Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat
What do you need?
- Cyber Criminals
- Hackers
- Organized Crime
- Names
- Addresses
- Phone Numbers
- Email Addresses
- Social Security Numbers
- Account Numbers
- Account Balances
- Check Number ranges
- Passwords and Access Codes
- Software and Hardware information
- Phishing Attacks – When internet fraudsters impersonate a business, co-worker, or other trusted individual to trick you into giving out your personal information, it’s called phishing.
- Using Weak Passwords – The longer the password, the tougher it is to crack. Use at least 10 characters; 12 is ideal for most home users. Mix letters, numbers, and special characters. Try to be unpredictable
- Unsecured PCs, Servers, and Networks – You can find free security software from well-known companies. Anti-Virus, Web Browser, and Operating system updates are released on a weekly or even daily basis, so set your operating system and web browser to update automatically to never miss these critical updates.
- Malware and Viruses – Malware includes viruses, spyware, and other unwanted software that gets installed on your computer or mobile device without your consent. These programs can cause your device to crash, and can be used to monitor and control your online activity, or log keystrokes to capture anything you have typed, such as usernames, passwords, Social Security Numbers, etc.
- Do not send confidential information of any kind by email unless it is encrypted.
- Change your passwords often. Even if the website doesn’t require it, it is a good practice to change your passwords at least every six months.
- Never disclose your login credentials to other people or companies.
- Do not store your ID and Password information where others could gain access to it. It is best not to write the information down at all.
- Do not use public computers and open wireless networks for sensitive online transactions. Wi-Fi spots in airports, hotels, coffee shops, and other public places can be convenient but they’re often not secure and can leave you at risk. If you’re accessing the Internet through an unsecured network, you should be aware that malicious individuals might be able to eavesdrop on your connection. This could allow them to steal your login credentials, financial information, or other sensitive information. Any public Wi-Fi should be considered unsecure.
CEO Email Fraud or Business Email Compromise is a fast growing scam in which cybercriminals trick employees into transferring large sums of money to them by impersonating CEOs and other company executives in spoofed emails. The FBI has reported billions in losses over the past few years in the United States, affecting businesses in all 50 states. How does it work? The schemers first study their intended victims. Social media websites, a company’s own website, and news reports can give employees’ names, job titles, email addresses, and telephone numbers, as well as information about the company’s business dealings. Fraudsters also pose as third parties – perhaps the company’s bank, a vendor, or someone legitimately seeking information – in phishing emails and pretexting calls designed to trick employees into disclosing confidential information. With a company’s information, scammers can spoof, or fake, an email to an employee who they know can transfer money or pay invoices for the company, making the email look like it’s coming from an executive officer, regular vendor or other trusted source. In some cases, hackers break into a company’s email system and send urgent requests for money transfers. Once the money is wired, it can be nearly impossible to recover. These tips can help you guard your company against these scams:
- Establish a multi-person approval process for transactions above a certain amount.
- Set up a system that requires a valid purchase order and approvals from a manager and a finance officer to spend money.
- Verify by phone any changes in vendor payment information and fund transfer requests.
- Remember – email never is a secure way to send financial information. Don’t transmit account information by email and question any emailed payment requests that include account information.
- Slow down. Take time to verify any request, even an urgent one. And be suspicious of any request for secrecy.
Corporate Account Takeover is a form of identity theft in which criminals steal your valid online banking credentials. The attacks are usually stealthy and quiet. Malware introduced onto your systems may go undetected for weeks or months. Account-draining transfers using stolen credentials may happen at any time and may go unnoticed depending on the frequency of your account monitoring efforts. The good news is, if you follow sound business practices, you can protect your company:
- Use layered system security measures: Create layers of firewalls, anti-malware software and encryption. One layer of security might not be enough. Install robust anti-malware programs on every workstation and laptop. Keep the programs updated. Manage the security of online banking with a single, dedicated computer used exclusively for online banking and cash management. This computer should not be connected to your business network, should not retrieve any e-mail messages, and should not be used for any online purpose except banking.
- Educate your employees about cybercrimes. Make sure your employees understand that just one infected computer can lead to an account takeover. Make them very conscious of the risk, and teach them to ask the question: “Does this e-mail or phone call make sense?” before they open attachments or provide information.
- Block access to unnecessary or high-risk websites. Prevent access to any website that features adult entertainment, online gaming, social networking and personal e-mail. Such sites could inject malware into your network.
- Establish separate user accounts for every employee accessing financial information, and limit administrative rights. Many malware programs require administrative rights to the workstation and network in order to steal credentials. If your user permissions for online banking include administrative rights, don’t use those credentials for day-to-day processing.
- Use approval tools in cash management to create dual control on payments. Requiring two people to issue a payment – one to set up the transaction and a second to approve the transaction – doubles the chances of stopping a criminal from draining your account. Review or reconcile accounts online daily. The sooner you find suspicious transactions, the sooner the theft can be investigated.
For more information on preventing and reporting Identity Theft, visit www.ftc.gov or www.identitytheft.gov. Also visit www.onguardonline.gov for more tips to help you stay safe and secure.
Have questions? We’d love to help.