Tech View: Ohtani’s woes illustrate necessity of safeguards

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

The recent events surrounding baseball phenom Shohei Ohtani and his longtime interpreter Ippei Mizuhara are still not fully known. After all, Mizuhara was formally charged with bank fraud only late last week. One thing many folks wonder is how Mizuhara could pull off such a scam. Whether he is guilty or not, the fact of the matter is it that similar capers happen regularly.

Businesses and people have increasingly been victims of wire-based financial fraud over the past decade. This is typically done via targeted emails, aka spearphishing. The marks are often financial service businesses or, in some cases, high-net-worth people for whom wiring funds is commonplace.

This con is a long game, with the bad guys gathering information from organizations and identifying reporting structures and processes over time. This information is gathered through various methods, some legitimate and others not so much. Oftentimes a reporting structure can be garnered merely by looking up an organizational chart on the web.

But the most common method to gather such information is by intercepting emails. As mentioned here before, email is an extremely insecure method of transmitting information, and unfortunately, there’s not much that can be done about that.

While “secure email” exists as a technology, like the paperless office, all it takes is one party to not play by the rules and the security is shot. In the paperless office, if one person brings paper into the procedure, the process breaks down. Similarly, secure email communication requires everyone in the chain to utilize a secure method, and that’s just not something we’ll see anytime soon.

Once the reporting structure is determined, it’s just a matter of composing a fake email trail. Typically, this looks like an email conversation, wherein the boss orders a wire to be sent out — but everything is fake. It’s then sent from a spoofed email address to the person(s) responsible for sending out the wire.

Don't miss out on what's happening!

Stay in touch with top news, as it happens, conveniently in your email inbox. It's FREE!

By clicking to sign up, you agree to Star-Advertiser's and Google's Terms of Service and Privacy Policy. This form is protected by reCAPTCHA.

Seemingly simple, this scam has been run time and time again, proving successful for the bad guys. And really, the only solution is nontechnical. Organizations need to implement safeguards, such as requiring a verbal approval from one or more responsible managers and implementing waiting periods to avoid “on the fly” wiring.

Realistically, if a financial institution receives wiring instructions from an authorized person, it won’t ask too many questions. Institutions have their own processes to identify these people, but that’s about the extent of it. They won’t ask why thousands of dollars (if not more) are being wired to a shady party such as a suspected bookmaker.

It should go without saying that people need to be careful about who has access to their accounts. If the allegations about Mizuhara are true, the lesson there is that one can never be too cautious.

If someone who knows all of your personal details also has access to your accounts, you’d better be darn sure they are trustworthy. Or, make sure you’ll be alerted whenever large transactions take place. Virtually every financial institution today offers such services.

John Agsalud is an information technology expert with more than 25 years of IT experience in Hawaii and around the world. He can be reached at jagsalud@live.com.