Protect Your Business Against Cyber Threats  

In the modern enterprise driven by technology and software, combined with increased data, most of which is sensitive or confidential, concerns of cyber-attacks continue to grow. The boost in volume and complexity of cyber attackers and their skills heightens the problem. Maintaining cybersecurity in a continuously changing threat environment is challenging for all organizations. 

Spear Phishing

Spear Phishing is an attempt to acquire sensitive information or access it by sending a counterfeit email targeting a specific person or company to access information or systems. 

An example of spear phishing would be an email claiming any event that requires you to change passwords, click on a link to view or download a document, review, and sign a company-wide document change, etc. These emails generally have a sense of urgency attached to them as well. 

How to prevent falling victim to these fraud attempts: 

• Use two-factor authentication
• Call client or vendor before sending money
• Disable images on your email

Avoid reusing your passwords.

Payment Fraud

Payment fraud is a false transaction executed by a fraudster. If successful, the offender gains access to the victims’ funds, personal information, and delicate information using the internet. 

Fraudsters have gotten savvy at gaining personal information online. They often pose as a business representative and contact credit card holders, asking to verify account information, upgrade credit card status, opt into a promotional offer, etc. 

The common avenues used to steal personal data go as follows:

• Email
• Testing malware on smart devices
• Instant messaging
• Rerouting traffic to fraudulent websites
• Phone calls 

Additionally, cyber thieves work to penetrate network security systems seeking out faults or patches that have not been updated in a while. These gaps allow access around a firewall, making illegally accessing sensitive information easier. 

How businesses can help mitigate fraud:

• Understand the latest fraud trends
• Use encryption on transactions and emails with sensitive information
• Regularly change tokens and login credentials
• Frequently run security checks on antivirus software
• Determine a policy around access to confidential information
• Require customer account login before making a purchase

Contact the FBI if you are a victim of a cyber attack

The FBI has 56 field offices in the US, not including satellite offices. Additionally, the FBI is permitted to police tribal lands. They work and collaborate with other fields of law enforcement nationally and internationally. However, some international governance is not always collaborative.

When working with the FBI, the will: 

• Focus on the scope of the crime
• Get info to you as soon as possible
• A lot of cyber security attacks are human errors. The FBI will treat you as a victim.

When working with the FBI, they will not: 

• Look for violations made by the company
• Share company info
• Siege assets from victims
• Repair or restore network systems
• Does not charge

Information the FBI will request:

• Record of the conversation that led to the breach
• Record accounts or wallets used or where money was sent 
• Complaint submission to https://www.ic3.gov/ 
• If you sent money, there is a Recovery Asset Team
  • Criteria to quality: $50,000+ in less than 72 hours

If you have been hacked, alert the FBI if there is a ransom amount: Why? Because it may be a sanctioned country, sending money is illegal, or the FBI might have a decryption key or other valuable tools from previous attempts.

Fidelity Bank’s Fraud Mitigation Services

Positive Pay & ACH Filter services identify and mitigate the payment of potentially fraudulent or unauthorized checks and ACH transactions by matching transactions presented to your account against transactions you have authorized.

Security Tokens, also known as multi-factor authentication tokens, add an additional layer of protection for payment origination. The security token generates a one-time code to verify the user originating ACH files or to initiate wire transfers. Hard Tokens are physical devices that generate the code, whereas Soft Tokens are software tokens that exist on devices such as computers or phones.

Dual Control is an approval process that requires two separate individuals to authorize a transaction or payment such as a wire or ACH transfer. The first person authorizes the request, and the second person reviews and approves.

Learn more about fraud protection services offered by Fidelity Bank: https://fidelitybankmn.com/business-banking/cash-management-solutions/#riskmitigation