It happened. To me. All those books I’ve read and movies I’ve seen…that stuff isn’t really all that made up. With the synergies of today’s technology and criminal minds, I firmly believe that just about anything is possible.
Yesterday, I was at work, typing an email to a colleague when the little “you’ve got new mail” window appeared in my lower right hand corner. It’s that fade in and out window that just appears for about 5 seconds so you can see who’s just emailed, then decide if you want to click over and read it now or wait till later. Well, when my little notification window popped up, both the sender and the message title was a bunch of garbledy gook. Nonsensical.
What the heck?
So I clicked into my inbox, and saw that my email had been flooded with a ton of spam emails that were now coming in one by one, non-stop. Each one was from a different sender, something like:
Wckojeorjam937fh290uj;goj8994@aol.com or jlj0-0893480klker0cfj3864kn@crap.com and on and on. They were each filled with a body of text all with the same gibberish. And they kept coming and coming. So I called our IT gal over immediately and showed her what was happening. She had me copy and forward some info about one of the messages so she could start investigating.
And they kept coming and coming.
I was getting spammed something awful.
But that was just the beginning.
As I sat there in confusion, scrolling through the sea of spam, I noticed one lone email amid the mess that appeared to be a valid email. It was from the payroll service provider that we use for RMB Properties (through a very large, reputable bank), with the message line “Payroll Confirmation.” Panic set in before I even clicked on the message. I sped through the email, horrified that I was being notified that I had just successfully processed my company’s payroll for the pay period ending 11/13/09.
One little problem there.
I had not entered payroll, and I am the only payroll administrator for our company.
The email further instructed that if this message was sent in error or if I had any concerns, please call a 1-800 number. My fingers could not dial fast enough. As I worked my way through the customer service menu and held on the line for the operator, I looked up and the email from the payroll service was gone. Seriously, gone. Impossible, I thought. An email can’t just disappear. Surely, it must have gotten moved to another folder – like junk suspects, junk mail, trash or some other place. I looked all over and it was seriously gone. Sucked into the black hole of oblivion that is the home of internet fraud.
Totally panicked now. The payroll guy gets on the line, and after confirming my identity and listening to my crazy story of the last few minutes, confirms that yes indeed, their system showed that I had just entered a payroll run for $17,708. What the crap??? I asked him if I could see what had been entered, like which of my employees were scheduled for payment, etc., so he directed me to the payroll preview screen.
I am sure my face lost all color as I clicked on that file and saw four brand new employees listed, none of which were our employees at all. Each one was scheduled for payroll direct deposit in random amounts over $4k each. Four fictitious employees with fake social security numbers, random local addresses all within a 5 mile radius of our RMB office, birthdays, bank accounts and routing numbers.
Is this creepy or what? So….I of course told the guy that these were not my employees, that I had not entered payroll, and the identity theft remediation wheels were set in motion. Calls to everywhere. Frozen accounts, notifications to our ID theft service, fraud alerts placed with the credit reporting agencies, calls to bankers, deactivated email…
I was physically shaking and sick to my stomach. So scared. I felt so violated and panicked as I racked my brain trying to understand how this could happen. I’ve tried to play investigator in parallel tracks with the fraud investigators. I’ve tracked the routing numbers used for the new employee’s bank accounts, and they are for banks all across the country. I’m going to run a social security number check today as well to see if they are even legitimate numbers or ones belonging to dead people.
We’ve run through a variety of scenarios among the IT group and fraud people, but ultimately, everyone seems just baffled and impressed (not in a good way) with the technology used to pull off this scheme. The head of the fraud group at the bank is involved, and per the rep working with me, he only gets involved when it’s very serious. Great. Somehow, someone penetrated through the layers of security via spyware or malware or Trojan horses or encryption or whatever, hacked into a giant institution’s payroll system, also hacked into my company's firewall blocked email in some way such that they could pull out an email that they were hoping I wouldn’t see, all while I was being spammed to death by a zillion emails.
Seriously…if I hadn’t been sitting at my desk at that very moment or hadn’t been intently scrolling through the messages, I never would have seen that payroll confirmation email before it got wiped off the system. And because there is a backup of everything on our server, our IT gal was able to go to the backup version of the email and see the incoming message at 12:18 pm, but then there is no trace of it. Seriously, gone. Within a couple of minutes at the longest. The outsourced IT guy that we consult with when things are bigger than our internal capabilities assured us that this was impossible, but he couldn’t find the email either. Impossible, eh? Sure, eventually I would have figured out that we’d been scammed, but the money would have been gone and the process would have been even more horrendous working through fraud claims, etc.
So I have no idea how far this identity theft/fraud thing might go, as I don’t know where the breach occurred (a home computer, work computer) since my work email is listed as the notification email address in the payroll system. I don’t know if someone is out there lying in wait to bite again on some other piece of our personal financial information, or if this was a blanket payroll scheme, or what. I’m scared. I pray this is just a crazy isolated incident and that perhaps I was just part of some big payroll scam. I hope it's not personal...Nothing like this has ever happened to me. It only happens to people in movies and in books, right?
Thank heaven I was at my computer when it went down. Thank heaven I have some good ID theft advocates working on my case. I pray that they’ll figure this out soon. So now I have a new work email address: kellis@pivotalgroup.com. My personal email account is still the same: kellisuebrown@mac.com.
I’ll blog again with updates.
That stinks Kelli!! My brother had someone get a driver's license in his name in october and then the guy emptied out his bank account. Hope they figure it all out, and quickly for you.
ReplyDeleteVery good work on detecting the problem. That is amazing.
ReplyDeleteYou are awesome.
Holy %#**!! That is super scary. It is a good thing you were there at that exact moment.
ReplyDeleteHoly crap...is right. that is the craziest thing ever. It just goes to show how vulnerable we all really are. Wow Kelli...Wow.
ReplyDelete