Hear the latest trends in fraud and new novel ways victims are being targeted. Explore the growing threat landscape and how AI tools are both helping and hindering fraud prevention efforts. Learn the risks associated with third-party software and actionable recommendations for managing these relationships.
Transcription:
V. Venesulia Carr (00:11):
All right. Good afternoon everybody. American Banker, welcome to BOCA Raton, Florida. How many of you are from out of state here? Alright, thank you for coming in. Are you guys enjoying it so far? Wonderful. So am I. These accommodations are exceptionally amazing. Okay. I am VI Lia. For those of you who have not met me, I do several things. I am CEO of Vicar Group. We're operations and management consultants for Generation U. We consult on cybersecurity, information security, fraud mitigation, AI and emerging technologies across sectors including financial sector. We have financial sector operations division along with a cyber division amongst others. I'm a former banker, so I really get what it is that you guys do and why you might be in this room today to hear about fraud mitigation and what we're doing to mitigate it. I also am the host of a television show down to business with V where we talk about the things that we're going to be talking about here today along with the emerging technology piece.
(01:20):
And I write a column for newsmax on cybersecurity information security, fraud mitigation, info sector with V. Venesulia. You guys, I've been busy just in case you were wondering, got a few things still due, but I'm glad we could make it today. I'm also a United States Marine. How many Marines we got in the audience? Anybody? Any military? Alright rah, thank you for your service. We're so happy to have you. All right, well you guys are in the safest room in the building because we are here. I also have alongside me, one of my colleagues, constituents, what do we say,
James Klettheimer (01:58):
James Klettheimer,
V. Venesulia Carr (02:00):
FBI. 27 years you guys. So when I say you're in the safest room in the house between the two of us, we got this place locked down and our gentleman right there in the back here. So James, what I'm going to do is hand it over to you to talk a little bit about your 27 years of experience. Tell these lovely people what it is that you do now and let 'em know what's going on in this space.
James Klettheimer (02:22):
Again, James Klettheimer and was fortunate enough to serve the FBI for 27 years. Did a whole wide variety of things. I actually spent a little bit of time in the office here in Palm Beach for a couple of years working in the Palm Beach office out of here. And at that particular time, some of the stuff that I was responsible for was white collar crime banking, stuff like that. So a lot of unique experiences that want to share with you guys coming from the banking industry, coming from the law enforcement side that I think there's some myths out there that can help both folks out. I spent the last two years of my career as our senior liaison of the CIA, so I kind of finished off with a really cool assignment, got to do something that I never imagined that I would get to do. So it was pretty cool to do the last two years and spend the last two years at Langley and do that. And then I rolled out at the end of last year. So I now have a security consulting firm called aspas Solutions Group. We provide a lot of unique security solutions to a wide variety to high net worth individuals, companies, educational institutions and things like that. So I'm just happy to be here and happy to share from my perspective of 20 plus years in law enforcement.
V. Venesulia Carr (03:37):
If he told you what he did, he'd have to, so we'll just keep you guys wondering what that is. And I have the amazing talent here from Varo Bank. When I spoke with the team that put this together, I specifically asked for VP to be here. So VP, tell them who you are and what you do and what you're doing with Varo Bank.
Viral Parikh (04:00):
Thanks for the good introduction.
V. Venesulia Carr (04:03):
Yes,
Viral Parikh (04:05):
I'm most recently at Varo. I'm not sure if folks have heard about Varo Bank is, but we are one of the neobanks out of San Francisco and I lead all of data AI efforts over there. I have been in tech for almost 18 years or so. Last 10 years have been in FinTech Varo and before that was at Credit Karma joined Credit Karma when the company was very small. Obviously now it's part of Intuit and TurboTax. And then before that was at Match Group, did some work@match.com, also did some work at Tin and then before that I had more roll up. So I'm out and out, not a banker, but yes, I work in new banking, but I'm in tech. Yes.
