CEO Fraud: How to Protect Your Business
By: Lori Diaz, Senior Vice President, Treasury Management
We’re constantly warned not to click on suspicious emails, but what happens when we’re “spammed” by people we trust? New cyberattacks are more sophisticated than ever and businesses in Rockford are not exempt from this widespread threat. CEO Fraud, or Business Email Compromise (BEC) are targeted attacks using high tech methods to hijack email accounts and pressure employees into providing sensitive personal or company information.
Today’s imposters pose as executives to send fraudulent wire transfer instructions, or requests for tax information to employees who are unaware that the email account has been compromised. These cyberattacks have been very successful over the years, defrauding U.S. companies out of millions of dollars.
Both large and small organizations fall victim to CEO Fraud or BEC. Imposters move quickly, and their emails rarely include infected email attachments or malicious links, making it incredibly difficult for security technologies to stop the attacks. While larger companies are more likely to have anti-fraud practices in place than companies with fewer than 100 employees, nothing replaces being prepared and informed. This type of fraud is indiscriminate of employer size, industry or geography, so it’s imperative to take proactive steps to prevent and reduce the damage of fraudulent activity.
Rockford Bank & Trust’s Business Online Banking provides several controls and tools to help protect you against unsolicited emails and unauthorized transactions. We recommend that you use these controls along with your company’s own tools and resources to mitigate the risk of fraud.
Protecting Your Business
How do fraudsters convince employees to act and ultimately fall victim to a cyberattack? One method is by hacking into the accounts of CEOs, CFOs and other high-level executives to monitor the activity of the organization and learn the patterns and behavior unique to the company over an extended period. With this information, cyber-attackers create genuine, plausible emails and send them to unsuspecting members of your staff, often initiating a wire transfer of funds.
When it comes to protecting your organization from wire fraud, there are several preventative measures to consider. For wire/ACH initiation, limit user access to payment creation and approval functionality; segregate duties between payment creation and approval; and require secondary approval of payments on a second computer. Our team of experts can help you establish transaction limits for each user and set up daily account/user limitations for transactions.
General Best Practices
- Disable the end user’s administrative rights to their computers to minimize introduction of viruses, malware, etc.
- Keep virus protection and operating systems up-to-date
- Never open or respond to an email from an unknown source
- Never log in to Business Online Banking at a public or unsecured computer
- Educate employees on the risks of online banking
- Work with your internal partners (e.g. IT, Audit) on other ways to mitigate risks
- Utilize ACH or Check Positive Pay and ACH Block/Filter services to help prevent fraudulent transactions on your account
General Online Business Banking Controls
- Use a computer that is dedicated to Business Online Banking with no other internet browsing or email access
- Reconcile account transactions daily
- Require dual controls for Wire and ACH transaction approval
- Require users to confirm last sign on date on the Business Online Banking “Welcome” page
- Do not use account numbers when setting up nicknames for accounts
- View your alerts and notify the Bank if you do not recognize the activity
With the proper amount of protection and a healthy perspective on trends, any business can protect themselves from CEO Fraud or Business Email Compromise. If you experience difficulty logging in, suspect unusual activity, or encounter any other issues, immediately contact the Treasury Management team at Rockford Bank & Trust – our team of experts is here to help.