Blog Archives

Building a Digital Defense Against Tech Support Fraud

161019_cybersecurity

On July 18, 2017, the Federal Bureau of Investigations (FBI) Portland released the following news, warning people against tech support fraud. In our continuing efforts to educate our clients about cyber security best practices, we wanted to share the FBI’s warning and advice, in its entirety, here on our blog site. Information about fraud and security best practices can be found on the Grandpoint website at grandpointbank.com.  

In 2016, the FBI’s Internet Crime Complaint Center received almost 11,000 reports of tech support fraud incidents. In those cases, victims reported losses of more than $7.8 million.

So what is tech support fraud? Imagine you receive a call from someone who says he is with a computer software or security company. Maybe he says he is with a cable or Internet provider. The caller tells you that your software is out of date, and you are vulnerable to a cyber attack. Or, he says your equipment is malfunctioning, and he can fix it remotely — saving you a service call. All you have to do is to provide the caller with remote access to your computer or device. No idea what he’s talking about? No worries — he will be happy to walk you through all the technical details.

In another variation of the fraud, the bad guy convinces you that you overpaid for a recent service. He would be happy to refund the overage if you would just give him a few details — such as your bank account number — so he can arrange the refund.

In reality, he is either just trying to get into your account to clean it out — or, he is working for long-term access to launch other frauds. In this second example, he transfers money back and forth between your own checking, savings and retirement accounts to make it appear as though there is a refund when in fact there is none. Eventually, he tells you that he refunded too much and asks you to wire money back to the fraudulent company. Victims often don’t figure this out for quite a while as the losses pile up.

So how do you protect yourself?

  • Never give a stranger remote access to your computer or other electronics.
  • If something seems a bit odd, it probably is. Hang up and look up a phone number for that company or provider using a publicly-available resource.
  • Don’t give an unsolicited caller your bank account number or other personal information that he could use to access your accounts.
  • Don’t let someone pressure you into buying a computer security product or subscription. Oftentimes, there are reputable, free products that will do that work for you. Seek out help from someone you trust to ensure that if you do pay for something — it is worth the cost.

If you have been victimized by this scam or any other online scam, report your suspicious contacts to the FBI. You can file an online report at the FBI’s Internet Crime Complaint Center at www.ic3.govscreen-shot-2016-09-13-at-11-07-51-am or call your FBI local office.

This article can be found on the FBI’s Portland field office website.

screen-shot-2016-09-28-at-7-28-21-pm____________________________________________________________________________________________

screen-shot-2016-09-13-at-11-07-51-amLinking to Non-Grandpoint Bank Websites
This icon appears next to every link that directs to a third party website not affiliated with Grandpoint Bank. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Grandpoint Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Grandpoint Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.

fbtwitterLinkedIngp

FBI Article: Ransomware on the Rise

We noticed that a lot of you really liked the last FBI cyber security article we ran. We’re pleased the Bureau has encouraged us to share their articles on this topic, so we’re happy to do so again. This article deals with a concerning type of cybercrime called ransomware, where a malware restricts access to the infected computer/network and demands that the operators pay some sort of ransom to regain control of their network. We hope this article is helpful to you. Please let us know if you have information or ideas on this topic that our readers may want to hear.

You can find this article, as well as many other articles you may find valuable to keep your business and staff secure against cybercrime, at this web address:

https://www.fbi.gov/news/stories/2015/january/ransomware-on-the-rise/ransomware-on-the-rise↗

For more information about fraud protection tools and product features provided by Grandpoint Bank, please visit our website.

Ransomware on the Rise
FBI and Partners Working to Combat This Cyber Threat

Your computer screen freezes with a pop-up message—supposedly from the FBI or another federal agency—saying that because you violated some sort of federal law your computer will remain locked until you pay a fine. Or you get a pop-up message telling you that your personal files have been encrypted and you have to pay to get the key needed decrypt them.

Screen Shot 2015-12-03 at 10.50.23 AMThese scenarios are examples of ransomware scams, which involve a type of malware that infects computers and restricts users’ access to their files or threatens the permanent destruction of their information unless a ransom—anywhere from hundreds to thousands of dollars—is paid.

