A type of internet risk is Corporate Account Takeover
Corporate Account Takeover is an ongoing electronic crime typically involving the exploitation of businesses. Businesses that are more at risk are those with limited to no computer safeguards and minimal or no disbursement controls for use with their bank's online business banking system. These businesses are vulnerable to theft when cyber thieves gain access to their computer system to take confidential banking information in order to impersonate the business and send unauthorized wire and ACH transactions to accounts controlled by the thieves. Any customers that perform electronic transfers are potential targets. These thefts have affected both large and small banks.
This type of cyber-crime is an advanced form of electronic theft. Malicious software, which is available over the Internet, automates many elements of the crime including circumventing one time passwords, authentication tokens, and other forms of multi-factor authentication. Customer awareness of online threats and education about common account takeover methods are helpful measures to protect against these threats. However, due to the dependence of banks on sound computer and disbursement controls of its customers, there is no single measure to stop these thefts entirely. Multiple controls or a "layered security" approach is required.
Thus, with more services being offered online and more devices accessing these services, security risks are elevated. By utilizing best practices for internet users, the risk can be greatly reduced. M C Bank takes great measures to protect and ensure security when it comes to our customer's financial data. Best practices for internet users are some techniques that can strengthen your safety and security within the online banking environment.Talk to your financial institution about products that offer an extra layer of security like call backs, device authentication, multi-person approval processes, batch limits and other tools that help protect you from unauthorized transactions. If you have any questions, please contact your financial institution.
Best Practices for Internet Users:
Electronic Devices and Software
Social Media Security Tips
Victim of a scam? Act quickly
"Help Wanted" or "Money Mules" SCAMS
Criminals don't like getting caught. So, when they want to send and receive stolen money, they get someone else to do the dirty work. Some scammers develop online relationships and ask their new sweetheart or friend to accept a deposit and transfer funds for them. Other cons recruit victims with job ads that seem like they're for legit jobs, but they're not. Law enforcement calls the victims 'money mules.' If you get involved with one of these schemes, you could lose money and personal information, and you could get into legal trouble.
Scammers post ads for imaginary job openings for payment-processing agents, finance support clerks, mystery shoppers, interns, money transfer agents or administrative assistants. They search job sites, online classifieds and social media to hunt for potential money mules. For example, if you post your resume on a job site, they might send you an email saying, 'We saw your resume online and want to hire you.' The ads often say:
If you respond, the scammer may interview you or send an online application. He does that to collect your personal information and make the job offer seem legitimate. At some point, the scammer will ask for your bank account number, or tell you to open a new account, and then send you instructions about transferring money.
If you think you're involved with a money transfer scam:
If you're looking for work, check out the FTC's tips about jobs and making money and warning signs of a job scam.
Cyber Security - Ransomware 101
Ransomware is a type of malicious software posing an increasing threat to both businesses and personal electronic devices. Ransomware encrypts files essentially blocking access to the file(s). Due to its effectiveness, ransomware is becoming the dominate form of modern crime ware. The only way to access the encrypted contents is via the decryption key and/or through data back-ups. Depending on the ransomware, specific files types may be encrypted. Ransom notes differ but essentially, they include a ransom amount, usually in bitcoin currency (digital currency), a timeframe for which payment must be made, along with instructions on how to make the payment.
Different variants of ransomware may try to encrypt as many files as possible; however, many encrypt specific formats of files (MS Office Files, images). Ransomware can be delivered via many forms, such as exploit kits, spear phishing emails, malicious links and drive-by downloads. One example includes an email which appears to be from an upper-level manager asking for the recipient to do something with the attachment that appears legitimate, but may be infected with malicious code or include malicious links. The recipient clicks on a link that appears genuine and suddenly realizes that files may become encrypted and are unavailable. The actor, or perpetrator, then demands a ransom payment and gives the targets a way to regain their data. The ransom amount is generally not large, averaging less than $1,000 US, but the number of incidents has risen dramatically in 2016, posting record growth in the first and second quarters.
The Ransom Payment
The FBI does not recommend paying the ransom. A payment of ransom does not guarantee that the perpetrator will allow access or send decryption details. Some organizations that paid the ransom demands never received the decryption keys afterward. There are others that believe that the value of the data that may be potentially lost outweighs the comparably minimal cost of the ransom. These organizations will pay the ransom after evaluating all options, realizing that they have an inability to function. There is no guarantee, however, that these organizations will receive the decryption keys after payment.
Prevention is Key
It is easier to prevent an infection or an attack than it is to clean one up. Best practice is to focus on defense and utilize several layers of security including:
Being prepared is essential to reduce the effects of a ransomware attack. Here are tips on how to address ransomware post-attack:
Be aware of how your network is configured and what software you use on a regular basis. By knowing what your system looks like and how it works, you will be able to identify problems when they occur. Here are some key recommended steps:
Ransomware infects computer systems throughout the world in ever increasing numbers. Outbreaks that used to be perpetrated by individuals are now being organized by criminal gangs. The future of ransomware seems to be bright and profitable. As it continues to spread through western countries, it will continue amassing money for its agents. Ransomware will continue to challenge authorities as it continues to mature, and distribution methods evolve. Law enforcement will need to double-down to continue to fight against this illegal money-raising scheme. As software developers continue working to fight the ransomware scam, hackers will be working to develop new and inventive ways to hook unsuspecting victims.