FRAUD! Business Perspective – December 2022
The following reviews Fraud Trends and Cybersecurity Threats. We hope you find it useful. Please contact your Lakeside Banker for more information or if we can answer questions. We would also be pleased to arrange on-line or in-person presentations to your staff.
The most important warning we can offer: Stay Vigilant! Fraud can be stopped with AWARENESS, CAREFUL COMMUNICATION, and the right PROCEDURES & TOOLS.
Transactional Activities: Let’s start with the basics; some things don’t change! Check Fraud remains the largest fraud category. According to the Association of Financial Professionals, 66% of attempted or actual fraud attempts were check based. ACH fraud follows, with wire, credit / debit card right behind.
Fortunately, Lakeside has developed services to combat all of these challenges. “Check Positive Pay”, “ACH Positive Pay”, ACH & Check Filters and Blocks, plus online security including tokenization and dual authentication … are all available now. We’ve made them easy to add & use … and affordable. Stop in, call, email or text your Lakeside Banker to learn more.
If you’re not yet a Lakeside client, please contact our Sr. VP & Director of Treasury Management, Matt Palmisano. His direct line is, 312-763-6660. Email is, [email protected].
There are three main threat targets; all require access. If we don’t let them in, they can’t get in!
Business Email Compromise (“BEC”). There are multiple versions of this scam. Some are listed below. All rely on tricking someone into providing the email address of a senior official or other key personnel within your firm. The hacker than sends out fake emails directing an urgent wire transfer of funds. Or an email may introduce and authorize an outside ‘attorney’ or other supplier, who will then call.
The hacker’s email address is always the key; the email address will be modified slightly. It’s called, “Spoofing” and can be hard to spot. The answer is to slow down, examine unusual requests carefully and ask for another pair of eyes to review requests, too. Scrutinize rush demands that look unusual. Variations include:
- The Supplier Swindle
- Business Executive Scam
- Employee Email Hack
- Payroll Information Scam
Malware & Ransomware
Once again, this requires ACCESS. And it begins simply. An employee receives an email that contains the malware. “Spear Phishing” it’s called. All heck will break loose if the innocent or seductive looking attachment accompanying the email is opened! If it is, the malware is installed.
Generously called, “Social Engineering”, business email compromise can be consequential:
- The attacker may gain entry to critical systems and data.
- The attacker can lock and restrict access.
- “Internal” emails may request fund transfers.
- Ransom may be demanded.
- Threats to delete records may follow to add urgency.
Protect yourself from Transactional or Cyberthreat Fraud – Strengthen Security Protocols!
- It always starts with Awareness! All staff should be trained & reminded about information security, financial scams and operational protocol to protect your organization. As part of this, enhance financial controls to verify the source of any email or phone-based movement request via an alternate communication channel. Be especially careful if the funding account is new.
- COMMUNICATE! Inform your bank relationship manager and IT security staff of issues immediately. It may also be appropriate to contact US law enforcement agencies as well as business email accounts. These attacks require sunshine to be properly disinfected.
- Put Check & ACH “Positive Pay” Plus Check blocks and filters in place. These Lakeside services allow clients to manage transactions scheduled to post and prevent unauthorized transactions from being processed to protect your business against fraudulent ACH and Check charges that could cost time and money to rectify.
- Dual controls for ACH and wire transactions are highly recommended and typically required by your financial institution.
- Enhanced authentication. Strengthen this area through mechanisms like ‘tokens’ to initiate payment through your bank’s provided online portal, to access bank accounts and even business email.
- Protect workstations and home computers. Inadvertently ‘installed’ malware is a serious threat. Consider a financial malware endpoint protection tool alongside traditional scanning utilities. You might also dedicate a secure computer for banking.
Again, please contact your Lakeside Banker to discuss how we may be of help. As noted, our “Check Positive Pay” and “ACH Positive Pay”, along with the other tools summarized, are easy to add and use. And inexpensive.
Additional resources include:
- Department of Homeland Security Voluntary Program. www.us-cert.gov/ccubedvp
- Federal Bureau of Investigation Cyber Division. www.fbi.gov/investigate/cyber
- Department of Homeland Security Cyber Security Awareness Campaign. www.stopthinkconnect.org
- Federal Trade Commission Privacy and Security Site. https://www.ftc.gov/news-events/media-resources/protecting-consumer-privacy-security
- Global Cyber Alliance. www.globalcyberalliance.org
- National Council of Information Sharing and Analysis Centers. www.nationalisacs.org