thewayne | Entries tagged with financial theft

I wrote about this on September 13, at that time the company collapsed on a $26mil bounce. Turns out this CEO has been kiting checks on the float since 2010 or 2011 to the tune of $70mil!

He turned himself in with his attorney after talking to investigators for the last couple of weeks, so apparently his location has been known since MyPayrollHR collapsed. Here's the salient points from the report of his arrest:

According to the complaint filed by federal prosecutors:

--Mann fraudulently obtained at least $70 million in loans from banks and other financial institutions.
--As part of that alleged fraud, he created companies that "had no purpose other than to be used in the fraud."
--He also fraudulently represented to banks and financing companies that his fake businesses had receivables that they did not have.
--He obtained loans and lines of credit by borrowing against these non-existent receivables.

So basically MyPayrollHR, and everything else he's done for the last decade, was solely created for the purposes to create fraud. Whou'da thunk it with a company name like MyPayrollHR? Sounds like a nice upstanding firm name to me. /s

https://www.bizjournals.com/albany/news/2019/09/23/michael-mann-arrested-charged-bank-fraud.html

https://krebsonsecurity.com/2019/09/mypayrollhr-ceo-arrested-admits-to-70m-fraud/

Crossposts: https://thewayne.livejournal.com/1164702.html

This is a REALLY weird story that screwed over A LOT of people!

Almost no businesses process their own payroll anymore, they run through one or more processing companies. And that's where this problem takes place.

Here's the explanation from Brian Krebs:

To understand what’s at stake here requires a basic primer on how most of us get paid, which is a surprisingly convoluted process. In a typical scenario, our employer works with at least one third party company to make sure that on every other Friday what we’re owed gets deposited into our bank account.

The company that handled that process for MyPayrollHR is a California firm called Cachet Financial Services. Every other week for more than 12 years, MyPayrollHR has submitted a file to Cachet that told it which employee accounts at which banks should be credited and by how much.

According to interviews with Cachet, the way the process worked ran something like this: MyPayrollHR would send a digital file documenting deposits made by each of these client companies which laid out the amounts owed to each clients’ employees. In turn, those funds from MyPayrollHR client firms then would be deposited into a settlement or holding account maintained by Cachet.

From there, Cachet would take those sums and disburse them into the bank accounts of people whose employers used MyPayrollHR to manage their bi-weekly payroll payments.

But according to Cachet, something odd happened with the instructions file MyPayrollHR submitted on the afternoon of Wednesday, Sept. 4 that had never before transpired: MyPayrollHR requested that all of its clients’ payroll dollars be sent not to Cachet’s holding account but instead to an account at Pioneer Savings Bank that was operated and controlled by MyPayrollHR.

The total amount of this mass payroll deposit was approximately $26 million. Wendy Slavkin, general counsel for Cachet, told KrebsOnSecurity that her client then inquired with Pioneer Savings about the wayward deposit and was told MyPayrollHR’s bank account had been frozen.

Nevertheless, the payroll file submitted by MyPayrollHR instructed financial institutions for its various clients to pull $26 million from Cachet’s holding account — even though the usual deposits from MyPayrollHR’s client banks had not been made.

Everything is done by files being uploaded and downloaded, and those files are never inspected by people after they're initially verified - it's all an automated process. Apparently the CEO of MyPayrollHR thought he could steal the $26mil by diverting it into another bank account, but everything's been frozen and he's vanished with the FBI now involved.

Now things get worse.

Cachet's transfers go through, but they don't have the money from MyPayrollHR. So they issue a reversal. Again, electronic file. But they mess up the file and it's rejected. They do it a second time, and it's accepted, and all of the money that had been deposited into people's accounts is sucked out.

And then the original, misformatted reversal is processed, and the same amount is sucked out again. Resulting in overdrafts galore.

I'm not sure how it happened twice, but it's definitely a mess, and people are having fun trying to convince their banks that they're victims of a fraudulent scheme and trying to get the overdraft charges cancelled.

The one thing that I'd like to see in the Krebs article is some bio information on the CEO: age, family status, etc. Aside from the idiotic name - who would do business with MyPayollHR?! - were there any other warning signs that fraud was going to take place. MyPayrollHR had been in business for 12 years, was the CEO somewhat new or had he been in place since the beginning?

