Industry Update
Cybercrime Can Impact Everyone. Don't be a Victim!
2016.11.17 01:04
admin
Cybercrime Can Impact Everyone. Don’t Be a Victim!
We are all looking for opportunities to prosper and keep in time with rapidly changing technology. It is so important to maintain a standard of vigilance. As you may have heard in recent news reports, a dangerous trend has been identified that deserves your attention–individuals and businesses are being tricked into revealing personal and company information, which is then being used for criminal purposes. These cybercriminals never stop working to steal your information and your money. All computers are potentially susceptible to malicious software (malware) attacks and anyone can be a target!
Users can be tricked into sending funds to cybercriminals, revealing login credentials, or inadvertently granting access to PC or network environments; downloading malware by clicking on fraudulent popup messages on known but compromised websites; or by clicking on infected images, documents and links in websites or emails.
Once your computer or network is compromised, so are its contents, which may give cybercriminals access to confidential login credentials, bank information, personal information, company information, customer information, Taxpayer IDs, credit card numbers and other private data.
Email accounts can be easily compromised, resulting in an address book full of potential victims. Cybercriminals are frequently sending fraudulent messages posing as the email account’s owner to request the wire transfer of funds to a fraudulent account. They may also attach documents, images or links infected with malware. Links in a fraudulent email may display a legitimate website address but take victims to a malicious site.
Your clients are susceptible too! Their email accounts can be hacked and fax numbers can easily be programmed into other machines. And when a victim’s hacked email account is used to order goods or request a transfer of funds, you may be on the receiving end of one of those fraudulent messages. It is your responsibility to ensure that your computer systems are secure but with all of these tricks and traps, how can you ever be safe?
Strategies to Avoid Becoming a Cybercrime Victim
Users:
• Always verify any email requesting the wire transfer of funds, even when it comes from a known source, by calling your client.
• Always be suspicious of unsolicited emails, even from a known source.
• Never email complete instructions with credit card numbers, account numbers and bank routing numbers. Call the other party to complete and verify the full information to be used.
• Never click on attachment links in unsolicited or unusual emails.
• Never rely solely on a fax or email request to wire funds or purchase/ship goods, again, call your client.
• Never respond to unsolicited phone calls, emails, or text messages requesting sensitive information.
Note: The IRS, FDIC, Better Business Bureau, and other Government Agencies never use email to deliver requests to resolve issues regarding penalties, infractions or complaints, and you should be suspicious of any such request. In addition, a Bank will never ask you for your password or other security codes via text, email or popup message.
Procedures:
• Develop a callback process for handling every incoming email/fax demand for payment or request to wire transfer funds…and be sure to follow it!
• Implement a strong password policy for all devices, system applications, and network access points. Best practices include a minimum length of 10-12 upper case, lower case, numeric, and special characters.
• If possible, implement dual authorization and separation of duties for monetary processes.
• Regularly review computer, network, and Internet security policies with staff.
• If possible, dedicate a computer for online banking activity, including wire transfers initiation and ACH origination, and no other Internet use.
• Reconcile bank accounts daily.
• Develop internal procedures–including immediate escalation–if staff observes suspicious account or computer activity.
Warning Signs of a Potentially Infected Computer:
• Noticeable change in computer performance or screen appearance.
• Unexpected computer lockup, rebooting or restarting.
• Unusual popup messages, requests for a one-time password or to “Allow…”, which includes popup requests for Online Banking IDs, passwords or security token passcodes.
If You Become A Victim:
• Contact your Bank’s Client Support Team to determine if online banking access should be immediately suspended.
• Contact the appropriate authorities.
• Immediately perform a computer/network security assessment or hire a reputable third party to assess your environment.