A bank here in the UK had a problem at the weekend, £2.5 million was stolen from 9,000 accounts.
My question is how do the scammers get hold of the money? I presume it was something like transferred to someone’s fake account in the first instance. Then what? Do they go into a branch and draw it out in cash? Wire it to another bank elsewhere? But if it just gets wired around the banking system can’t it be traced electronically? Surely they can’t draw out £2.5m in cash that’s only just been deposited…
Foreign transfers are notoriously difficult to halt or reverse - so (according to the info I received at cyber threat insurance seminar the other day), they transfer it to an overseas account (buying time), from which it is quickly distributed out to a large number of other accounts in that country - from which it is withdrawn or used.
Since it’s (was?) possible for Somali pirates to “get away” with ransoms in the millions, I assume there are some foreign banks that don’t feel an urgent need to cooperate quickly with the western authorities. IIRC the Somali ransoms went through some middle eastern banks. Plus, some people in those countries get a cut for helping to cover up the trail. I assume the same applies to a number of eastern European countries’ banks and perhaps places like Nigeria.
The trouble with paying with a pallet of money is that eventually maybe the western countries might figure out how to time-bomb the payment - money that fades with heat, or certain serial numbers no longer valid currency, or some such trick. But I do wonder how exactly they got away with tens of millions of dollars. I kind of imagine some CIA black-ops taking out cooperative African or middle-eastern middlemen.
I’m trying to imagine what size of army is needed to spend $3M in less than a day, a few thousand at a time. Also note larger Best Buy items will have serial numbers.
This is the basic flaw in any such scheme. I don’t think Tiffany’s or Cartier will sell a $200,000 bauble to the great unwashed masses on a credit card or debit card. You need a large organization to spend it $1,000 at a time within a day - which adds to the risk that someone will get caught. Then it helps to have an organization whose reputation will make the foot soldiers keep their mouths shut.
We’ve had several threads recently on the joys of money laundering. It’s not trivial.
I don’t see the government invalidating certain serial number ranges. But they could trace the currency back to the scammers by noting when the serial numbers are used. In fact, I would not be surprised if the intelligence agencies were already tracking currency by serial number, just as a normal process.
