Eight tips to defend against online financial fraud threats

Criminals in 2012 are increasingly targeting the accounts of business owners and executives as a way to facilitate financial fraud and CIOs can help protect their organizations against these attacks.

RSA, the security division of EMC, says one in every 300 emails circulating the web in 2011 contained some elements pointing to phishing, and those phishing efforts were primarily focused on perpetrating financial fraud.

"Compared with the total numbers of phishing attacks recorded in 2010, phishing numbers have increased considerably through the past year," RSA says in its fraud report, The Year in Phishing: January 2012. "The cumulative number of phishing attacks recorded through 2011 was 279,580-a 37 percent increase from 2010."

RSA predicts phishing attacks would continue to spread in 2012.

In December, the Federal Bureau of Investigation (FBI) warned that it had seen a rising trend in which cybercriminals compromised email accounts to request and authorize overseas wire transfers. It also reported criminals were using variations of legitimate email accounts to trick banks into thinking a wire transfer had been legitimately initiated.

"The FBI has observed a trend in which cybercriminals are compromising the email accounts of U.S. individuals and businesses and using variations of legitimate email addresses associated with the victim accounts to request and authorize overseas transactions," the Internet Crime Complaint Center (IC3), a joint effort by the FBI and the National White Collar Crime Center (NW3C), said in an alert issued on January 20. "The wire transfers are being sent to the bank accounts of individuals typically located domestically or in Australia and the funds are being sent directly to Malaysia. Investigations indicate that some of the money mules in the U.S. and Australia are victims of a romance scam and are asked to further transfer the funds to Malaysia. As of December 2011, the attempted fraud amounts total approximately $23 million; the actual victim losses are approximately $6 million."

The public sector is the biggest target of phishing attacks, but criminals are also targeting small and medium enterprises (SMEs), according to RSA. Jorge Rey, director, Information Security & Compliance with Kaufman, Rossin & Co., P.A., concurs with that assessment. Rey notes that SMEs are often vulnerable to such attacks because they tend to focus less on security and have fewer security resources than larger enterprises.

"In the past six months, I've had several clients call me and tell me that it occurred," Rey says. "We also consult with banks and hear about it. It's not something that is happening to our clients on a daily basis, but on a larger scale I would have to believe it happens on a daily basis."

Rey says he has seen a customer lose as much as $400,000 from its accounts due to such activity.

Eight Steps You Can Take

Business owners and CIOs can take steps to defend themselves from these crimes. Rey recommends organizations take the following steps:

1. Talk to your financial institution. "The first thing you want to do is understand what your liability is as a business owner," Rey says. "If something happens who is responsible for what? That way you know how to manage your liability." You should also ask your bank to describe its solutions for preventing fraudulent wire transfers.

2. Perform regular security audits and risk assessments. This will help you understand where your vulnerabilities are, what data is at risk and what you can do to better protect your organization. As part of your assessment, create a response plan. "Have an IT audit with professional auditors who will help you identify your risk or give you assurance you are doing the right thing," Rey says. "This is something that should happen on a periodic basis at least twice a year. There are new threats ever year. Nowadays, computers are creating malware, it's not even people creating malware. It's a very automated process."

3. Install an anti-virus solution on your computers and network and keep it completely updated. While a determined attacker can get around an anti-virus solution to install malware on your machine, you don't want to be the low-hanging fruit.

4. Dedicate a computer for financial transactions and only use it for financial transactions. You should use a unique password to access the computer and don't use it for other activities, like reading email. "Take the computer, put it in a corner and use that computer to do these transactions," Rey says.

5. Segregate responsibility for initiating wires from the responsibility for authorizing them, and ensure that each party uses different computers with different authorization credentials. "That way, even if the hacker can compromise your user ID and password and he goes and initiates a wire, someone else would have to approve the wire before it goes out."

6. Keep a suspicious mind when you receive email that asks you to click on a link, open an attachment or that seeks your credentials-even if it's from a trusted source like your bank. You can often spot a fraudulent email because of poor grammatical structure, misspellings, typos or other errors. But some fraudulent emails can be very convincing. For instance, it could look exactly like an e-mail from your bank. Sometimes, only the URLs embedded in the e-mail can give it away. Criminals will sometimes modify the top-level domain of a URL (e.g., switching .com to .net) or substitute a letter for a number or vice versa (e.g., switching abc0123.com for abcO123.com). "If you're not expecting an e-mail, you should not assume it's legitimate," Rey says. "Always double-check."

7. Be careful when following links on social networking sites or when asked to give information over the phone. Criminals like to compromise social networking sites because users often treat them as safe, trusted places. Clicking on the wrong link can expose you to adware or spyware. Likewise, don't give up authorization credentials over the phone.

8. Review your online banking records on a daily basis. If someone has managed to access your account, you may be able to spot it and prevent a fraudulent payment. But you have to stay on top of it. You have a very small window of opportunity.

How to Respond If You've Been Compromised

If you find that your computer or account has been compromised, there are a number of steps you should take:

  • Talk to your bank. Ask them to disable your online access and give you a new account. And ask if it recommends any additional steps.
  • Try to trace what happened and how it occurred. Stop using any computer that is potentially infected. If you can, clean the computer.
  • Use a non-infected computer to change your passwords.

  • If theft is involved, you should talk to the police.

  • Look at your insurance policy. Make sure you understand your liability and what your policy covers.

Thor Olavsrud is a senior writer for CIO.com. Follow him @ThorOlavsrud.

Join the CSO newsletter!

Error: Please check your email address.

More about EMC CorporationetworkFBIFederal Bureau of InvestigationRSAW3C

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Thor Olavsrud

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts