When Should Your Credit Union Research a Payment for Possible Fraud?

Home » Publications & News » Publications » Articles by Our Experts » When Should Your Credit Union Research a Payment for Possible Fraud?

When Should Your Credit Union Research a Payment for Possible Fraud?

By Loran March, Sr. Fraud Analyst and Sami Davis, Fraud Analyst

February 6, 2025

As a credit union, you are constantly on guard against fraudulent activities that may compromise your members' accounts. Identifying potential fraud early is crucial to safeguarding assets and maintaining trust. But when exactly should you research a payment for possible fraud? In this article, we will explore some scenarios and trigger points that warrant further investigation, suggest useful resources, and provide real-life examples of credit unions preventing fraud through thorough investigation.

Scenarios and Trigger Points

Wire Returns with Name/Account Mismatches

One of the most obvious red flags is a mismatch between the name and account number in wire transfers. This could indicate that the funds are being redirected to an unauthorized account. For instance, suppose a wire transfer meant for "John Doe" gets returned because the account name does not match what was provided in the wire. Your credit union should promptly investigate discrepancies like this.

Wire Returns Due to Beneficiary FI Account Issues

Another critical trigger point is when wire transfers are returned because the beneficiary's financial institution (FI) account does not accept wires or the account is frozen. For example, if a wire transfer is repeatedly rejected with a message indicating that the beneficiary's account is frozen or unable to receive funds, you should investigate this further to determine if there is fraudulent activity or other underlying issues.

Remitter and Beneficiary Proximity

Another red flag is when the remitter and the beneficiary are not within a reasonable driving distance. While long-distance transactions are not inherently fraudulent, they warrant closer scrutiny. For example, if a remitter from New York is sending significant amounts of money to a new beneficiary in California, it may be worth verifying the legitimacy of this transaction to rule out any suspicious activity.

New Accounts

When a new account is opened, it's vital to have a monitoring plan to ensure the account is not being used for fraudulent purposes. New accounts are often targeted by fraudsters because they are less likely to have established transaction patterns. For example, if a newly opened account starts showing large, rapid transactions, this could be a sign of money laundering or other illegal activities.

Unusually High Transaction Volumes

A sudden spike in transaction volumes, especially if they deviate significantly from the norm, should raise suspicion. For instance, a small business account that usually processes a few thousand dollars a month suddenly handling transactions worth hundreds of thousands of dollars is a clear indicator that further investigation is needed.

Inconsistent Transaction Patterns

Transactions that do not match the usual spending patterns of the account holder are another warning sign. For instance, if a member who typically makes small, local purchases suddenly starts making large international transfers, this inconsistency should be scrutinized.

Open-Source Intelligence (OSINT) Resources

Secretary of State Registrations

You can verify the legitimacy of businesses involved in transactions by checking their registration with the Secretary of State. If a business was recently formed or lacks proper registration, it could be a front for fraudulent activities. For example, a newly registered business making large, unusual transactions should be examined more closely.

Website Age

Checking the age of a website can provide clues about the legitimacy of the entity. Newly created websites associated with high-value transactions can be suspicious. Using services like whois.com to verify the creation date of a business's website can help identify potential fraud. For instance, if a business claims to have been established for years, but their website was created only a month ago, this discrepancy warrants further investigation.

The Wayback Machine

The Wayback Machine (www.web.archive.org) is another useful tool for investigating the legitimacy of a business. This service allows users to view archived versions of websites, providing a historical snapshot of how a site appeared at different points in time. By examining these snapshots, you can determine if a website has been recently altered to present a different business model or to obfuscate its true nature. For example, if a website claimed to be a car dealer that has been around for years, but archives show the website was for an investment company just a month prior, further investigation is in order.

Advanced Search Techniques

Advanced search techniques can help identify suspicious patterns and verify the legitimacy of transactions. If you have a particular beneficiary name or business name, you could search with combinations like the name AND “fraud” or “scam,” or use wildcards (e.g., “scam*” to capture “scams,” “scammer,” etc.). Wildcards can also help find variations of a term, such as “bank*” to search for “bank,” “banking,” or “banker.” To look for specific transactions or fraudulent behavior tied to a known bank, using site-specific search with the “site:” operator (e.g., “site:bank.com fraudulent transfer”) could help narrow the results to trustworthy sources. Furthermore, a search using terms like “scam warning” AND “wire fraud” might help find industry reports, user experiences or expert opinions on common wire fraud tactics.

Reverse Image Search

In catfishing scenarios, where an individual may impersonate someone to solicit fraudulent wire transfers or payments, a reverse image search can help identify if a photo or profile picture is being used elsewhere on the internet. By uploading the suspect’s image to platforms like Google Images or TinEye, you can trace the image’s origin and determine if it appears in multiple contexts, such as dating sites, social media, or known fraud-related forums. If the image appears frequently in fake profiles or is connected with scams, it’s a strong indicator of potential fraud. Additionally, using search queries like “catfish” AND “profile picture scam” alongside the image findings could reveal other victims or similar scenarios.

Real-Life Examples

Example 1: Hacked Email Wire Fraud

A member of a credit union was purchasing an RV from a dealership in another state with the transaction being completed by email. The member was instructed to wire $77,000.00 to the dealership using the account number listed in the email. After the credit union verified the information, they determined that the dealership’s emails were intercepted, and the account number was the scammer’s.¹

Example 2: Overpayment Scam

A credit union prevented a $30,000.00 refund scam. Their member came into the branch stating someone gained access to their online banking and transferred funds from the member’s savings account to their checking account. The fraudster then said it was a deposit sent in error and requested the credit union’s members wire the funds “back” to them.

Conclusion

To sum it up, when in doubt, investigate! By remaining vigilant in identifying potential fraud through wise and thorough investigation, you can prevent costly losses. By scrutinizing wire returns, monitoring new accounts, and investigating unusual transaction patterns, you can protect your credit union and your members from financial fraud. In your investigation process, take advantage of OSINT resources such as Secretary of State registrations and website age, which can provide further insights into the legitimacy of transactions. By taking these measures, your credit union can maintain the integrity of its operations and ensure the security of your members' assets.

<sup>1</sup> Scam Stories: Scam And Fraud Examples & Protection Tips | Royal Credit Union