With more people using computers and cellphones to conduct financial business, cases of fraud and cybercrime are on the rise. Add the fact that criminals are also hacking direct mail from under the noses of the U.S. Postal Service (USPS) and there’s virtually no place where it’s safe to let down a guard against thieves.
“Fight Back on Fraud and Cybercrime,” a private seminar hosted by Stellar Bank on Nov. 5 in the Neches Room in downtown Beaumont, featured a detailed assessment of the problem at hand, as well as advice on how to prevent falling victim to thieves, from the bank’s senior vice president and fraud director Jamie Burud, and Ryan Beil, senior vice president and director of information security.
Burud has 25 years in banking, combating fraud and investigating breaches. She is active in several local and international organizations dedicated to detecting and preventing fraud. In 2010, she received a Letter of Recognition from the U.S. Secret Service for her role in a multi-million-dollar investigation that led to the arrest of several individuals using investment scams to defraud elderly victims.
In March, Burud testified before the Texas Senate Criminal Justice Committee in support of several bills increasing penalties for forgery, debt fraud and check fraud.
At Stellar Bank, Beil oversees security operations, risk management, threat and vulnerability management, and the security management program. Previously, he served as chief information security officer at another financial institution, where he overhauled information security programs to meet regulatory expectations.
Beil holds several certifications and has served in various roles within the Federal Reserve System. He also participates in working groups with the Financial Services Information Sharing and Analysis Center, which advances cybersecurity and resilience in the global financial system.
According to Beil, most people think fraudulent victimization can’t happen to them.
“It happens to people that are tech-savvy and non-tech-savvy — it doesn’t matter,” he said. “Hackers are getting better and more sophisticated. The tools are making it easier for them to do their jobs — and for them, it is a job.”
Beil said crime rings often have human resources departments and clear career progression paths.
He noted that hackers “go to work every day” trying to defraud financial institutions, small businesses, and individuals. In 2023, scammers stole more than $10 billion — and the amount continues to grow every year.
“Financial institutions typically won’t ever ask for sensitive information via phone or text,” Beil emphasized.
Both Burud and Beil repeatedly advised attendees: “Don’t put your mail in blue collection boxes, use multifactor authentication, and remember — humans are the weakest link, but we can also be the strongest.”
Fraud domination
According to the 2024 Nasdaq Global Finance Crime Report, AFP Fraud Report and the U.S. Postal Inspection Service (USPIS):
• $485.6 billion in fraud losses occurred worldwide.
• 79% of organizations were victims of payment fraud attempts.
• 63% of organizations experienced actual or attempted check fraud.
• Mail theft and check fraud are nationwide, with a 200% increase in postal carrier robberies.
• Telegram is the fourth-largest messaging app used by cybercriminals and fraudsters.
• Third-party impersonation is the most frequent business email compromise (BEC) scam.
• $77.7 billion in fraud losses were reported among elderly victims.
Burud noted that, while some reports suggest fraud is slightly declining, the numbers are misleading.
“We’re seeing business email compromise and check fraud continue to dominate both in life and financial impact,” she said. “The methods are simple and require very little sophistication. Fraudsters are shifting back to wire transfers from the Automated Clearing House (ACH), although ACH remains one of the preferred payment rails.”
She added that fraudsters’ methods rely heavily on stolen mail, social engineering, and human vulnerability.
“We make it way too easy for them,” Burud said. “Prevention starts with training and awareness. Education is the most powerful tool we have to stop these crimes.”
Burud said USPIS has reported a 200% increase in postal carrier robberies.
“They’re robbing postal carriers for the checks in the mail — and for the arrow keys that open every blue collection box in the United States,” she said. “Criminals are even offering postal employees $5,000 to $9,000 for their keys. If you don’t make much money, that’s a big temptation.”
She added that criminals are now 3D-printing arrow keys, too.
“They have multiple ways to get those keys and open those blue boxes,” she warned. “So again — don’t drop your mail in the blue box.”
Burud also warned about Telegram.
“They recruit and sell everything you can imagine on Telegram,” she said. “They’re stealing checks from the mail and immediately posting them for sale — not even on the dark web, just in a messaging app like WhatsApp or Instagram.”
Burud said what begins as fraud often funds human trafficking, drug trafficking, and terrorism. Of the $77.7 billion in fraud losses reported by elderly victims, only one in 13 incidents is reported to law enforcement.
“It’s very sad,” she said. “They keep it to themselves — they’re losing their homes.”
Cyber threats, real consequences
According to Verizon’s 2025 Data Breach Insights report:
• Ransomware attacks increased 37%.
• 65% of breaches resulted from unintentional employee mistakes.
• 20% were caused by exploited vulnerabilities.
• There was an eightfold increase in attacks targeting network devices and VPNs.
• 30% of breaches involved third parties — double from the previous year.
