Blog Archives

Defenses Against Cybercrime

Through our work in cyber and information security, we have formed relationships with professionals at Secure the Villagescreen-shot-2016-09-13-at-11-07-51-am and Citadel Information Group.screen-shot-2016-09-13-at-11-07-51-am They have kindly allowed us to post on our blog site some of the articles they have authored about cyber security. This articlescreen-shot-2016-09-13-at-11-07-51-am provides a great overview of the business email compromise scam and how to avoid being taken in by it.

Business E-mail Compromise: Don’t Be a Victim

By Stan Stahl, PhD, President of Citadel Information Group, Inc. & Founder and President of Secure the Village

What to Do: Implement very strong controls on wire transfers

Screen Shot 2017-05-02 at 5.47.51 PMAssume all email or fax requests from a vendor to change bank accounts are fraudulent. Assume all email or fax requests from the company President or others are fraudulent. Assume all email or fax requests to set-up a new vendor are fraudulent. Pick up the phone, call the party in question and verify the request is legitimate.

If you discover you are a Business Email Compromise victim, immediately contact the FBI’s Southern California Cyber Fraud unit at sccf@leo.gov. They have established banking relationships and are often able to recover funds if they are notified within 72 hours.

And talk to your banker. Make sure they have your back.

It’s also a good idea to check with your insurance broker to ensure that business email compromise losses are covered.

Background

Not too long ago, email scams were relatively easy to detect. They were often from unknown contacts and referenced bank or credit card information which was clearly incorrect. Sometimes, the emails would simply contain a link. As time has passed, fraudulent attempts to gain control of your online banking, your critical information, and your identity have become more skillful and harder to spot. These days’ emails often appear to come from recognized accounts, are well written, and–at least at first glance–seem legitimate.

The newest — and one of the costliest — in a long line of fraudulent e-mail scams is “Business E-Mail Compromise” (BEC).

Business Email Compromise (BEC) is a very sophisticated attempt to induce a business to willingly hand over their money to a cybercriminal. In Business Email Compromise (BEC), crooks spoof communications from executives or vendors at the victim firm in a bid to initiate unauthorized wire transfers.

According to the FBI, thieves stole nearly $750 million in such scams from more than 7,000 victim companies in the U.S. between October 2013 and August 2015. Business Email Compromise cost Ubiquiti Networks $46 million.screen-shot-2016-09-13-at-11-07-51-am

Collectively, Business Email Compromise has resulted in actual and attempted losses of over a billion dollars worldwide. The FBI reports, “…since the beginning of 2015 there has been a 270 percent increase in identified BEC victims. Victim companies have come from all 50 U.S. states and nearly 80 countries abroad.”

BECs can target businesses working with foreign suppliers or regularly performing wire transfer payments, although they have also targeted some that do not strictly fit this criterion. In order to solicit unauthorized transfers of funds, the scams compromise legitimate business e-mail accounts through social engineering or computer intrusion techniques. Prior to making contact, the scammers learn enough about their target to create emails that use language specific to the company and request wire transfers that seem legitimate.

For more information on BECs, see https://www.fbi.gov/news/stories/2015/august/business-e-mail-compromise/business-e-mail-compromisescreen-shot-2016-09-13-at-11-07-51-am and http://krebsonsecurity.com/2015/08/fbi-1-2b-lost-to-business-email-scams/screen-shot-2016-09-13-at-11-07-51-am

screen-shot-2016-09-28-at-7-28-21-pm_____________________________________________________________________________________________________________

screen-shot-2016-09-13-at-11-07-51-am Linking to Non-Bank of Tucson Websites

This icon appears next to every link that directs to a third party website not affiliated with Bank of Tucson. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Bank of Tucson. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Bank of Tucson assumes no liability for the content, information, security, policies or transactions provided by these other sites.

fbtwitterLinkedIngp

EMV Chips – What They Mean To You

EMV-Chip-Card-Insider-Blog-Featured

Whether you are a merchant, a consumer or both, EMV chip technology is great news. Also known as smart chip technology, EMV is a global payment standard designed to reduce fraudulent transactions where payment cards are physically present at the time of the transaction.

EuroPay, MasterCard® and Visa® (thus the abbreviation EMV) developed the EMV chip technology to combat counterfeit card fraud. Outside the U.S., more than 130 countries in Asia, Europe and South America, as well as Canada and Mexico, have already embraced the technology, and counterfeit credit card fraud has declined noticeably in those countries.

Here in the U.S., credit cards enabled with an EMV chip are gradually replacing their magnetic strip ancestors. If your payment card has a chip, you will see a small metallic square on the front of the card. Cards still have magnetic strips, too, so that you can use them at merchants that don’t yet accept chip cards.

The difference between EMV cards and the traditional magnetic strip cards is that the EMV chip better protects against unauthorized use by generating a unique number for each sales transaction. The magnetic strips on traditional cards contain unchanging data. When an EMV card is used for payment, the card chip creates a unique transaction code that cannot be used again. If a counterfeiter steals the chip information from one specific point of sale, typical card duplication would not work because the stolen transaction number created in that instance wouldn’t be usable again, and the card would be denied. Therefore, even if card data and the one-time code are stolen, the information can’t be used to create a counterfeit card.

EMV cards can be used at stores or at ATMs. The readers may differ, but each includes a slot in which to insert the card – with the EMV chip facing up. Directions on the screen instruct the user about what to do next. Generally, the chip card stays in the machine until the transaction is complete. If your card has an EMV chip and you attempt to swipe the magnetic strip instead, an error will appear and you will be prompted to insert the card for chip processing instead.

Credit and debit card providers are now rolling out the EMV chip cards, providing customers with an extra layer of security and confidence. Bank of Tucson card holders can expect to receive their new cards in the next few months. In the meantime, card holders can continue to use their magnetic strip cards at stores and ATMs.

For merchants, EMV software-equipped terminals offer the most secure way to accept in-store payments and reduce fraud liability risk, especially since the liability shifted to merchants on October 1, 2015 in the event that fraud occurs on a chip card presented in-store and chip card terminals weren’t used.

Additional information about EMV chip technology can be found here.↗

screen-shot-2016-09-28-at-7-28-21-pm_____________________________________________________________________________________________________________

 ↗ Linking to Non-Bank of Tucson Websites

This icon appears next to every link that directs to a third party website not affiliated with Bank of Tucson. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Bank of Tucson. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Bank of Tucson assumes no liability for the content, information, security, policies or transactions provided by these other sites.

fbtwitterLinkedIngp