A type of internet risk is Corporate Account Takeover
Corporate Account Takeover is an ongoing electronic crime typically involving the exploitation of businesses. Businesses that are more at risk are those with limited to no computer safeguards and minimal or no disbursement controls for use with their bank's online business banking system. These businesses are vulnerable to theft when cyber thieves gain access to its computer system to take confidential banking information in order to impersonate the business and send unauthorized wire and ACH transactions to accounts controlled by the thieves. Any customers that perform electronic transfers are potential targets. These thefts have affected both large and small banks.
This type of cyber-crime is an advanced form of electronic theft. Malicious software, which is available over the Internet, automates many elements of the crime including circumventing one time passwords, authentication tokens, and other forms of multi-factor authentication. Customer awareness of online threats and education about common account takeover methods are helpful measures to protect against these threats. However, due to the dependence of banks on sound computer and disbursement controls of its customers, there is no single measure to stop these thefts entirely. Multiple controls or a "layered security" approach is required.
Thus, with more services being offered online and more devices accessing these services security risks are elevated. By utilizing best practices for internet users, the risk can be greatly reduced. M C Bank takes great measures to protect and ensure security when it comes to our customer's financial data. Best practices for internet users are some techniques that can strengthen your safety and security within the online banking environment.Talk to your financial institution about products that offer an extra layer of security like call backs, device authentication, multi-person approval processes, batch limits and other tools that help protect you from unauthorized transactions. If you have any questions, please contact your financial institution.
Best Practices for Internet Users:
- Use strong passwords – Passwords should be complex, use long phrases and a mixture of capital and lowercase letters, numbers, and special characters.
- Keep passwords a secret and safe – Do not share passwords with anyone. Keep them in a secure place if written down.
- Change passwords frequently.
- Use different passwords for different accounts; never using the same password for business and personal accounts
2. Electronic Devices and Software
- Keep software and electronic devices (i.e. Computer, smart phone, tablet etc.) up-to-date – Make sure the electronic devices and software are updated on a regularly basis. Regularly check that each of your computers has up-to-date software installed including operating system, personal firewall, anti-virus, anti-spyware and current browser. Ensure your anti-virus and anti-spyware software is enabled and executing scans on a consistent basis. Use trustworthy internet tools to scan your browser for known weaknesses.
- Install an antivirus software – Try to install an antivirus that can monitor and protect the computer from viruses, spyware, and malware. Encrypt sensitive data and keep updated anti-virus, anti-malware and anti-spyware protection on your computers.
- Be cautious with external media – external media like DVD, CD, and flash drives can have harmful viruses stored on them.
- Do not use unprotected internet connections - (i.e. networks with no password)
- Try to use websites that are secure.
- Use encrypted websites – Encrypted websites have a closed padlock in the address bar or in the bottom right corner of the web browser.
- Be cautious of downloading malware – Be careful of opening attachments or clicking on links in an email or on social networks.
- Don't send sensitive information – Do not send sensitive information via the internet (email and instant messages). These methods can be intercepted and read.
- Be cautious of phishing scams – Phishing comes in the form of an email that is trying get sensitive information like Social Security Number or accounts. M C Bank will never ask for account or personal information in an email. For more on Phishing scams please visit: https://www.us-cert.gov/ncas/tips/ST15-001
- Don't use a public computer for financial transactions – Using a public computer or wireless connection may be unsafe. Always monitor your accounts for suspicious transactions.
- Be cautious shopping online – Shop from respectable and trustworthy sites. Print or save a copy of any purchases made online.
- Watch out for suspicious activity - do not open suspicious e-mails and never share account information.
4. Social Media Security Tips
- Set the privacy and security settings on your social networking channels to a level that you are comfortable with for information sharing.
- Be aware of how much personal information you post on channels. Private information should never be shared including date of birth and social security number etc. A hacker could use this information to steal your identity or access your data.
- Do not publicize that you are on vacation or away for a lengthy period of time.
- Do not click on hyperlinks within a post or text message if it appears suspicious even if you assume it is coming from a friend. Your friend's account may have been hacked or infected and could now be distributing malware.
- Once you post information online it remains online. Guard your reputation by assuming everything you post online is permanent.
5. Victim of a scam? Act quickly
- File a police report – Also report to the U. S. Federal Trade Commission @ ftc.gov/idtheft or call 1-877-438-4438.
- Close Accounts – Close any accounts accessed or opened fraudulently. Open new accounts with new passwords and PINs.
- Place a fraud alert on your credit reports – Contact one of the major U. S. credit bureaus so no financial institution grants new credit without approval. Make sure the other two credit bureaus are contacted. Get a free credit report and dispute any issues, such as accounts open with knowledge.
"Help Wanted" or "Money Mules" SCAMS
Criminals don't like getting caught. So, when they want to send and receive stolen money, they get someone else to do the dirty work. Some scammers develop online relationships and ask their new sweetheart or friend to accept a deposit and transfer funds for them. Other cons recruit victims with job ads that seem like they're for legit jobs, but they're not. Law enforcement calls the victims 'money mules.' If you get involved with one of these schemes, you could lose money and personal information, and you could get into legal trouble.
Scammers post ads for imaginary job openings for payment-processing agents, finance support clerks, mystery shoppers, interns, money transfer agents or administrative assistants. They search job sites, online classifieds and social media to hunt for potential money mules. For example, if you post your resume on a job site, they might send you an email saying, 'We saw your resume online and want to hire you.' The ads often say:
• the company is outside the U.S.
• all work is done online
• you'll get great pay for little work
If you respond, the scammer may interview you or send an online application. He does that to collect your personal information and make the job offer seem legitimate. At some point, the scammer will ask for your bank account number, or tell you to open a new account, and then send you instructions about transferring money.
If you think you're involved with a money transfer scam:
• stop transferring money
• close your bank account
• notify your bank and the wire transfer service about the scam
• report it to the FTC