Companies of all sizes are being targeted by criminals through Business Email Compromise scams. In these scams, cybercriminals gain access to an employee’s legitimate business email through social engineering or computer intrusion. The criminal then impersonates the employee ¾ often a senior executive or someone who can authorize payments ¾ and instructs others to transfer funds on their behalf. Stock Yards Bank & Trust recommends the following tips to help businesses and employees avoid business email compromise attacks:
- Educate your employees. You and your employees are the first line of defense against business email compromise. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Use alternative communication channels to verify significant requests. Have multiple methods outside of email – such as phone numbers, alternate email addresses – established in advance through which you can contact the person making the request to ensure it is valid.
- Be wary of sudden changes in business practices or contacts. If an employee, customer or vendor suddenly asks to be contacted via their personal e-mail address, verify the request through known, official and previously used correspondence as the request could be fraudulent.
- Be wary of requests marked “urgent” or “confidential. Fraudsters will often instill a sense of urgency, fear or secrecy to compel the employee to facilitate the request without consulting others. Use an alternative communication channel outside of email to confirm the request.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions such as call backs, device authentication and multi-person approval processes.
If you fall victim to a business email compromise scam:
- Contact your financial institution immediately to notify them about the fraudulent transfer and request that they contact the institution where the fraudulent transfer was sent.
- File a complaint, regardless of dollar loss, at www.IC3.gov.
Cybercrime continues to be a growing problem in the U.S. According to the FBI’s Internet Crime Complaint Center, in 2015 the agency received approximately 288,000 complaints from consumers who were exposed to online fraud — up from nearly 270,000 in 2014. In recognition of Cybersecurity Awareness Month, the American Bankers Association is urging online users to take simple steps to safeguard their personal information, protect their networks and stop fraud.
“Fraudsters are using the Internet to facilitate all types of scams,” said Doug Johnson, ABA’s senior vice president of payments and cybersecurity policy. “As a result, it is extremely important that online users secure their Internet connection and install the latest security software to lessen their exposure to online threats.”
ABA recommends the following tips to protect yourself while navigating the web:
- Keep your computers and mobile devices up to date. Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.
- Create complic@t3d passwords. A strong password is at least eight characters in length and includes a mix of upper and lowercase letters, numbers, and special characters.
- Watch out for phishing scams. Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with. Forward phishing emails to the Federal Trade Commission (FTC) at firstname.lastname@example.org – and to the company, bank, or organization impersonated in the email.
- Keep personal information personal. Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lock down your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc. Be wary of requests to connect from people you do not know.
- Secure your internet connection. Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it.
- Shop safely. Before shopping online, make sure the website uses secure technology. When you are at the checkout screen, verify that the web address begins with https. Also, check to see if a tiny locked padlock symbol appears on the page.
Resource information provided by the American Bankers Association