It is my pleasure to share with you some information that I have gleaned from Umpqua Bank concerning some cybersecurity concerns. The following information was given to me to use by Umpqua Bank’s Redmond, WA branch Assistant Vice President, Alana McWade whom I have a relationship through our mutual networking group called 3N for No Nonsense Networking.
Business Email Compromise (BEC)
Hello from Umpqua,
We wanted to let you know that U.S. security experts are seeing more businesses falling victim to Business Email Compromise (BEC) attacks. These attacks occur when business email accounts are hacked or fraudsters impersonate someone close to your business. They’ll attempt to trick companies into sending wire transfers or writing checks to bank accounts owned by the attacker, and unfortunately their success rate has been on the rise. Since the FBI’s Internet Crime Complaint Center began tracking these scams in late 2013, more than 7,000 U.S. companies have been victimized—with total dollar losses exceeding $740 million.
In the paragraphs below, you’ll find three of the most common ways fraudsters will try to target and exploit your business email, as well as steps you can take to protect yourself. You can find more helpful information about these attacks at the FBI’s BEC resource page at: https://www.fbi.gov/news/stories/business-e-mail-compromise-on-the-rise.
At Umpqua Bank, we’re here to help minimize your risk and protect your business from unnecessary loss. If you believe that you’re a victim of a BEC attack, please contact us immediately at (866) 486-7782 or CustomerService@UmpquaBank.com.
FRAUD METHOD: CEO Impersonation
OVERVIEW: Fraudsters send emails which appear to come from a high-ranking official (e.g., CEO, CFO, Legal) to employees requesting an urgent wire transfer. Sophisticated techniques can make the “from” address in the email appear authentic. Believing the email is legitimate, the employee submits a wire through online banking or in person at a store.
CUSTOMERS: Businesses can defend against this attack by:
• Educating employees about this type of fraud—attackers will sometimes use addresses that are similar to familiar domains, e.g. abc_company.com vs. abc-company.com.
• Implementing a simple confirmation procedure. For example, if an employee receives an email requesting a wire transfer, require him or her to call the requestor back via a known good phone number (i.e., not the phone number listed in the email requesting the wire) and confirm the legitimacy of the request.
FRAUD METHOD: Email Account Hack
OVERVIEW: A customer’s email account is hacked and fraudsters send emails directly to the bank requesting a wire transfer. The email may appear legitimate to the bank, as it is coming from a customer’s email account.
CUSTOMERS: A business employee may not know their email account has been hacked. Businesses should:
• Educate employees about this type of fraud.
• Consult with a cybersecurity professional to evaluate the how secure your computer systems are.
• Choose complex passwords for all email accounts, regularly update these passwords, and ensure that they aren’t reused not reused. Some good guidelines for choosing and creating strong passwords are available here. Use the latest operating system and applications, and make sure that the system is regularly updated.
• Use reputable anti-virus software that is up to date.
• Regularly review your bank account activity and statements to identify unauthorized transactions.
• Immediately report any suspicious activity to Umpqua Bank.
FRAUD METHOD: Vendor/supplier impersonation
OVERVIEW: Similar to CEO impersonation, fraudsters send emails that appear to come from a vendor or business supplier. Commonly, the email requests payment of an invoice via wire transfer to a specified bank account. Sophisticated techniques can make the “from” address in the email appear authentic. Believing the email is legitimate, the employee submits a wire through online banking or in person at a store.
CUSTOMERS: Same actions as CEO Fraud, with the focus on contacting the vendor.
UmpquaBank.com (866) 486-7782 Member FDIC Equal Housing Lender SBA Preferred Lender