Criminals are increasingly shifting from individual targets to corporate targets, and small to medium-sized businesses are especially vulnerable. Venture bank has recently seen an increase in these fraudulent attempts.
A client typically becomes compromised through "spear-phishing", which is the use of a fraudulent email that appears to be a credible communication. When opening the email and clicking on enclosed links or attachments, the infected file or Web site will install malware on the user's computer permitting a criminal to track keystrokes and capture otherwise secure log-in information. We have also seen an increase in email spoofing where the client believes they are receiving an email from a co-worker or approved vendor when in fact the email is from a cyber criminal. These emails often instruct the client to wire or transfer money to a new financial institution with a new account number, often overseas.
Recommendations for Clients
Venture Bank recommends the following Account Control measures to help create safeguards against potential breach of security:
- Employ daily review of all banking transactions.
- Use dual-controls for ACH and wire transfer payments - separate originator and transaction authorizer.
- Utilize other cash management services that add additional protection - ex. Positive pay and ACH filter.
- Utilize an out of band authentication method to confirm transfer requests such as a call back.
Other best practices include the following:
- Verify with your financial institution when receiving email communications that are not anticipated. Do not utilize links included in these emails.
- Install a dedicated and actively managed firewall.
- Train your personnel to use a strong password with at least 10 characters, using a mix of alpha-numeric combinations and small and upper-case letters.
- Prohibit any shared online ID's and passwords among multiple users.
- Employ a variety of passwords for each log-on site accessed.
- Change your password regularly.
- Never share ID and password with third-party providers.
- Limit administrative rights for your employees so they are unable to download malware or viruses embedded in seemingly harmless new applications.
- Use commercial anti-virus and desktop firewall – often the "free" software will not provide protection against the latest threats.
- Use and update security patches regularly.
- Install spyware detection programs.
- Clear the browser cache before starting Online Banking sessions, to eliminate residual copies of web pages stored on your hard drive.
- Verify use of a secure session – https and not http – for all online banking.
- Avoid using Automatic Log-in features for online banking or investing.
- Never leave your computer unattended during any online banking or investing sessions.
- Do not access online banking or investing from a public computer, ex., public libraries, coffee houses, etc. Unauthorized software may have been installed to trap account number and sign on information.
Additional steps you can take:
- Escalate promptly suspicious transactions to Venture Bank – especially regarding ACH and wire transactions. Take advantage of a limited recovery window for these transactions, and protect yourself from further loss.
Recommendation for Clients
If you are a victim of fraud, your next steps should include:
- Immediately cease interaction with the computer system that may be compromised and disconnect the system connections to eliminate the continuation of remote access by the criminal
- Importantly, do not give anyone access to this system until it can be inspected.
- Immediately contact Venture Bank and we will do the following:
- Disable your online accounts.
- Assist you in changing online passwords.
- Open new accounts as appropriate.
- Review all recent transactions and electronic authorizations in the account.
- Verify any requests for Address change, Title change, PIN change, new cards ordered, checks or other documents requested to a separate address.
- File a Police Report with the local authorities and supply facts and circumstances surrounding the loss. A complete police report will assist you as you deal with insurance companies, banks, etc., and will aid the Police department in investigating and hopefully identifying and prosecuting the perpetrator.
- Create a log that shows the timeline of what happened, your response, date and time of any conversations with Venture Bank, your insurance company, any other officials, to include phone numbers and the individuals you spoke to, and other relevant instructions or information you received.
Venture Bank values your business and is dedicated to assist you in a partnership to safeguard the financial assets you've entrusted with us. If we can be an additional resource to you in your risk management review and assessment, please don't hesitate to contact your banker or one of our cash management officers directly. Cash Management Officers at Venture Bank are: