Sb1 Federal Credit Union of Philadelphia is still trying to find out how to identity thieves were able to tap into a customer's home equity line of credit, steal his private information – including passwords – and convince the credit union to wire $220,000 from the HELOC to an unrelated account in Hong Kong.
The unidentified consumer was among dozens of credit union members in the Mid-Atlantic region who had their HELOCs manipulated for the transfer of millions of dollars, much of it to overseas accounts.
Some 20 suspects have been charged so far in the HELOC scam, which hit Sb1, Navy Federal Credit Union, U.S. Senate FCU, Pentagon FCU, State Department FCU, JPMorgan Chase, Bank of America, and other second lien lenders.
It is unclear whether the criminals in the different cases were part of the same scheme.
While credit unions typically verify the authenticity of a wire request by contacting the member at a telephone number on file, the suspects used one of two techniques to reroute the verification call. Either they would persuade credit union officials to change the account holder's number on file to one they set up; or they would contact the local phone company to report a fake technical problem and have the calls forwarded to one of their own phones.
Some of the details of how the scam worked have emerged in a new suit filed by Sb1, the credit union for pharmaceutical giant SmithKline Corp., against CUMIS Insurance Society, which has denied its $220,000 claim in the fraud.
CUMIS, a unit of CUNA Mutual Group, said the credit union's claim is not covered under the Funds Transfer, Electronic Crime, Forgery or Alteration, and Unauthorized Signatures provision of its bond coverage, which excludes losses occurring through "fraudulent email, faxes or telecommunications," according to the suit, filed in U.S. District Court for the Eastern District of Pennsylvania.
