Halston Media Recently Fell Prey to Cyber Theft

Over the last several years, no fewer than six employees at Halston Media have been the victims of major cyber theft. 

The latest victims were my wife and me. A few weeks ago, someone pretending to be one of our employees asked us to change their bank account for direct deposit. To explain, employees and independent contractors request bank changes from time to time, so the request wasn’t out of the ordinary. The real employee didn’t notify us of his missing paycheck until a couple of weeks later. Of course, we reimbursed him for the missing amount. 

While every email address is unique, a person can choose any name when setting up an account. Many email programs only show the sender’s name in the “from” line. In order to see the actual address, you have to actively click on the name. This is especially true when reading emails on your cell phone. So, thieves can pretend to be anyone, and they can make it look quite real by copying the person’s signature. This particular type of cyber theft is known as a phishing scam. Obviously, my wife and I should have done more due diligence before changing an employee’s bank account.

After we discovered what happened, my wife filed a criminal complaint with our local police department and our bank tried to recover the missing funds to no avail. Through the routing number, I was able to find out that the thief set up his account with Green Dot Bank, which is headquartered in Ohio. After putting me on hold for over a half hour, a Green Dot Bank employee instructed me to send them a formal letter to explain what happened, and we “may” be able to recover our money. 

Since the incident, we’ve changed our procedures, and employees and independent contractors must request changes of this nature over the phone (although AI reportedly will facilitate even scarier types of identity theft in the future, where thieves will be able to steal a person’s voice).  

A few months before this, another employee was tricked into surrendering a vast sum of money. The thief in that instant convinced our colleague that his/her bank account was hacked, and said that if he/she tells anyone, then the investigation would be compromised. So, our colleague physically went to his/her bank and transferred his/her funds into a new “uncompromised” account. For months now, our colleague has been unable to recover the funds.

A few years ago, someone pretending to be me asked an employee to send them a few hundred dollars in gift cards. That employee obliged. 

And finally, our editor-at-large, Bob Dumas, has written extensively about being the victim of cyber theft on a number of occasions. In his case, the thieves actually hacked into his accounts, and one even hacked directly into his computer. 

In all instances, the local police departments where we’ve filed complaints have told each of us that there’s really not much they can do, and that this happens all the time. 

Why are the police unable to arrest anyone for this crime? If six people on our team have been victims of this crime, how many of our readers have been victims as well? If banks are required to know the identity of their customers, how are the thieves able to get away with it? What can the government do to fix the problem?

We have a lot of questions and we assume our readers do as well. So, our editorial team plans to investigate. We’d love to hear from you during the course of our investigations.