Presenter’s Notes: Note taking is optional as the FBI source document contains the information presented.
Presenter’s Notes: This presentation summarizes information from an FBI/Secret Service advisory regarding a type of fraud being attempted with increasing frequency. Targets tend to be small to medium sized businesses along with municipalities and other public institutions. High tech criminals are targeting the financial accounts of owners and employees of small and medium sized businesses, resulting in significant business disruption and substantial monetary losses due to fraudulent transfers from these accounts. Often these funds may not be recovered.
Presenter’s Notes: Targeting Victims : According to the FBI, the perpetrators of these attacks research their victims and may send spoofed email to specific persons in a small or medium business. Their primary targets are individuals with treasury management or accounting responsibilities. The FBI indicates that the perpetrators use various public sources and even a company’s Web site to research their targets and may have people in our communities working at social establishments where business owners or employees may gather. Install Malware : The fraudulent email may appear to come from NACHA, the IRS, The Federal Reserve or your bank and will attempt to trick you into clicking on a link or opening an attachment. Clicking on the link or opening the attachment infects the computer and installs banking Trojan software which contains Web browser hijacking, keystroke logging and remote control capabilities. Online Banking : The malicious software monitors the victim’s activities and waits for them to visit and logs onto an online banking site. Collect & Transmit Data : Through the malicious software which has hijacked the victim’s Web browser, the perpetrator is able to take control of the Web banking session as the victim logs in. From the bank’s perspective, the perpetrators actions may be indistinguishable from the victim’s normal actions. Initiate Funds Transfer(s): Once the perpetrator has taken control of the customer’s Web browser and the customer has logged in, the perpetrator is able to collect information and initiate transactions.
Presenter’s Notes: Cyber criminals employ various technological and non-technological methods to manipulate or trick victims into divulging personal or account information. Such techniques may include performing an action such as opening an email attachment, accepting a fake friend request on a social networking site, or visiting a legitimate, yet compromised, website that installs malware on their computer(s). Don’t respond to or open attachments or click on links in unsolicited e-mails. Contact the financial institution using the information provided upon account opening to determine if any action is needed Please note: Phishing scams are still quite common, and come in a variety of forms. They may come in the form of customer service surveys, telephone calls or even cell phone text messages. Please be aware that while some Phishing scams direct you to fake web sites, others may ask you to call a phone number where an automated phone system prompts you to divulge confidential information. While it can be difficult to identify spoofed email messages, web sites, and automated phone systems, it is not difficult to know if any of the above may be fraudulent. The key is knowing that legitimate entities do not send unsolicited messages to consumers or businesses prompting them to divulge confidential information. If you receive such a message, no matter how genuine it may appear, assume it to be fraudulent and please notify the legitimate entity immediately. Be wary of pop-up messages claiming your machine is infected and offering software to scan and fix the problem, as it could actually be malicious software that allows the fraudster to remotely access and control your computer. Please note: Your IT Staff can teach you what to expect if a real virus is detected on your computer. When logging in, if you encounter a message that the system is temporarily unavailable, contact your bank immediately.
Presenter’s Notes: Minimize the number of, and restrict the functions for, computer workstations and laptops that are used for online banking and payments. A workstation used for online banking should not be used for general web browsing, e-mailing, and social networking. Conduct online banking and payments activity from at least one dedicated computer that is not used for other online activity. Do not leave computers with administrative privileges and/or computers with monetary functions unattended. Log/turn off and lock up computers when not in use.
Presenter’s Notes: Install routers and firewalls to prevent unauthorized access to your computers or network. Please note: you may wish to logically segregate treasury management workstations on your network as an additional safeguard. Change the default passwords on all network devices. Keep operating systems, browsers, and all other software and hardware up-to-date. Install security updates to operating systems and all applications, as they become available. These updates may appear as weekly, monthly, or even daily for zero-day attacks. Use/install and maintain spam filters. Install and maintain real-time anti-virus and anti-spyware desktop firewall and malware detection and removal software. Please note: Anti-virus solutions may not be effective in detecting banking Trojan malware. Make regular backup copies of system files and work files. Encrypt sensitive folders with the operating system’s native encryption capabilities. Preferably, use a whole disk encryption solution. Do not use public Internet access points (e.g., Internet cafes, public wi-fi hotspots (airports), etc.) to access accounts or personal information. If using such an access point, employ a Virtual Private Network (VPN) Keep abreast of the continuous cyber threats that occur. See the Additional Resources section for recommendations on sites to bookmark. The “Resources” section of the FBI fraud advisory contains links to helpful and detailed tips on how to enhance your information technology (IT) security.
Presenter’s Notes: Initiate ACH and wire transfer payments under dual control using two separate computers. For example: one person authorizes the creation of the payment file and a second person authorizes the release of the file from a different computer system . This helps ensure that one person does not have the access authority to perform both functions, cannot add additional authority, or create a new user ID. Please note: In a small office environment, one person could use two separate sets of credentials, one for initiating transactions and one for approving them. While this may help deter external threats, it is not a true “segregations of duties” which helps to deter internal fraud. Please note: Do not use Security Administrator credentials for routine daily business, but only when needed. Keep the Security Administrator hardware token securely locked up and if possible, under dual physical control. Please note: ACH and Wire limits should be reviewed and reduced. Limits should be conservatively based on the lowest acceptable limits for routine transactions and only raised temporarily when needed. If ACH or wire transfer capability is used infrequently, consider setting the limits to zero and/or removing these privileges from users entirely.
Presenter’s Notes: Please note: Federal Reserve Board Regulation E (12 CFR 205) only protects retail customers against loss and does not protect business customers. Liability for a fraudulent loss would be determined on a case by case basis after reviewing the unique circumstances of an incident.
