The online world has seen an increase in overall attacks as time has passed, and while that is certainly no surprise, one particular type of attack presents drastic consequences – online financial fraud.
Cybercriminals are setting their sights on the accounts of executives and business owners with the hopes of striking it rich in the financial fraud sweepstakes. According to RSA, phishing attempts accounted for one out of every 300 emails in 2011. Phishing refers to attempts at tricking users into providing sensitive information that can help hackers compromise accounts. As for the primary reason behind most of 2011’s phishing emails, RSA claims it was financial fraud. RSA’s recent fraud report, dubbed “The Year in Phishing: January 2012,” stated: “Compared with the total numbers of phishing attacks recorded in 2010, phishing numbers have increased considerably through the past year. The cumulative number of phishing attacks recorded through 2011 was 279,580-a 37 percent increase from 2010.” RSA also predicts the rising phishing trend to continue throughout this year.
The FBI has noticed the increase in online financial fraud, and posted the following advisory through its Internet Crime Complaint Center: “The FBI has observed a trend in which cybercriminals are compromising the email accounts of U.S. individuals and businesses and using variations of legitimate email addresses associated with the victim accounts to request and authorize overseas transactions. The wire transfers are being sent to the bank accounts of individuals typically located domestically or in Australia and the funds are being sent directly to Malaysia. Investigations indicate that some of the money mules in the U.S. and Australia are victims of a romance scam and are asked to further transfer the funds to Malaysia. As of December 2011, the attempted fraud amounts total approximately $23 million; the actual victim losses are approximately $6 million.”
While the public sector appears to be the main target of phishing scams, RSA notes that small and medium enterprises are also being targeted. Jorge Rey, director of information security and compliance at Kaufman, Rossin & Co., P.A., said small and medium enterprises are savory targets because their security often pales in comparison to their larger counterparts. Rey added that several of his clients claimed to be victims of such attacks in the past six months, and that one customer’s accounts were drained of approximately $400,000.
Tips for Organizations
Despite the threatening nature of financial fraud scams, Rey noted that business owners and chief information officers can employ certain steps as preventative measures against such attacks, and here they are:
-Ask your bank for any tips on preventing fraudulent wire transfers and ask what your liability is should an attack occur.
-Review online banking activity each day. This makes it quicker to detect any fraudulent charges or signs that the account has been compromised.
-Install and maintain a trusted and constantly updated antivirus solution on your computers and network.
-Discover your company’s vulnerabilities and weaknesses by implementing security audits and risk assessments on a regular basis. Rey recommends doing this at least twice a year. A response plan should be created as well.
-Select one specific computer as the designated vehicle for financial transactions. The computer should have a unique password and used solely for financial transactions.
-Secure the in-house financial wire process by separating those in charge of initiating wires and those responsible for authorizing them. Each party should use a separate computer with unique credentials.
-Avoid clicking links or opening attachments in email or on social networks. Also, never disclose sensitive data or login credentials over the phone, as phishing can occur there as well. Contact your bank directly if you have any doubts or suspicions before offering any information.
Tips for Victims
If you are one of the unfortunate victims of online financial fraud, Thor Olavsrud of CIO.com suggests some steps you should take to help minimize the damage. The first thing you should do is contact your bank directly by telephone. Tell them that you think your account has been compromised and ask that they disable any online access. You should request a new account altogether and also ask your bank representative for advice on any other measures you should take.
If money was withdrawn from your account without your authorization, contact your local police department to report the theft. Ask them for tips on what you should do as well.
Lastly, try to figure out how your account got compromised. Do you remember clicking on any suspicious links on a certain computer or visiting any potentially malicious sites? Is it possible that you logged into your bank account on a public computer and didn’t log out, or did you access your account on an unprotected Wi-Fi network? Whatever the case may be, try to remember the steps leading up to the attack. If you believe your computer has been infected, run software to scan and remove any potential viruses. Also, use a different computer to change your passwords to prevent any further account breaches. These are just some steps you can follow in the event of an attack.
For more on this topic, visit http://www.pcworld.com/businesscenter/article/250139/8_tips_to_defend_against_online_financial_fraud_threats.html
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting Security Articles
More By wubayou