• 88% involved stolen credentials.
Beil said Verizon’s cybersecurity teams often investigate data breaches for businesses.
“People inherently want to do good, and when they get a concerning email or text, they react quickly,” Beil said. “One click can shut down your operations or install ransomware.”
He added that 80% of breaches Verizon investigated in 2024 resulted from stolen or reused credentials.
“If you reuse passwords, especially across email accounts, one breach can compromise everything,” he said. “Nearly 90% of breaches stem from stolen passwords.”
Money in the mail
The American Bankers Association reports that, while check usage has declined by 25%, reports of check fraud have more than doubled in the same timeframe. Theft of mail, altered or “washed” checks, and the sale of stolen checks are at an all-time high.
Beil emphasized the importance of verifying payments and knowing vendors. Both banking experts urged individuals to:
• Avoid mailing checks; take them inside the post office.
• Sign checks in permanent ink.
• Invest in high-security checks.
• Use alternate payment sources.
• Use Positive Pay services.
• Confirm receipt with vendors or payees.
• Monitor accounts daily.
• Don’t leave mail in mailboxes overnight.
Business Email Compromise (BEC), the banking staff advised, tends to target businesses that perform wire or ACH transfers and impacts organizations of all sizes and sectors as attackers study victims before initiating scams.
A common scenario involves attackers impersonating a supplier and sending a fraudulent email changing remittance instructions. The victim believes the message is legitimate and wires money to a bogus account, which is quickly transferred offshore.
Prevention tips to avoid the common BEC con include:
• Verifying any remittance changes by phone using a known number.
• Conducting vendor due diligence and ensuring multifactor authentication use.
• Using multifactor authentication for all internet-facing applications.
• Using a unique password for every account. (and)
• Verifying all payment changes (amounts, bank info, etc.).
Scammers use everyday tools — text messages, phone calls, social media and dating apps — to target victims, especially the elderly.
Signs of a scam text typically involve:
• Strange phone numbers.
• Urgent warnings or requests.
• Poor grammar or spelling.
• Requests for personal information.
• Suspicious links.
“Smishing” is a growing scam that involves fake toll collection texts. Experts warn to never click a link from an unexpected message, even those that may appear legitimate. Banks and government agencies will not use text as a primary communication method.
Phone scammers often use scare tactics or threats and ask for personal data.
Engineered for failure
About 65% of breaches in 2024 resulted from user mistakes and attacker manipulation through trust via email (phishing), text (smishing), voice (vishing) or in person.
Be cautious with suspicious emails, the experts warn, and ask critical questions: Do you know the sender? Is the message normal for them? Are you expecting it? Then, hover over links to verify the URL.
Experts report that 88% of breaches in 2024 involved stolen credentials. Many users reuse short or simple passwords across multiple accounts and that leaves them vulnerable to attack. Recommendations to prevent stolen password fraud include using a password manager; creating unique, complex, randomized passwords for each account; randomizing login names when possible; and using multifactor authentication.
Beil stressed the danger of password reuse.
“People use the same password for work, personal email, bank accounts — even food delivery apps,” he said. “If one is breached, everything’s at risk.”
He added that breach databases contain over 1.1 billion stolen username-password combinations.
“Length equals strength,” he said. “The longer your password, the harder it is to crack.”
According to statistics, there was an additional 37% increase in ransomware attacks in 2024.
Malware deletes back up files (no recovery) and encrypts victim files (no data access).
The attacker demands ransom, and payment is only option to obtain a valid decryption key.
To avoid ransomware, experts suggest:
• Using computer accounts with a low level of privilege.
• Filtering inbound emails and blocking dangerous file types, xlsm, docm, pptm, etc.
• Changing Microsoft Office settings to block macros from running.
• Using quality endpoint protection tools, configuring host-based firewalls, blocking client to client traffic, and configuring a perimeter firewall.
• Practicing safe password management (avoid reusing passwords; use long passwords with complexity – letters, symbols, numeric; avoid dictionary words).
• Creating multiple backups and using immutable technology, (e.g. Rubrik,Veam, AWS, etc)
• Talking to your broker about cyber insurance.
Those that have been targeted by fraud are advised to immediately contact their bank and make a police report. For stolen mail, contact USPIS (uspis.gov/report) or call 877-876-2455.
Change passwords and visit IdentityTheft.gov.
Also, report the scam to the Federal Trade Commission, and complete an Internet Crime Complaint Center (IC3) complaint form, freeze your credit reports immediately, hand deliver sensitive mail, closely monitor financial records, and verbally verify changes in any payment instruction.
Victims of cybercrime are also urged to create new strong and unique passwords, enable two-factor authentication, patch vulnerabilities and use a reputable password manager.
— Dannie Oliveaux | DannieOliveaux@TheExaminer.com
