When it comes to cyber security, Grandpoint is committed to offering you ongoing education and information on cyber crime to help you take the necessary steps to protect your financial assets.
BUSINESS EMAIL COMPROMISE (BEC) OR CEO EMAIL fraud schemes are an increasingly common and costly form of cybercrime. According to the FBI, thieves stole nearly $2.3 billion in such scams from more than 17,000 companies in the U.S. between October 2013 and January 2016. CEO fraud usually begins with the thieves either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a look-alike domain name. In these cases, the fraudsters will forge the sender’s email address displayed to the recipient, so that the email appears to be coming from legitimate business. In all cases, the “reply-to” address is the spoofed domain, ensuring that any replies are sent to the fraudster.
RANSOMWARE is a type of fraud where malware restricts access to the infected computer/network and demands that the operators pay some sort of ransom to regain control of their network.
PHISHING is the criminal attempt to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by email, directing users to enter personal details at a fake website whose look and feel are almost identical to a legitimate one, such as their bank. Financial institutions will never send an email asking for personal information.
SPEAR PHISHING is a variation of phishing. With phishing, criminals might send a single, mass e-mail to thousands of people. Spear phishing attacks are customized and sent to a single person at a time. The spear phishing email usually contains personal information such as your name or some disarming fact about your employment. A spear phishing email usually includes a link leading to a fake website that requests personal information. The phony email may contain a downloadable file that contains malware. Nearly all spear phishing complaints that have been investigated have come from corporate employees. If you receive a suspicious email, go directly to your company’s IT department.
VISHING is the name for phishing attacks using the telephone. The term is a combination of voice and phishing, and is typically used to steal credit card numbers, bank account numbers and passwords. You might receive a phone call advising you that your credit card has been used illegally, and to call a certain number to “verify” your account number. Do not provide information and contact your bank or credit card company directly to verify the validity of the message.
SMISHING is yet another variation of phishing, the name a combination of SMS (Short Message Service, the technology used in text messaging) and phishing. In this scam, the fraudster uses cell phone text messages to lure you to a website or perhaps to use a phone number that connects to an automated voice response system. No legitimate business would contact you by text message with a request of this nature.
CORPORATE ACCOUNT TAKEOVER is a method by which cyber-thieves gain control of a business’s bank account by stealing the business’s valid online banking credentials. The most prevalent method involves malware that infects a business’s computer workstations and laptops. (See Best Practices for tips on protecting your computers and networks.) The malware installs keylogging software on the computer, which allows the perpetrator to capture a user’s credentials as they are entered at the financial institution’s website. Once the cyber-thieves have access to the business’s online banking, they can initiate funds transfers, by ACH or wire transfer, to the bank accounts of associates within the U.S. These accounts may be newly opened by accomplices or unwitting “money mules” for the express purpose of receiving and laundering these funds. The accomplices or mules withdraw the entire balances shortly after receiving the money, and then send the funds overseas via over-the-counter wire transfer or other common money transfer services.