Financial Phishing: Steps To Prevent Socially-Engineered Wire Fraud

January 16, 2025

James Gomes (Gomes), a former branch manager, was sentenced to 13 months in prison for stealing approximately $208,938.68 from a customer's accounts.

Gomes used his position to access the customer's accounts, linked his phone number, and transferred funds to his personal accounts. He used a fraudulent email address to impersonate the customer and continued the scheme, even after the customer's death.

According to the source:

According to court documents and statements made in court, from January 2020 to April 2020, James Gomes, 43, of New York, used his position as a branch manager of an international financial institution to improperly access a customer's accounts and to steal a total of approximately $208,938.68. Without authorization, Gomes linked his personal phone number to the customer's accounts and enrolled the customer's accounts in the bank's online banking services. In March and April 2020, Gomes fraudulently transferred the customer's funds to Gomes' personal bank and investment accounts at other financial institutions. To cover up his scheme, Gomes created a fraudulent email address containing the customer's name, which he used to engage in fictitious conversations with his own official bank email address to make it appear that the customer was communicating with him. Gomes continued the scheme even after the customer's death on April 5, 2020. https://www.justice.gov/opa/pr/bank-manager-sentenced-prison-misusing-position-steal-hundreds-thousands-dollars-bank (Nov. 06, 2024).

Commentary

At the centerpiece of the crime were fictitious requests for transfers. As the source indicates, Gomes created an email account that appeared to come from the customer. Gomes would use the fake email account to make fraudulent transfers to accounts Gomes controlled.

When bank auditors reviewed the account, it appeared legitimate because the email address contained the name of the customer.

It is not clear how the crime was uncovered. Most likely, after the customer passed away in 2020, the customer's estate was able to uncover the fraud by discovering that the accounts were not part of the estate and that the email was fraudulent.

A best practice is not to permit transfers outside the bank (especially international accounts) by email. Fake email addresses are free. Sending a transfer request via a fake email is the equivalent of financial phishing.

The final takeaway from this crime is that standards need to be created for the safe transfer of funds.

Finally, your opinion is important to us. Please complete the opinion survey:

Related Articles

Related Training

Related Seminars

Related Checklists

Related Links

Related Podcasts


This site uses essential/technical cookies to function. Cookies allow us to provide the best experience possible and must be enabled to use this site properly. By continuing to use this site, you agree to our use of cookies. Please see our Privacy Policy or How to Enable Cookies for more information.

An error has occurred. We have been notified and are working to resolve the problem. Please return to the front page and try this action again later.

Error!

An Error has ocurred on this site.

The error has been reported to our programmers and we are working to correct it. We generally get errors fixed overnight, so please feel free to try this action again tomorrow.