V. Venesulia Carr (05:00):
Wonderful. So you guys we're going to be talking about the fraud trends, which is really what gets my blood boiling. And one of my passions was bringing this type of information to our frontline employees within the banking sector as well as our C-suite management, the entire audience. Somebody said today that making each member of the team a part of that cyber team is absolutely critical. I believe in that through and through. So we're going to be talking to you about some of the fraud trends, what they are, how you can identify them, and then information that you can take back to your teams. One of the things that I wanted to start with was a gentleman. He told me to make sure that I tell you guys this. I met a guy, we live in Destin, Florida. I do, and James is not too far for me, VPs in on the other side of the country, but this is happening across the nation.
(05:51):
He went to purchase a home within my immediate community, lost his entire wire of $670,000 in a wire fraud transaction. So you guys have heard of it. The malicious actors sit inside of the title companies infrastructure, intercept the communications, and then give alternate communications to rewire the funds to, he lost $670,000 and he wanted me to make sure that you guys knew and heard. If you've ever seen a grown man cry, if you've ever seen a grown man cry, you know what that feels like. I felt helpless in his presence. The good thing was we got him set up with the FBI IC three.gov. He was also working with his bank who told him it may be 90 days, but you guys know as well as I do, once that money is gone, it's gone. And it's hard to get that back. So especially when the onus is on the sender and that was him. But he wanted me to let you guys know that not only did it happen to him, this is a guy who's in the know, he's in crypto doing things within the financial sector, but he was able to be gullible in a moment that was so critical where he lost that amount of money. That's one of the trends that's happening. I wanted to open with that vp, you're in the banking sector now. What are you seeing that's happening with Varo or across the sector in general?
Viral Parikh (07:24):
Yeah, I think there's all kinds of bad actors. We are not immune to what's going on in the broader industry. For us, Eduardo, obviously fraud and risk is by far the biggest thing we see. Okay. We are a digital bank, we don't have branches. And so for us at every point in time, fraud and detecting fraud and bad actors is pretty critical. Whether it's at the time of application, should we even approve the application? Once they are in the system, how do we detect whether they're logging in correctly and then at the time of transaction transactions for us could be anything. Could be ACH coming in, could be ACH going out, card transactions, remote check deposit, all of that. And we see a lot of interesting things, things. I personally have also witnessed some of the things you are saying and I'm going to talk about there, what we do to mitigate.
(08:58):
But yeah, so I can give a very specific example. At the time of application, given we are an online bank, the most important thing is the identity verification. And the previous panel was talking a little bit about identity verification, step up is a big deal, and then how do you deal with fake ID profiles? And some of this are AI generated, apparently even driver's license or even passports are getting faked. So how do you mitigate this? Now obviously to counter AI generated threat, we have to use ai. We do use AI as well. And I think one thing I want to highlight, it's not just the banks and we are not the only ones. Everybody else is facing that. I think the regulations also have to come along and ensure that AI is continued to use to detect all of that. But yeah, we have invested a lot in machine learning in AI to continue to gate across all of this, across all of this areas, how consumers, whether they're logging in, whether they're submitting an application or whether they're doing a transaction, we have invested a lot in the platform form. Yeah,
V. Venesulia Carr (10:47):
FinCEN put out an alert, I think it was in November of 2024, about the synthetic AI generated documents that were being submitted across the sector that, I mean they were being inundated with this type of information. Now, one of the things that they suggested that I totally disagree with based on my professional opinion, is to actually do the CDD, the document verification using a video call or an audio call. Well, because I consult in cybersecurity information security fraud mitigation in conjunction with artificial intelligence, we do know that that information can be deep faked, not only deep faked prior to but in real time. So I wrote an article for newsmax where we talked about the incident that happened with one of the senators. Did you guys, any of you know about this incident where they were deep faked in real time? Did any of you hear about this?
(11:46):
So here's a story the senator was doing business as he does with the government, received an email requesting a meeting with a character that he knew he had done business with this nation state representative before this was somebody he knew and had engaged with in real time. This person who alleged to be the nation state representative came on the line, it was a zoom call, looked like him, sounded like him was not him. The only way the senator knew that it wasn't him was by the line of questioning that ensued after they had been on the call for a short time. You can no longer assume that a zoom call will be the way or any type of VCC will be the way that you can verify that somebody is who they say they are. The days of doing that is over. If you are not looking at them in person, you don't know who you're actually dealing with.
