Century Bank is concerned about cyber security for our clients. This page is dedicated to showing you pertinent information to protect you, your businesses and your families by sharing news, updates, and articles regarding cyber security.
Don't forget to check out our Identity Theft and Security page to learn more about this crime and ways you can protect yourself from having your identity stolen!
May 8, 2019
New Cyber Fraud
This week we learned of a new type of cyber fraud.
The Payroll clerk of a local company received an email from one of their “employees” requesting information on how to change his direct deposit information. The Payroll clerk responded via email to the “employee” and asked him for a voided check for the new account number. The “employee” provided a copy of a check in an email. Unfortunately, none of this communication or account information was from the real employee. The payroll clerk made the change and the direct deposit was sent to the account provided by the fraudster. Upon receipt of the direct deposit, the funds were immediately withdrawn and the account was closed.
Points to consider regarding this situation:
- The company email address for the “employee” was not used in the communication exchange. This may or may not have been a red flag if the company allows the use of both company and personal email addresses;
- There was no direct communication to verify the “employee’s” identity and confirm the request, such as a phone call.
Further research showed that the employee’s personal email was compromised and the fraudster was able to obtain a copy of the employee’s pay stub. This employer emailed pay stubs to employees. The pay stub included the employee’s name, address, confirmation of direct deposit and the email address of the Payroll Clerk.
Please revisit your procedures in distributing pay stubs and how you confirm requests to change direct deposit information. You may want to consider a phone call to the employee requesting the change for confirmation.
Emails requesting a change to payment information or sending funds via ACH or wire transfer should be confirmed in person or by phone with the person making the request. This would include any email from an employee, supervisor, manager, vendors or any other person making an unusual request.
Taking these precautions could prevent a potential loss. Should you have any questions about a situation you may be experiencing or need help with any transaction, feel free to contact any local Century Bank representative.
January 8, 2019
Securing New Devices
This technology provides a level of convenience to our lives, but it requires that we share more information than ever. The security of this information, and the security
of these devices, is not always guaranteed. Click here for important steps you should consider to make your Internet of Things more secure.
July 10, 2018
Phone Call Attacks & Scams
Phone call attacks and Scams are on the rise. How do they work? How can you protect yourself? Learn how to spot and stop these attacks. Read the newsletter from SANS Security Awareness.
May 29, 2018
Foreign Cyber Actors Target Home and Office Routers
The Federal Bureau of Investigation (FBI) is warning that a new malware threat has rapidly infected more than a half-million consumer devices. To help arrest the spread of the malware, the FBI and security firms are urging home Internet users to reboot routers and network-attached storage devices made by a range of technology manufacturers. Read the FBI Public Service Announcement.
May 14, 2018
Reducing your Information Footprint
While spring cleaning your home and the top of your desk, consider also cleaning up your information footprint. Read the article from MS-ISAC.
February 20, 2018
Tax Pros Urged to Step Up Security as Filing Scheme Emerges, Reminded to Report Data Thefts
The IRS is alerting taxpayers of the latest data theft scam. This scheme is likely just the first of many that will be identified this year as the IRS, state tax agencies and tax industry continue to fight back against tax-related identity thieves. Read the complete news release on IRS.Gov.
November 30, 2017
IRS National Tax Security Awareness Week
As part of National Tax Security Awareness Week—November 27 to December 1—the Internal Revenue Service (IRS) is releasing daily security tips to help taxpayers protect their data and identities against tax-related identity theft. Visit the IRS National Tax Security Awareness Week 2017 page.
September 19, 2017
Business Email Compromise (BEC)
Over the past two years, fraudsters have stolen millions of dollars from businesses by compromising official company email accounts and using those accounts to initiate unauthorized wire transfers. We want you to be aware of this type of scam as we have seen local New Mexico businesses impacted by this scheme.
BEC scams often begin with an attacker compromising a business executive’s email account by using key logger malware or phishing methods. The attackers may create a domain that is similar to the company they are targeting. They may also send a spoofed email that tricks the victim into providing account details. Upon monitoring the compromised email account, the fraudster will try to determine who initiates wires and who requests them. Undetected, they may spend weeks studying the organization’s vendors, billing systems, and the CEO’s style of email communication. The fraudsters then impersonate high level executives, sending emails to a targeted employee in the finance office – a bookkeeper, accountant or controller, requesting wire transfers to fraudulent accounts.
The employee sends the money, just as he has done in the past. When the fraud is discovered, the money is hard to recover as the funds have been quickly drained from the account. The FBI states that "The best way to avoid being exploited is to verify the authenticity of requests to send money by walking into the CEO’s office or speaking to him or her directly on the phone. "Don’t rely on email alone."
Additional Resources Available on Business Email Compromise: