Fay Givens has a warning for small-business owners, nonprofits and others: Watch your checking accounts — someone could be using your money to pay their bills.
"Be very, very vigilant," said Givens, executive director for American Indian Services in Lincoln Park, a small nonprofit that provides a food bank and other assistance to Native Americans in the area.
She was reviewing her bank statements and spotted that an electronic payment of $449 went out on May 22. Then, she saw that another $415.03 Automated Clearing House payment was made on May 23 and an additional $1,407.13 went out on the same day.
All those payments went directly to DTE Energy.
But no bills are set to be automatically paid out of that account.
"When this shows up, you know it's fraud," Givens said.
The utility bill scam is yet another reminder that we all need to protect our financial data, keep a eye on our statements and steer clear of phishing scams. As the banking industry moves toward a faster ACH payment system that includes same-day payments, some industry experts suggest that more scams could hit in the future.
"These types of scams — like paying utility bills — are just going to grow," said Frank McKenna, chief fraud strategist of PointPredictive, which offers consulting services to banks, lenders and finance companies.
Technology that makes things easier in general can pave the way for con artists to craft a scam.
"The faster they can get their money, the faster they can get out and be anonymous," McKenna said.
Givens suspects that someone obtained the routing number and account number for the bank account for the nonprofit. It could have been as simple, she said, as one of the nonprofit's checks that was used to pay other bills somehow ending up in the wrong hands.
Then, she speculates that the bank account information was used on the phone to steal money out of the account to pay someone else's bills.
"If you're not vigilant on these things, all of a sudden you're paying for someone's bills for months on end. It's just a real scam," Givens said.
She was able to work quickly with her bank to file affidavits stating that the payments were unauthorized. So the nonprofit did not lose money. But much work had to be done to straighten things out and the account had to be closed and a new one had to be opened.
Why would someone use the nonprofit's account information over two days to pay three bills to DTE Energy?
"If it worked for someone, they might have given it to a friend or brother or sister," Givens speculated.
Jill M. Wilmot, DTE Energy manager of corporate communications, said the utility does not hear of this type of scam a lot.
She noted that DTE has a special program where people can pay off someone's utility bill as a gift so not all payments will match the name on the bill.
Yet about 18 months ago, Givens spotted a direct payment that was taken out of another account to cover a Detroit water bill. American Indian Services is outside of Detroit and doesn't pay Detroit for water service.
Givens suspects that this type of scam might happen more often than some realize because some utilities, such as the Detroit Water and Sewage Department, allow customers to pay by electronic check on the phone using a bank account number and the bank's routing number.
Bryan Peckinpaugh, public affairs manager for the Detroit Water & Sewage Department, said customers, as well as people who are family members or friends of customers, can pay by check over the phone to cover bills.
He said the water department takes check fraud and identity theft seriously.
"Our security and integrity unit is establishing a fraud group to investigate and eliminate any instance of fraud, which includes people paying their water bill with another person's financial information and water theft," Peckinpaugh said.
Banking experts say financial institutions typically work with local law enforcement, as well, to track down the con artists.
Experts say it's hard to know how the scam that hit American Indian Services evolved. But maybe someone hacked into an online banking account. Or maybe an inside job took place to steal money.
Mary Ann Miller, senior director and fraud executive adviser for NICE Actimize, said consumers need to watch their statements because back-office errors can be made with routing numbers and account numbers, too.
Miller, whose Hoboken, N.J.-based company assists banks and others in combating financial crime, said the U.S. financial system is moving toward faster behind-the-scenes electronic transfers of money.
"Millennials expect instant gratifications," she said. "There's an expectation of immediacy."
Apple announced this week that it will launch a way for iPhone and iPad users to send money digitally to each other via a text. We have money transferring apps, such as Venmo. And the network known as the Automated Clearing House is speeding up processing too.
"Fraud follows speed. It requires a new diligence," Miller said.
Consumers, of course, need to remain on guard to take care of their personal information.
Banking experts recommend that small businesses restrict online banking activity to a one highly secure computer system where email and Web browsing are not options.
It's also important to avoid having just one employee pay all the bills. Giving the job to one person who might be able to cover his or her tracks increases the risk of fraud.
The Federal Trade Commission has launched a new website to specifically address scams and cyber security attacks that target small business owners. The site is www.ftc.gov/SmallBusiness.
Utilities across the country, including DTE Energy, also have warned small-business owners and others about impostors who will call, claim you owe $1,000 for your electric or gas bill and then threaten to shut off your utilities in the next 30 minutes if you don't hand over a credit card number over the phone or go to the drugstore to buy a prepaid card.
Also experts say that phishing attacks continue to be used to facilitate fraud using electronic transfers of money out of bank accounts.
If someone clicks on an fraudulent attachment or web site, malware is installed on their computer.
The malware contains a key logger that will harvest bank account log-in information.
After stealing your log-in information, the con artist can create another user account or directly transfer money by masquerading as the legitimate user. The FBI noted that transfers have occurred as both traditional wire transfers and as ACH transfers.
The Federal Bureau of Investigation's Internet Crime Complaint Center reported back in 2009 that crime rings had figured out a way to exploit valid online banking credentials belonging to small and medium businesses, municipal governments, and school districts.
Millennials, seniors and other individuals aren't the only targets for con artists. Small-business owners — and small nonprofits — can be targeted, too.
►Make it easy to keep up to date with more stories like this. Download the WZZM 13 app now.