(12:43):
So take that back to your teams as well, to your CSOs, whoever it is that will be the decision makers on these types of things. But let them know that the days of us listening to video and audio and assuming that's the real person, those days are done. James, I know that as we were talking about some of the incidents that happened within the banking sector, filing SARS is a huge thing. We know that it's part of our due diligence, what we have to do to mitigate fraud. I want you to talk about from your experience in the FBI, you guys know that when we file sars, that's where they go, right? They go to the FBI. Let's talk a little bit about that process, what you saw from your professional experience and then how they can take some best practices back to their teams to make this a more efficient process.
James Klettheimer (13:31):
Absolutely. And I'd like to give a shout out to the chief technology officer for Fifth Third who's sitting back there. He said some things in his fireside chat that resonated with me coming from the law enforcement side. So I think there's a big misconception out there, and what you said, Ryan, was those relationships. And it's not just the relationships with your folks inside your business, but it's those relationships with law enforcement. And I think what happens is a lot of folks and a lot of people throughout my career, and I'll kind of give an anecdotal story to something we did here in Palm Beach when I spent my time in the Palm Beach office here. But you send those SARS off and you're under the assumption that it's getting to somebody and they're actually looking at it and making a decision to no, not going to look at that any further.
(14:17):
Or yes, we need to look at that further. Well, you can imagine the number of sars that get filed every day, right? And unfortunately as the bureau is trying to shift and bring some of these things like AI and other things to help speed up what's important, what's not important, those things have to be looked at right by somebody to make a decision to, are we going to do something with it? Are we going to make a phone call? Are we going to call Fifth Third Bank? What are we going to do with this particular sar? And what I would always try to communicate to you guys as an FBI agent, like listen, the ins and outs of banking and what you do every day, you know what looks right, smells right, feels right. There's constantly a ton of stuff coming at the bureau and stuff for law enforcement look at, and we have to make those decisions to what things that we spend time on.
(15:06):
Where do we put people, how do we prioritize things? Well, those sars, the way to overcome that and not assume that they're getting, because those things go to FBI headquarters and let's just use Palm Beach as an example. The time I spent here and other than New York City, there's more fraud that happens in Palm Beach County related to Palm Beach County than any other place in the US besides New York. And a lot of times those sars or those things, those bad actors, that information, it wouldn't make it down to the field office the way that you would think that it would make it down to the field office for us to act on it. And that's where those relationships come in. And I mean those relationships at a local level, and I don't know what you guys do back where you guys come from, but I can tell you one of the things that we did here, I took myself and some of the other folks on our team, took some of the other law enforcement entities that we worked with and we went around and we created what was called a financial working group.
(16:04):
And basically what that financial working group was was for law enforcement and the financial sector to sit down on some sort of regular basis, whether what's appropriate, whether it's monthly, quarterly, whatever, and create those one-on-one relationships and share those things that are happening. Because one of the other things, if it's happening at your bank, it's likely going to happen at the next bank and the next bank. But if you guys are not talking and you guys are not sharing and creating that group, that information doesn't get passed in a way, in a timely fashion to help mitigate some of those things that are happening. So I could sit up here and take the whole 30 minutes talking about the law enforcement perspective, but what I would urge you is to go back to where you are, make sure that your folks in those positions have those relationships with the FBI office there with other local law enforcement.
(17:00):
And the best way to mitigate this stuff is to create, and we just called it a financial working group. It sounded cool and that's what we called it and the work that we were able to get done. And then it was just a matter, for example, let's just say Fifth Third Bank has something, they're not, they're filing the sar, but they're also reaching out to that person they've got a relationship with and saying, Hey, listen, something doesn't look right here. Can you take a look at blank? Because it could be weeks, it could be months before that SAR or whatever it is filtered down to the right folks to actually take a look at it and you're wondering, what in the hell is the FBI doing? Why aren't, aren't they doing anything? It's not because we don't want to. It's sometimes the information just doesn't get to where it needs to be. So that's one of the things that I would stress to you folks.
