The Fraud Blog with Tracy Kitten

BP Funds, Fraud Hit the Gulf Coast

BP Funds, Fraud Hit the Gulf Coast

Verifying that many claims and filing that many payments create a logistical nightmare, and incidents of fraud are beginning to crop up.

Last week, Orange Beach, Ala.-based Heritage First Bank caught wind of a phishing scam aimed at BP claimants. The phishing attack was rather basic - e-mails asking recipients to click links where they could verify claim and Social Security numbers. If a recipient clicked the link, a follow-up phone call was received, asking the e-mail recipient for bank account information.

When there are that many funds out there, there will always people who try to circumvent the system. 

The attack was not aimed at Heritage First. The e-mail was sent to several residents and circulated through the e-mail systems of Orange County's municipalities. The Alabama Gulf Coast Area Chamber of Commerce responded and notified area businesses. Heritage First Bank was quick to notify customers as well, since so many of them have filed claims for BP recovery funds.

John Branam, the president and chief executive of Heritage First, says his institution quickly notified customers that any requests made for additional claim information would not come via e-mail. "We'd have you come into the branch," he says.

"There's a lot of money being distributed and flowing down here right now," Branam adds. "When there are that many funds out there, there will always people who try to circumvent the system."

The source of the scam is under investigation by the Alabama Attorney General's office.

Heritage First responded well to the phishing scam, but these schemes are only going to multiply as the claims continue rolling in and funds continue flowing. The longer the process goes on, the easier it will be for scammers to figure out how to get around the system.

Consider, too, that a number of those affected by the oil spill do not have banking relationships. I wonder who's going to ensure they receive payment? Granted, they will not be compromised by giving out bank account information via the phone call or vishing attack, as was attempted by the fraudsters in the Alabama attack. But providing claim and Social Security numbers could give criminals more than enough to go on to perpetrate fraud.

Counterfeit checks are always a concern during a crisis. But how can BP get around it? Branam suggests BP start direct depositing funds into bank accounts to avoid some of the risks.

I called the BP claims department - surprisingly, it was very easy to get through to a person - and was told direct deposits would only slow and complicate the process. Besides, direct deposits don't address the needs of those without bank accounts.

"These people need their money," the hotline representative told me. Agreed. They do. And I'm sure BP does not want to run the risk of somehow mishandling bank account numbers.

But as this crisis continues to unfold, institutions will have to be prepared to deal with fraud. I also wonder what role the banks and credit unions might play in assisting the unbanked and underbanked? These individuals have long been ignored by traditional banking institutions. Could the BP disaster open new lines of communication and service?



About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years' experience, she covered the financial sector for 10+ years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.