Ransomware doesn’t just impact home computers.
Businesses, financial institutions, government agencies, academic institutions, and other organizations can and have become infected with it as well, resulting in the loss of sensitive or proprietary information, a disruption to regular operations, financial losses incurred to restore systems and files, and/or potential harm to an organization’s reputation.

Ransomware has been around for several years, but there’s been a definite uptick lately in its use by cyber criminals. And the FBI, along with public and private sector partners, is targeting these offenders and their scams.

Screen Shot 2015-12-03 at 10.47.22 AMWhen ransomware first hit the scene, computers predominately became infected with it when users opened e-mail attachments that contained the malware.
But more recently, we’re seeing an increasing number of incidents involving so-called “drive-by” ransomware, where users can infect their computers simply by clicking on a compromised website, often lured there by a deceptive e-mail or pop-up window.

Another new trend involves the ransom payment method. While some of the earlier ransomware scams involved having victims pay “ransom” with pre-paid cards, victims are now increasingly asked to pay with Bitcoin, a decentralized virtual currency network that attracts criminals because of the anonymity the system offers.

Also a growing problem is ransomware that locks down mobile phones and demands payments to unlock them.

The FBI and our federal, international, and private sector partners have taken proactive steps to neutralize some of the more significant ransomware scams through law enforcement actions against major botnets↗ that facilitated the distribution and operation of ransomware.

For example:

  • Reveton ransomware, delivered by malware known as Citadel, falsely warned victims that their computers had been identified by the FBI or Department of Justice as being associated with child pornography websites or other illegal online activity. In June 2013, Microsoft, the FBI, and our financial partners disrupted a massive criminal botnet built on the Citadel malware, putting the brakes on Reveton’s distribution. FBI statement↗ and additional details.↗
  • Cryptolocker was a highly sophisticated ransomware that used cryptographic key pairs to encrypt the computer files of its victims and demanded ransom for the encryption key. In June 2014, the FBI announced—in conjunction with the Gameover Zeus botnet disruption—that U.S. and foreign law enforcement officials had seized Cryptolocker command and control servers. The investigation into the criminals behind Cryptolocker continues, but the malware is unable to encrypt any additional computers. Additional details.↗

If you think you’ve been a victim of Cryptolocker, visit the Department of Homeland Security’s U.S. Computer Emergency Readiness Team (CERT) CryptoLocker webpage↗ for remediation information.

The FBI—along with its federal, international, and private sector partners—will continue to combat ransomware and other cyber threats. If you believe you’ve been the victim of a ransomware scheme or other cyber fraud activity, please report it to the Bureau’s Internet Crime Complaint Center.↗

screen-shot-2016-09-28-at-7-28-21-pm


↗ Linking to Non-Grandpoint Bank Websites
This icon appears next to every link that directs to a third party website not affiliated with Grandpoint Bank. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Grandpoint Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Grandpoint Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.

fbtwitterLinkedIngp

Cyber Security Article from the FBI

When our staff spotted this article, we knew it was something we wanted to share with our clients and readers. We contacted the FBI for their permission to reprint it on our blog, and they were kind enough to agree. You can find this article, as well as many other articles you may find valuable to keep your business and staff secure against cyber crime, at this web address: https://www.fbi.gov/news/stories/2015/august/business-e-mail-compromise/business-e-mail-compromise↗

For more information about fraud protection tools and product features provided Grandpoint Bank, please visit our website.↗

gpb1

Business E-Mail Compromise
An Emerging Global Threat

08/28/15

The accountant for a U.S. company recently received an e-mail from her chief executive, who was on vacation out of the country, requesting a transfer of funds on a time-sensitive acquisition that required completion by the end of the day. The CEO said a lawyer would contact the accountant to provide further details.

“It was not unusual for me to receive e-mails requesting a transfer of funds,” the accountant later wrote, and when she was contacted by the lawyer via e-mail, she noted the appropriate letter of authorization—including her CEO’s signature over the company’s seal—and followed the instructions to wire more than $737,000 to a bank in China.

The next day, when the CEO happened to call regarding another matter, the accountant mentioned that she had completed the wire transfer the day before. The CEO said he had never sent the e-mail and knew nothing about the alleged acquisition.