V. Venesulia Carr (17:46):
Thank you so much James. And I'm telling you, he and I had a discussion, we kind of worked together on some things back where we're from and that discussion alone was one that was huge because I worked in the banking sector and understood what those sars were. I guess the governance around it as well. Knowing that you have a partner with the FBI that you could reach out to is huge. And I can tell you, me personally and my teams as well, we had somebody that we could call, we called him B, we just called him by his initial, we call B up and say, listen, we got something coming your way. I need you to take a look at it or that or the other is happening. So it makes so big a difference for you to be able to get somebody on the line, put eyes on whatever it is that you have a concern about and then have them follow up with that.
(18:34):
I do want to touch on a few of the additional fraud trends. We talked about the title company real estate transactions. Of course phishing is still a huge deal. The FBI put out their internet crimes report. James and I have been trying to track this information down for the last, what, four months, five months now. Finally, I got a little something for you guys. 16 billion in losses this past year in 2024, the real estate transactions hit the top of the list. Phishing and spoofing emails as well as text messages were huge on that list. Text support. So you guys are going to be hearing a lot of that if you've not already. These text support scams are making the top of that list business. Email compromise is still at the top of the list. How many of you remember when that was a huge thing and then it kind of died down?
(19:27):
You stopped hearing about it, it's still happening. It's at the top of the list. There were 21,000 complaints and if there were 21,000 complaints, how many more were there? Not a lot of people don't report identity theft was there. Confidence and romance scams. So Interpol, you guys have heard of pig butchering? Have you heard of that? Pig butchering is a scam where this guy or this girl comes along, kind of romances you in a way, gets you involved and then sells you on a crypto or some sort of investment, makes it look like your money's growing and then they snatched the money, it's all gone and so are they. Interpol has said, we are really urging you to stop calling this pig butchering because it dehumanizes the victims. However, this thing is really happening. So that's at the top of the list, the romance scams, and then we have a credit card and check fraud.
(20:21):
So you guys would know that as well. Ransomware on the top of my list. I don't even know how this is down that far, but I think people just aren't reporting it as much. 3000 reports of that as well this year. The age groups are across the board. The gentleman that lost $670,000 was in his early thirties. That would not be somebody that you would say would not be aware. He was unaware. And I can tell you when he told me he lost his money, I told him the exact scam before he could even get it out that had taken place. But these are just a few of the things that we're seeing. Ransomware, data breaches, of course, sim swaps. You guys know what sim swaps are where they literally, I don't even know how do you know how it's bananas? I really wish these fosters will use their powers for good and not for evil.
(21:16):
The world will be a much better place. But those are just some of the numbers and some of the things that are happening. But really keep an eye on business email compromise. I'm also going to close with this. We are out of time, but I want to remind you guys in the banking sector that you are a target. Your frontline employees are a target. You're a target on LinkedIn, you're a target on Indeed, you're a target in your workplace. You are a target across the board. Do not forget it and don't, when you're posting on LinkedIn or when your people are signing up on LinkedIn, remember that there are fraudsters out there looking for you specifically to infiltrate you specifically. We had a whole thing on it, but I'm going to leave you with that. We are going to take, do we have time for questions, Mr. Audio Guy? Okay, I think we have time for questions. Is that right? Three minutes. That means we got time for one question. Who's got a question? Okay,
Audience Member 1 (22:16):
Are familiar with Telegram?
V. Venesulia Carr (22:22):
Telegram? Yes.
Audience Member 1 (22:26):
Can't shut down Telegram because the started as a recruiting toll for, can you hear me? It started as a recruiting toll for iss, right? Then all these financial crimes go on and on. I mean, it doesn't take a lot of intellect or insight. I mean, I can use it unfortunately. Check washing scams, internal fraud. So why can't that be shut down? The police can't even access it. And I don't know if that's incorrect.
