When we think of robbing a bank, most probably would think of the classic television or movie scenario of a gunman or gang walking in and “holding up the bank”, having the tellers empty out their drawers and making a speedy escape. Or maybe some have seen a lone person (sometimes in disguise and sometimes not) walk in, present a simple note, have the money handed over, and leave. Typically the latter is caught later.

But what about other methods? Cyber attacks are increasingly common, either on individual account holders (i.e. identity theft) or on larger customer databases. Also, would you think of robberies occurring at an ATM? How about a drive-thru ATM? But these are typically individuals being targeted, how about the “big bucks”?

I remember years ago when I and my mentor challenged the CEO of a major U.S. company that had their own onsite credit union to see how many people (employees, patrons, etc) we could “lure” into our car. Within an hour or so, we had lured some 12 individuals, but in two of these cases “who” the individuals were spoke to a greater potential threat to the credit union (with the same rule being applied to a bank).

One of those more interesting “victims” we lured was the 16-year-old daughter whose father was actually president of the credit union! Imagine if we had been the proverbial “bad guys”, abducted his daughter and then had her call him later to make our ransom demands from his access to funds onsite. Would this father probably have complied? Was his daughter being put at-risk a possible point of vulnerability then for the financial institution itself? You bet.

The other interesting “victim” was a fellow we lured to our car under false pretense. As it turned out, and we did not know it at the time, this young man was the courier for the credit union’s various ATM locations. When he got into our car he had (no joke) a bag with over $250,000 in CASH with him! When we showed the CEO our audio and video footage the next day, he booked us for five (5) educational events onsite for his employees.

I recall several years ago seeing another scenario play out on a national news show as one small bank chain with ten locations hired a security team to see if they could breach their security since they had just spent tens of thousands of dollars to enhance their firewall protection from would-be cyber thieves. The two men they hired went old-school as they pretended to be “Pest Control” service providers with fake ID’s, fake van, fake uniforms, and fake tanks coming into the banks (hidden cameras were on them to record all the happenings). They were allowed into the computer rooms in nine of the ten bank locations and left alone, where and when they connected their little black box to the main frame to export all the pertinent info they were seeking that would have been unavailable to them if trying to access from the outside-in.

All of these (and similar) prove something I’ve seen saying for years and years now. “You don’t need a gun or knife, you just need a ‘good story’.” If you are the manager of a financial institution, do YOUR people know how to spot a “good story”? Yes? Great! How about their family members? No? Then, whether you realize it or not, you have exposure and you have risks.

Talk to one of our Trouble Spotters about programs for your bank or credit union employees as well as their family members. That way you can better “bank” on your own safety.

Jeff McKissack, Founder
TroubleSpotters.com

Share

Comments are closed.