the “app” confirms, and he should invest more. In short time, he realizes it was all a ruse and the money’s gone.
Unfortunately, Augenbaum sees this happen too often. Making things worse: the criminals are foreign actors, so there’s no legal recourse.
“I had one victim who lost $5.7 million. Another lost $700,000,” he said. “That’s why they call it pig butchering. This is what keeps me up at night.”
Executive Impersonations
For businesses, the top scams come from email compromise, where criminals gain access to or can fake both internal and external conversations.
Start with executive impersonation.
“The fraudster can pose as an executive of the company, requesting that a payment be made,” Taylor said. “They’ll send an email to accounts payable and request a change to an existing account or for a wire or ACH transaction.”
A similar tactic is vendor impersonation, where the fraudster poses as a legitimate company you do business with.
“The vendor will say, ‘we’ve changed our banking relationship,’” Taylor said, and give instructions to route money to a different account. “When the next invoice rolls around, it’s going to an account controlled by the fraudster.”
Finally, there’s the employee impersonation.
“This one really hits close to home because it involves direct deposit payments,” Taylor said.
Fraudsters can create a fake email that looks just like the original, then request a change – for example, to payroll. Then, on payday, you’re wondering where your money went.
“‘We did exactly as you said. We got your email, we changed the routing and account number,’” Taylor said. “Then they show you the email and you realize it’s fictitious. ‘That’s not me.’”
Stop, Call and Confirm
All these schemes take advantage of the fast-paced world of business. To stop this, make sure you have processes in place.
“We call it STOP, CALL and CONFIRM,” Taylor said. “If you get a request for a change, pick up the phone and call the requester on a number that you know. It’s a 5-minute phone call, but it’s a whole lot easier to explain why you’re calling than to explain a million-dollar loss.”
Three icons with stop, call and confirm.
Both Taylor and Augenbaum emphasized using multi-factor authentication whenever possible. But even if your company uses that, not everyone else does.
Thus, be on guard because scammers try to exploit every angle – from emails to texts to fake QR codes and social media account hijacking. Just be wary of all unsolicited contact.
“All the things we are talking about today are free and easy things to do to keep your family safe,” Augenbaum said.
Beware Check Fraud
Another way to protect yourself is to use electronic payment when possible because fraudsters can manipulate existing checks and create counterfeits easily.
Taylor said even if scammers don’t use existing checks, they’ll sell account information on the dark web or use your account information to open an LLC.
“It continues to be a significant threat across the country,” Taylor said. “We see rings of fraudsters that actually steal checks from the mail.”
Protecting Yourself
“First, guard your house,” Taylor said. “Work with the IT department on good cyber hygiene. Second, train your employees. Third, create a response plan. Then work with vendors so you know how they handle your data.
“Unfortunately, you’ve got to prepare for becoming a victim.”
Augenbaum said being proactive is the key. “Everyone wants training after the fact.”
By then it’s much too late.
Twenty-two years ago, Augenbaum thought he was addressing a short-term problem by investigating cybercrimes. But today, it’s the most prevalent threat out there.
“In Nashville, I used to hear from one victim a week as an agent,” Augenbaum said. “Today, FBI agents get 100 complaints a week, and that’s just scratching the surface.
“That’s why I love working with Regions Bank, because other banks aren’t going out of their way to show you how to avoid victimization. But Regions is putting in the time and providing you a blueprint to help keep you safe.”
Additional Resources from Regions.com
Related Articles from Doing More Today
The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.