Presenter’s Notes: Account activity should be reviewed daily, (or more often when warranted), for unauthorized transactions or transfers. Please note: Also watch for unauthorized transfers between your own accounts. Please note: Be alert to apparent changes to, or warning messages from, banking Web sites. Please note: Malicious software can be installed via fake “anti-virus” warnings. Ask your IT advisor what legitimate warnings look like and how to respond.
Presenter’s Notes: Please note: Be wary of unsolicited email from any source containing warnings, alerts, reports or requests for information, and containing links or attachments. Please forward suspicious email to REPORTFRAUD@ARVEST.COM. Check your “outbox” for email that you did not send.
Presenter’s Notes: If you suspect suspicious activity, immediately: Cease all online activity. Disconnect the network (Ethernet) cable or other network connections, including wireless connections, to isolate the system and prevent any unauthorized access. Please note: Leave the computer turned on, as this allows Federal law enforcement to inspect the computer at their option. Make sure employees know how and to whom to report suspicious activity both within your company and to your financial institution. Maintain a written chronology of what happened, what was lost, and the steps taken to report the incident.
Presenter’s Notes: If you suspect suspicious activity, immediately: (continued) 5. Contact the bank so the following actions may be taken: Disable online access to accounts and change passwords A review of your transactions, account access and authorizations Take other measures as needed to protect your accounts, such as open new accounts Note: the bank may contact federal law enforcement and depending on the circumstances, they may wish to examine your computer
Presenter’s Notes: Your time is valuable! THANK YOU!
Corporate Account Take Over A Presentation of Federal Law Enforcement Agency Guidance 1
Information Source Fraud Advisory for Businesses: Corporate Account Take Over www.ic3.gov/media/2010/CorporateAccountTakeOver.pdfSource: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10 2
DisclaimerArvest Bank does not provide computer orrelated advisory services, including security recommendations. 3
Federal Fraud Advisory Contents • The Problem: fraud description, victim selection, perpetration methods • Protect: education; computer, network & process enhancements; responsibilities and liabilities • Detect: account monitoring, warning signs, anti-virus software • Respond: compromised computer handling and reporting suspicious activitySource: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10 4
Dissecting an Attack Criminals target victims by way of phishing, spear phishing or social engineering techniques. The criminals leverage the 1 victim’s online banking The victims unknowingly credentials to initiate a funds Target install malware on their transfer from the victim’s Victims computers, often including account. key logging and screen shot capabilities. 5 2 Initiate Install Funds Account Malware Transfer(s) Take Over Dissecting An Attack 4 3 The victims visit their online Collect & banking website and logon per Transmit Online the standard process. The malware collects and Data Banking transmits data back to the criminals through a back door connection.Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10 5
Protect: Educate • Cyber criminals try to trick victims into divulging account information • Don’t respond to, open attachments or click on links in unsolicited email • Be wary of anti-virus pop-up messages • When logging in, if you encounter a message that the system is temporarily unavailable, contact your bank immediatelySource: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10 6
Protect: Computer & Network Enhancements • Dedicate computers to online banking and accounting functions which cannot be used for email or general Web browsing • Remove administrative privileges from computers used for online banking to reduce the risk of unauthorized software installations • Utilize network routers and firewalls to reduce the risk of unauthorized access to your computers and networkSource: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10 7
Protect: Computer & Network Enhancements • Change default passwords on all network devices • Install security updates to operating systems and critical software such as Microsoft Windows, Microsoft Office, Web browsers and Adobe products • Install, use and maintain email SPAM filters • Install, use and automatically update “always on” real-time anti-virus, anti-spyware and desktop firewall systemsSource: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10 8
Protect: Enhance Corporate Processes • Implement dual controls for creating and approving ACH batches and wire transfers using multiple users and computers. Please note: some systems have a “Security Administrator” function which should not be used for routine daily business • Review and reduce ACH and wire transfer transaction limits to the lowest acceptable dollar amounts for routine transactions and temporarily raise them for exceptional transactionsSource: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10 9
Protect: Responsibilities & Liabilities • Become familiar with your bank’s account agreement • Be aware of your liability for fraud under the agreement and the Uniform Commercial code (UCC) in your jurisdictionSource: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10 10
Detect: Monitoring and Awareness • Monitor or reconcile accounts at least once a day • Be on the alert for computer performance changes such as: – Dramatic loss of speed – Changes in the way things appear – Lock-ups, shut downs or restarting – Unexpected password or token code requests – Unusual or unexpected pop-up messages, toolbars or icons • Pay attention to anti-virus warnings and contact your IT professional immediatelySource: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10 11
Detect: Monitoring and Awareness • Be on the alert for rogue email: – Please note: Be wary of unsolicited email from any source containing warnings, alerts, reports or requests for information, and containing links or attachments. Please forward suspicious email to REPORTFRAUD@ARVEST.COM – If someone says they received an email from you that you did not send, you probably have malware on your computerSource: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10 12
Respond • If you suspect suspicious activity, immediately: – Cease all online activity – Remove any computer that may be compromised from the network, but leave it turned on – Make sure employees know how and to whom to report suspicious activity – Maintain a written chronology of what happenedSource: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10 13
Respond: Contact your bank • Contact your bank so that the following actions may be taken: – Disable online access and change passwords – Review transactions and account access – Take other measures as needed to protect your accountsSource: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10 14
Summary, Questions & Comments • A continuous “cat and mouse” game is being “played” with cyber criminals from around the world • No single preventative control or procedure can ever be 100% effective. What works today, may not work tomorrow • As presented in the federal guidance, a “layered approach,” using more than one protective control to reduce the risk of a threat, is more effective than a single preventative control • Please review this federal guidance with your board of directors, management & IT staff or advisors to determine what controls may be appropriate for your environment • THANK YOU! Questions or Comments?Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10 15