So. Many. Questions!

https://krebsonsecurity.com/2019/09/ny-payroll-company-vanishes-with-35-million/

Crossposts: https://thewayne.livejournal.com/1162139.html

"HELLO MY DEAR
Hi,....

Greetings from my sincere heart, i gotten your contact via searching i made on the Internet.

I have been undergoing treatment for Cancer. My husband was murdered alongside our only son GREG by those who are envious of his position in the same office.

Before his death he made a vow to use his wealth for the down trodden, orphanages and the less privileged in the society.

Having known my critical condition I decided to donate this fund to an individual or better still a God fearing person like you who will utilize this money the way I am going to instruct here in. I am seriously down by the cancer.

I want an individual that will use this fund and provide succor to poor and indigent persons, orphanages, and widows and for the propagating peace. What is required of you is your honesty, trust and sincerity.

Any delay in your reply will give me room in sourcing for another individual for this same purpose. Please be sincere in your heart.

I will like TO SPEAK WITH ON PHONE, so I appeal to you to humbly provide your phone to enable me speak with you on phone.

Reply Me Via My Personal Email:...... (elizswy@yahoo.com).....

My Regards To You And Your Family.

Thanks With Deep Love & Gratitude

Elizabeth S. Wylie
(WIDOW "

Yes, the message ends with an open paren. The DW profile was created on the 29th and has no posts or information on the profile, though curiously it lists a full street address in Ohio. I blocked this person and hopefully DW will purge them.

Crossposts: https://thewayne.livejournal.com/1033927.html

This has been around for a while, they charge just under $10 to your card in the hope that it's something that you don't remember but accept as something that you probably bought. The long-running one charged $9.84 for 'online learning', the new one charges a variety of amounts between $10-15 and the vendor is BLS*Weblearn or PLI*Weblearn, they're probably the same people just changing up their game a bit.

http://krebsonsecurity.com/2014/03/whos-behind-the-bls-weblearn-credit-card-scam/

Certegy provides check processing services to a HUGE number of retail operations throughout the United States, possibly credit card processing internationally. Wal Mart? Best Buy? Certegy customers.

They weren't hacked, they were robbed. A database administrator, which is what I do for a living, stole banking and credit card information from 2.3 million accounts, and SOLD THEM TO MARKETERS. It has since been found that a large number of people are experience a variety of problems ranging from identity theft to having their accounts plundered. Class action law suits are being formed even as we speak.

http://www.networkworld.com/news/2007/070307-fidelity-national-records.html

I'm not personally concerned because of my current checking account, one has never been used at Best Buy or Walmart, one was opened in April which is after the data theft, and the other is being closed. But PLEASE order copies of your credit ratings and keep a VERY close eye on your bank statements! The article says that Certegy is "implementing a fraud watch associated with the stolen records, has also notified credit-reporting agencies TransUnion, Equifax and Experian of the incident, in addition to notifying Visa and MasterCard.", but based on feedback to the article, people are having to get the credit monitoring in place themselves and lots of banks, including Wells Fargo IIRC, do not know this is going on.

Here's one reply to the article, there's something like 45 of them:
"I decdided to call them to see if I was included in their database, and if so how I could remove myself. The person I talked to said that she needed by Driver's license number, my routing number, and my account number to even tell if I was in the Database. But she added that if I had ever written a check or used my debit card at Wal Mart, Bestbuy or 374,998 other businesses in the US, then I was definately in their database. I asked how to remove myself from the database, and she replied stop writing checks or using my debit card. I then asked that since I was probably already in their database, how can I get the information removed? She said I cannot, it is Certegy property.

I'll be talking about preventing something like this from a technical side on my other blog.

Always strive to learn something useful. --Sophocles

You are coming to a sad realization. Cancel or allow?

Entries tagged with financial theft

That payroll processing firm collapse? They arrested the CEO. $70,000,000 fraud.

Payroll processing firm vanishes overnight after $26,000,000 mistake!

Wow. I just received a Nigerian Prince private email on DW!

A new take on an old micro-charge credit fraud

Ever hear of the company Certegy? Be frightened, very frightened.

Profile

July 2025

Syndicate

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags