Every day it seems the news is reporting that a well-known company within the United States has become a victim of a data breach. The number of cybercrimes continues to grow, therefore it is important to understand the process cybercriminals use to attack your computer or email, and the recommended tools available to protect your business.
Cybercriminals look for vulnerabilities that will allow them to access computers and email accounts. Companies are targeted in an effort to gain control of their accounts in order for the criminals to transfer funds to the accounts of money mules. Criminals use money mules for the purpose of distancing themselves from the crime. Most money mules are duped into the role they play and are unaware they are committing a crime, but are still complicit and risk criminal prosecution. Once the money mules receive the funds, they quickly remove them from their accounts and wire them to the accounts of the criminals. These are typically held at financial institutions outside the jurisdiction of the United States.
Malware (malicious software) is used by cybercriminals to hijack internet hosted email accounts to initiate fraud campaigns. Access to an email account is gained through the injection of malware onto a computer or other internet enabled device. Malware comes in various forms that range from a hyperlink, download, spam, website, social engineering to an email with a sales pitch. Once malware is on the computer, the hacker has the ability to obtain email access, as well as online banking user access and passwords.
With email, a criminal will search the inbox, sent items, and other folders using keywords such as “bank,” “finance” and “account.” They do this in order to review and learn banking behavior. In addition, the cybercriminal will search contacts for people who may have access to financial and personal information that can be useful to them.
Using contact lists, a criminal can send fraudulent emails from friends or relatives claiming some sort of urgent need for money to be sent to them. A common scheme is that the friend or relative is in jail in another country and needs you to send them money to be released. A contact list could also be used by criminals to send claims from vendors or bill collectors demanding payment. Residents within our region have even received phone calls from criminals claiming to be the IRS demanding that payments are due.
We have shared the goal and techniques of these cybercriminals, so let’s review recommended ways you can protect yourself from their fraud campaign. Be aware of emails from relatives, employees and customers that have fraud indicators that:
- show a sense of urgency,
- say they are at a funeral out of town,
- say they are out of the country and unable to be reached by phone,
- contain broken English (beyond normal spell and grammar check).
If you receive an email with these indicators, authenticate the email request by calling them at a number you have on record. Never use contact information listed in the email, or disclose the following information:
- account numbers,
- social security numbers (full or partial),
- account balances,
- dates of birth,
- or other personal identifying information.
To ensure all funds transfers were authorized by you, we recommend you review your business accounts daily. Early detection is crucial. Contact the bank immediately if you suspect a funds transfer was not authorized by your company.
There are many types of cybercrimes; this article focuses on just one particular type that exists. For the protection of your accounts and the information that you house, we recommend running up-to-date anti-virus and malware software on your computers and devices. Schedule scans accordingly and regularly monitor that scans are taking place.
Cyber security is a constant concern as cybercrime continues to increase. Being aware of security risks and protecting against them is crucial for you and your business. CNBank.com/Security is our security center and a valuable resource to assist you with your questions.
October is National Cyber Security Awareness Month.
The internet touches all aspects of our personal and professional lives. Cyber security is of growing importance and President Obama designated October as National Cyber Security Awareness Month. For more information go to: dhs.gov/national-cyber-security-awareness-month
The Department of Homeland Security (DHS) has extensive information and resources regarding cyber security for small businesses on their website. To view this go to: dhs.gov/publication/stopthinkconnect-small-business-resources