Cyber attacks have become increasingly sophisticated, which is a lesson that one small business owner had to learn the hard way.

In December, Cody Mullenaux was contacted by someone claiming to be a Chase bank employee. This individual said he was calling to verify a suspicious transaction, and asked Mullenaux to log into his account via a secured link. During a nearly three-hour phone conversation, Mullenaux proceeded to provide answers to all his bank security questions.

While he was providing these answers, another scammer was impersonating him on the phone with Chase. The scammer initiated a wire transfer from Mullenaux’s accounts using the answers to his security questions. This scam ended up causing him to lose a total of $120,000.

The worst part? The scammers took advantage of regulatory loopholes, so Chase isn’t required to replace the money. According to CNBC, Mullenaux hasn’t recouped any of the funds yet.


What Is Phishing-As-A-Service?

Mullenaux’s situation sounds similar to a new wave of scams, known as phishing-as-a-service. This occurs when cybercriminals offer phishing kits in exchange for a fee.

Phishing campaigns only work if they appear realistic to the victim. With phishing-as-a-service, criminals receive everything they need to launch a successful phishing attack. They receive email templates, website templates, graphics, and even lists of potential targets. Robin Banks is an example of a phishing-as-a-service platform.

These service offerings enable cybercriminals to launch phishing campaigns that may not have the tools or resources to do so otherwise. They also allow higher-tier criminals to develop more sophisticated attacks.

What to Do If You’re The Victim of Cyber Crime

One big takeaway from Mullenaux’s story is that you should always be suspicious if someone calls, texts, or emails you asking for personal information. Cybercriminals have software they can use to spoof websites and caller IDs, making the request seem legitimate.

Here are some steps you can take if you suspect you’ve been a victim of fraud:

  • Secure your devices: The first step is to change all of your passwords, especially for any bank accounts. If you think your computer could have been compromised, you may want to have it professionally cleaned.
  • Monitor your bank accounts: Watch your bank and credit card statements closely for any unauthorized transactions. If you notice any suspicious activity, contact your bank immediately.
  • Freeze your credit report: Consider freezing your credit report to prevent anyone from opening new accounts in your name.
  • Report the fraud: Report the fraud to the FTC and any other relevant government agencies. The FTC also recommends reporting the theft to the FBI’s Internet Crime Complaint Center as soon as possible.
  • Document everything: Keep records of everything related to the incident, including the date and time it occurred and who you contacted for help.
  • Request a reverse wire transfer: According to the FTC, anyone who’s concerned they may have wired money to a scammer can request a reverse wire transfer at their bank. However, sending a wire transfer is like giving someone cash, so this may not work. The sooner you request the reverse transfer, the better.