Cyber Security & Awareness
Corporate account takeover is a type of fraud where thieves gain access to a business' finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. Liberty Capital Bank recommends following these tips to keep your small business safe.
- Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay, ACH Blocking and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don't, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
Visit the following websites to learn more about how to protect your small business:
Are you unwittingly putting your company at risk? Discover how behaviors like sharing passwords, or using your computer to check personal emails or download music could make your organization vulnerable to hacking, malware and other attacks.
StaySafeOnline.org partnered with EMC2/RSA to bring you a Workplace Security Risk Calculator.
The FBI reports that Business Email Compromise (BEC) is a sophisticated scam costing companies worldwide millions of dollars.
In October 2013, the Internet Crime Complaint Center (IC3) began receiving complaints from businesses about trusted suppliers requesting wire transfers that ended up in banks overseas—and turned out to be bogus requests. Since then, losses from the business e-mail compromise (BEC) scam have been significant.
"For victims reporting a monetary loss to the IC3, the average individual loss is about $6,000," said Ellen Oliveto, an FBI analyst assigned to the center. "The average loss to BEC victims is $130,000."
"Since the FBI's Internet Crime Complaint Center (IC3) began tracking BEC scams in late 2013, it has compiled statistics on more than 7,000 U.S. companies that have been victimized—with total dollar losses exceeding $740 million. That doesn't include victims outside the U.S. and unreported losses."
IC3 offers the following tips to businesses to avoid being victimized by the scam (a more detailed list of strategies is available at www.ic3.gov):
- Verify changes in vendor payment location and confirm requests for transfer of funds.
- Be wary of free, web-based e-mail accounts, which are more susceptible to being hacked.
- Be careful when posting financial and personnel information to social media and company websites.
- Regarding wire transfer payments, be suspicious of requests for secrecy or pressure to take action quickly.
- Consider financial security procedures that include a two-step verification process for wire transfer payments.
- Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.
- If possible, register all Internet domains that are slightly different than the actual company domain.
- Know the habits of your customers, including the reason, detail, and amount of payments. Beware of any significant changes.
This complete story and additional resources on this emerging global threat are available on the FBI's website
The number of attacks on mobile devices is growing, in part, as a result of the increased popularity of mobile banking. According to a report by the Federal Reserve, 51 percent of smartphone users say they have used mobile banking in the past 12 months.
The rise in the popularity of mobile devices has certainly made them a target for cyber-criminals. Banks work hard to protect customer information and customers play an important role. Any device used to connect to the Internet is at risk and we urge users to keep safety measures in place.
Liberty Capital Bank recommends that customers take extra precaution to protect the data on their mobile device by doing the following:
- Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your information if your device is lost or stolen.
- Log out completely when you finish a mobile banking session.
- Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
- Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary "permissions."
- Download the updates for your phone and mobile apps.
- Avoid storing sensitive information like passwords or a social security number on your mobile device.
- Tell us immediately if you change your phone number or lose your mobile device.
- Be aware of shoulder surfers. The most basic form of information theft is observation. Be aware of your surroundings especially when you're punching in sensitive information.
- Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer's recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
- Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don't know. And be wary of ads (not from your security provider) claiming that your device is infected.
- Watch out for public Wi-Fi. Public connections aren't very secure, so don't perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.
- Report any suspected fraud to your bank immediately.