Case Study: XYZ Construction, Inc.* Avoids Malware-Driven Fraud Loss

Their Story

Recently, Fifth Third Bank detected a potentially fraudulent wire transfer request on behalf of XYZ Construction, in the amount of $186,000. With the transaction details in hand, a Relationship Manager from the bank contacted XYZ to verify authorization of the transfer. 

The result: XYZ hadn’t requested the payment. So, Fifth Third Bank cancelled the transaction right away, and no money was lost by the client.

What really happened?

XYZ Construction found that there was malware on at least one of their computers. This software allowed for an “Account Takeover” scenario — where a hacker could view everything that happened on the computer. By tracking everyday use, this hacker was able to decipher exactly how to log into password-protected areas online, including XYZ’s bank accounts.

Armed with that information, the hacker was able to either log into Fifth Third directly as XYZ Construction — or take advantage of an open session in real time — and order a wire transfer just as the legitimate employee would do. This type of fraud is growing increasingly popular according to NuData Security. Account takeovers have increased 112 percent since 2015.1 

NOTE: Fifth Third Bank will contact you if our systems detect irregularities such as:

  • Transactions that are substantially larger than usual for your business
  • Unusual amount of transactions in a short period of time
  • Other abnormal transactions that differ greatly from past payment history

Lessons Learned: Minimizing Risk

Account takeover fraud attacks are extremely difficult to detect when they’re in progress. In fact, even antivirus software can miss them. So, the best way to protect against them is through preventive actions.

Consider the following steps:

  • Consider working with your relationship manager to register “key” contacts from your organization that have authority to decision a wire transfer that has been flagged as “suspect”.  This will minimize delays in processing the wire transfer in question.
  • Never download attachments or click links sent by someone you don’t know — and avoid downloading software you don’t recognize.
  • If your computer shows signs of malware — like sudden, frequent pop-up windows — log out of any accounts you’re in, and shut it down before moving to another computer to do your work. And make sure your IT person is alerted immediately.
  • Create a dual-control payment process, in which one person handles the processing, and another verifies and approves payment.
  • Install browser protection software that automatically protects websites when user signs in and exchanges sensitive information, such as financial information or sensitive data. Several banks offer this software free of charge.

“While we don’t know how XYZ Construction got malware on their computers,” says Brendan Smith, Manager, Commercial Fraud Risk at Fifth Third Bank, “we do know that malware can be downloaded via links inside emails, downloadable attachments, and more. And these types of account takeover fraud attacks are becoming more and more prevalent all the time, as hackers use increasingly sophisticated methods to get around increasingly sophisticated detection methods.”

*This is an actual case study from a Fifth Third Bank client. The company’s name was changed to protect privacy.



The views expressed by the author are not necessarily those of Fifth Third Bank and are solely the opinions of the author. This article is for informational purposes only. It does not constitute the rendering of legal, accounting, or other professional services by Fifth Third Bank, National Association or any of their subsidiaries or affiliates, and are provided without any warranty whatsoever. Deposit and credit products provided by Fifth Third Bank.