$2.1 million stolen with clever social engineering

By | March 1, 2012

Source: Help Net Security

by Zeljka Zorz

Definitely gutsy!!

In this article “An unnamed fraudster managed to steal $2.1 million from a hospital chain’s Wells Fargo Bank escrow account by faxing a money transfer signed with a copied-and-pasted signature he has taken off the Internet.

The brazen theft was pulled off ingeniously, but the biggest responsibility for its successful realization seems to lay with the Wells Fargo escrow agent who authorized the transfer without thoroughly checking on the legitimacy of the requests.

To understand what happened, you must know that Catholic Healthcare West, the hospital chain in question, signed a contract with Merced County, California, to operate a medical center in the San Joaquin Valley.

In order to be able to do that, the chain had to maintain an escrow account with $7.5 millions in it. At the same time, it decided to change banks, but needed the approval of the county’s Board of Supervisors to do that. They did approve but, unfortunately, the county put a partial copy of this agreement on its official website, complete with the signatures of the chain’s CFO Michael Blaszyk and the Merced County Director of Public Health Tammy Chandler.”

Leave a Reply