The company was the victim of a business e-mail compromise (BEC), a growing financial fraud that is more sophisticated than any similar scam the FBI has seen before and one—in its various forms—that has resulted in actual and attempted losses of more than a billion dollars to businesses worldwide.

gpb2

“BEC is a serious threat on a global scale,” said FBI Special Agent Maxwell Marker, who oversees the Bureau’s Transnational Organized Crime–Eastern Hemisphere Section in the Criminal Investigative Division. “It’s a prime example of organized crime groups engaging in large-scale, computer-enabled fraud, and the losses are staggering.”

Since the FBI’s Internet Crime Complaint Center (IC3) began tracking BEC scams in late 2013, it has compiled statistics on more than 7,000 U.S. companies that have been victimized—with total dollar losses exceeding $740 million. That doesn’t include victims outside the U.S. and unreported losses.

The scammers, believed to be members of organized crime groups from Africa, Eastern Europe, and the Middle East, primarily target businesses that work with foreign suppliers or regularly perform wire transfer payments. The scam succeeds by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques. Businesses of all sizes are targeted, and the fraud is proliferating.

According to IC3, since the beginning of 2015 there has been a 270 percent increase in identified BEC victims. Victim companies have come from all 50 U.S. states and nearly 80 countries abroad. The majority of the fraudulent transfers end up in Chinese banks.

Not long ago, e-mail scams were fairly easy to spot. The Nigerian lottery and other fraud attempts that arrived in personal and business e-mail inboxes were transparent in their amateurism. Now, the scammers’ methods are extremely sophisticated.

“They know how to perpetuate the scam without raising suspicions,” Marker said. “They have excellent tradecraft, and they do their homework. They use language specific to the company they are targeting, along with dollar amounts that lend legitimacy to the fraud. The days of these e-mails having horrible grammar and being easily identified are largely behind us.”

To make matters worse, the criminals often employ malware to infiltrate company networks, gaining access to legitimate e-mail threads about billing and invoices they can use to ensure the suspicions of an accountant or financial officer aren’t raised when a fraudulent wire transfer is requested.

Instead of making a payment to a trusted supplier, the scammers direct payment to their own accounts. Sometimes they succeed at this by switching a trusted bank account number by a single digit. “The criminals have become experts at imitating invoices and accounts,” Marker said. “And when a wire transfer happens,” he added, “the window of time to identify the fraud and recover the funds before they are moved out of reach is extremely short.”

In the case mentioned above—reported to the IC3 in June—after the accountant spoke to her CEO on the phone, she immediately reviewed the e-mail thread. “I noticed the first e-mail I received from the CEO was missing one letter; instead of .com, it read .co.” On closer inspection, the attachment provided by the “lawyer” revealed that the CEO’s signature was forged and the company seal appeared to be cut and pasted from the company’s public website. Further assisting the perpetrators, the website also listed the company’s executive officers and their e-mail addresses and identified specific global media events the CEO would attend during the calendar year.

The FBI’s Criminal, Cyber, and International Operations Divisions are coordinating efforts to identify and dismantle BEC criminal groups. “We are applying all our investigative techniques to the threat,” Marker said, “including forensic accounting, human source and undercover operations, and cyber aspects such as tracking IP addresses and analyzing the malware used to carry out network intrusions. We are working with our foreign partners as well, who are seeing the same issues.” He stressed that companies should make themselves aware of the BEC threat and take measures to avoid becoming victims (see sidebar).

If your company has been victimized by a BEC scam, it is important to act quickly. Contact your financial institution immediately and request that they contact the financial institution where the fraudulent transfer was sent. Next, call the FBI, and also file a complaint↗—regardless of dollar loss—with the IC3.

“The FBI takes the BEC threat very seriously,” Marker said, “and we are working with our law enforcement partners around the world to identify these criminals and bring them to justice.”

screen-shot-2016-09-28-at-7-28-21-pm


 Linking to Non-Grandpoint Bank Websites
This icon appears next to every link that directs to a third party website not affiliated with Grandpoint Bank. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Grandpoint Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Grandpoint Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.

fbtwitterLinkedIngp