September 5, 2023
Andy Jones, CERP, co-owner (far right) with Kandi O’Brient, party manager, and Doug Quigg, manager
For Andy Jones, CERP, co-owner, Red Hat Rentals in Athens, Fairfield and Palestine, Texas, and co-owner, Tyler Tents and Events, Tyler, Texas, the cyber nightmare began when he was contacted by his financial advisers at Schwab asking whether he wanted to take money out of his account. It just escalated from there.
“I have two 401K plans. One is with Schwab and the other is with E-Trade. Within a week of each other, I was contacted by both of them to see whether I was trying to transfer money out of those accounts. I told them no. Schwab was able to stop the transfer of funds. Then the people at E-Trade contacted me as someone had sold some of my Apple stock. Those at E-Trade contacted me before everything was totally settled. The money was still in the account, but the stock had been sold. If they had waited one more day, the money would have been transferred out of the account,” he says.
Luckily, no money was lost in either transaction. As a result of that, both Schwab and E-Trade implemented two-stage authentication on both of Jones’ accounts.
Jones thought this was an isolated incident, that it was taken care of and put to rest.
He soon found that wasn’t the case.
The cyberattacks moved to his business.
It started when he received a call from his bank, asking about an ACH (Automated Clearing House) transfer for $50,000 from his account.
“I deal with a local, smaller bank. They know me, know what I sound like and know that we rarely do anything through ACH. We have on a few occasions, but it is not a normal deal. That and the fact that the person asking for the transfer didn’t sound like me alerted my bank, so they contacted me. I actually got on the phone with the person who was impersonating me. The bank was able to keep him on the phone and patch me in. At first the person who was impersonating me thought he was talking to someone from the bank. I asked him his name. He said my name. I said, ‘That is kind of odd that we have two people on the phone with the same name.’ He immediately hung up. Unfortunately, they couldn’t trace the call,” Jones says.
Shortly thereafter, a different small bank in Fairfield that Jones uses contacted him about another request for an ACH transfer. This one was for $100,000.
“The size of the request triggered the bank to call me. When I said I wasn’t transferring any money, they stopped the transfer,” he says.
After these incidents, Jones had to close every account he had and create new ones. “The difficulty is that you have automatic payments going out of these accounts. All of these businesses we deal with in this way had to be notified and changed to the new accounts,” he says.
Again, Jones thought the issue was behind him.
Then his work email was hacked. “Someone got into my email and took control of it and sent letters to my entire email list,” Jones says. “We have been working with a third-party IT person for the past 20 years who has been a big help to us. When this happened, we brought in an additional third-party IT person to try to do some investigating, but we have run up against a blank wall as to how they got in.”
After this incident, everyone in the company changed their email passwords and Jones talked with all his employees about phishing attempts and other schemes hackers use. Jones is also in the process of changing email providers.
“Before this happened, we were using GoDaddy for our email. Then they switched over to Microsoft. We didn’t have any trouble when we were dealing just with GoDaddy. I don’t know whether this is just a coincidence, but in trying to do something about the email situation, we found it extremely difficult to deal with Microsoft. We are in the process of getting an independent email provider who we can talk to and who we believe will be more aggressive if we have any more trouble,” he says.
Jones contacted the authorities, but he hasn’t received much help on that front. “We’ve been disappointed. I don’t think they have the tools to track this down,” he says.
After going through all of this, Jones reinforced his efforts to protect himself. In addition to working with his IT folks and his employees, he has been diligent about his own accounts. He has changed all the passwords, implemented double authentication on all his personal and business accounts, and called the credit reporting companies to put a freeze on his account so that if someone tries to open an account in his name, he will be notified.
All these incidents happened over a six-month period. “I thought it was an isolated deal with the 401K. I didn’t think it would move from there to my business accounts. That was an oversight on my part. I think they were all perpetrated by the same group or individual,” he says.
He is grateful that even with all these scares he didn’t lose any money. “What saved me on the ACH incidents was that I have a personal relationship with the bank. They knew my business practices and they knew who I was. I believe that if they didn’t know me so well I would have lost some money,” Jones says.
It was a harrowing experience that Jones never wants to go through again. He doesn’t want anyone else going through it either. That is why he has been sharing what happened to him with other businesspeople and friends as a way of warning them.
“I just was not prepared. I thought I was too small for a cybercriminal to come after me. When it happened, I didn’t really understand what I was dealing with nor did I understand it would continue to happen until I took action. After my experience, I have come to believe no individual or company is too small for a cybercriminal,” he says.
