This is an article published by the Trustmark Bank America in their Security watch letter.
For those who are not aware of how easy it is to be hacked or blackmailed read this and you will realize you need to be very cautious about what emails you open. I know I get emails from friends in my contact list that have died. I get bogus emails with names of my friends or acquaintances as the sender. If that is the case I always, yes always check the email address before I open it.
So I suggest you read both these articles as they could save you a lot of money and inconvenience.
Security Letter – Trustmark – 07/31/2017
According to the FBI internet crime complaint center business email compromise (BEC) schemes have caused at least 5.3 billion in total losses over the past three years to approximately 24,000 organizations around the world. The average loss per victim is about $218,000. Companies of all sizes and types are targeted leaving long wake of financial and emotional damage
Scammers go to great lengths to research and target employees who work with company finances. They often send emails posing as the company CEO and instruct their target to make funds transfers. There are many versions to this scam, including sending a bogus invoice and compromising an employees email account to gain more information, which is why it is important to understand how BEC works and to know where your vulnerabilities lie.
As devastating as this crime is its equally easy to avoid being exploited.
- Carefully scrutinize all emails. Be wary of irregular emails sent by high-level executives. They can be used to trick employees into acting with urgency. Review and verify emails that request funds transfers.
- Raise employee awareness. Educate employees about cybercrime and how they can help protect the company. Review company policies and encourage employees to develop good security habits.
- Verify any changes in vendor payment location by using a secondary sign off by company personnel
- Stay updated on customer habits including the details and reasons behind payments.
- Verify requests. Confirm request for funds transfers by using phone verification as part of two-factor authentication. Use previously known phone numbers, not the phone numbers provided in the email.
- Report any incident immediately to law enforcement for file a complaint with the IC3.
A complete list of self protection strategies is available on the US department of justice website.
If you or your company have bee victimized by a BEC scam, its important to act quickly. Contact your financial institution immediately and request that they issue a swift recall of the transfer. For domestic transfers ask you financial institution to send a ‘hold harmless’ letter to the beneficiary bank. Always file a complaint with IC3 whether the attack has been successful or not.
Now this next article is a must read
Ransomware Is a type of malicious software (malware) that freezes your computer or mobile device until a sum of money is paid. It can destroy personal and business files leading to stolen data and large financial losses.
Ransomeware attacks – especially those that target small businesses – are evolving a complexity and are on the rise.
All devices are vulnerable but more and more mobile attacks are being reported.
Criminals collected $209 million in the first quarter of 2016
$1 Billion + in losses is projected from ransomware attacks in 2016 alone according to the FBI
Ransom fees vary from $200 – $10,000
Ransomware targets a specific individual within a business, or a consumer with a link or attachment that infects the computer with malware or leads the individual to an infected website. Three ways ransomware can take shape are:
- Spear phishing emails.
The sender appears to be someone you may know or someone relevant to your business
The message is often personalized and may include your name as a reference to a recent transaction.
- Advertisements or pop-up windows.
Your computer freezes and a popup message appears.
The message may threaten a loss of your files or information, or may also tell you that your files have been encrypted
- Downloadable software
Ransomwae is also present in downloadable games and file sharing applications.
Once the PC is infected your files are encrypted and inaccessible. The fraudster demand a ransom payment in order to unlock them.
Always back up your files and save them offline or in the cloud.
Always use antivirus software and a firewall. Be sure they are set to update automatically.
Enable popup blockers
Don’t click. Be cautious when opening emails or attachments you don’t recognize – even if the message comes from someone in your contact list.
Only download software from sites you know and trust.
Alert your local law enforcement agency as soon as you encounter a potential attack