V. Venesulia Carr (22:51):
She's asking about Telegram. For those of you who didn't hear the beginning of that question, telegram is an app that was birthed out of Russia by Pablo av. Pablo's been arrested by the way. Yes, yes. He was taken into custody in Paris. She wants to know why this app can't be shut down if it's being used to recruit for ISIS and other things. And money washing. Money laundering. James, great point here. Take one.
James Klettheimer (23:18):
Great question. Well, I think you kind of answered it that it's a Russian run app, right? So the us, the FBI doesn't have any jurisdiction or control over, just like TikTok. My kids, I've told them do not download TikTok. And that's coming from another side of me and time that I've spent with our two biggest adversaries, Russia and China. It's like they're collecting, they're collecting on us. Tiktoks is just another way to collect on us and put information together. So no way to shut down Telegram because it's not run or owned or operated out of the United States. Unfortunately.
V. Venesulia Carr (24:06):
The good thing is Pablo's been arrested. Like I said, he was detained in Paris and the Parisian government is working in conjunction with Interpol regarding him the app. Because in addition to the things with ISIS and other nation state threat actors, there were allegations of human trafficking as well and all kinds of activity that is egregious and unlawful. So,
Audience Member 1 (24:32):
You would think though, if it's we're talking about issues in the United States and even though these applications where they're generated from, is it because our iPhones are coming from foreign countries? It's just one of those things that's so crazy in the fraud that's in there. I mean, you can see everything, every financial institution in there and their data being sold on the fact that we can't just make it technically illegal to have on a US based iPhone or a US based Android is kind of unbelievable. That would be something from a criminal perspective that we shouldn't be able to cross that line. I've always just been interested in that.
V. Venesulia Carr (25:05):
I would say contact your local congressman that's going to take some laws that's going to take a law. Yeah, I love hiding behind a federal regulation. Federal regulation states. So we are going to have to contact our congressmen and our senators to get a law passed if we're looking to outlaw things like that. The bad thing is that the web is the worldwide web and we don't have jurisdiction over all of it, but we can and we do work jointly with other countries to ensure.
James Klettheimer (25:37):
I can tell you that coming from a law enforcement perspective, it's very frustrating with some of these apps and applications that are out there. Back in 2014, 15, I was responsible for a very huge undercover counter-terrorism case. And that's right when a lot of these encrypted apps were kind of coming on stream and it was like the wild West. I mean it just trying to get information to help us get to the bottom of who was behind this. And this was an ISIS related thing where an individual, it was actually the time I was spent here in Palm Beach. It had an individual that had assimilated with ISIS and was wanting to do a lot of very bad things. And they were using a lot of these very infant encrypted apps and it was very difficult. So it just makes it very, very tough. And that have to be laws passed to be able to do that, it just makes it a lot tougher for us. And the nefarious actors know that. So that's why they default to use these types of things.
V. Venesulia Carr (26:39):
And I'll add in addition to that, there are other working groups, international working groups, in addition to Interpol, our nation states will collectively pursue targets that are doing nefarious activity on the web. We had a big takedown of, I think it was a crypto scam not too long ago, where several nation states worked jointly. And this was not just an Interpol activity, it was Europol, Interpol and several different nation states that worked to bring down these organizations. And then a lot of times too, there may be activity that's happening on the back end that we don't see. I always say if the FBI, if you get a call from them that you're being pursued for something, you're done because you generally don't hear about it until they have all the evidence available to prosecute. So a lot of times evidence may be being collected, whether it's an international case or one that is domestic.
(27:33):
There may be activity that's happening that we're not aware of and we just have to wait for time to tell. But I would encourage you, it sounds like you have a passion for that. Get involved. Get involved. That's what I did get involved. And if you need some help getting pointed in the right direction, see me after. I'd love to be able to help you with that. All right, anybody else before we go? Alright, Mr. Sound guy, I think we are done. Thank you all so much for coming. I am Vivin Lia, this is American Banker. We are so glad that you came today. You guys can see us afterwards. I think James has to hop a flight, but we'll be around. Yeah, find us on LinkedIn. All right.
New Fraud Trends: Live Audience Interactive Q&A with Fraud Experts
June 2, 2025 1:52 PM
28:20