Blog Archives

Defenses Against Cybercrime

Through our work in cyber and information security, we have formed relationships with professionals at Secure the Villagescreen-shot-2016-09-13-at-11-07-51-am and Citadel Information Group.screen-shot-2016-09-13-at-11-07-51-am They have kindly allowed us to post on our blog site some of the articles they have authored about cyber security. This articlescreen-shot-2016-09-13-at-11-07-51-am provides a great overview of the business email compromise scam and how to avoid being taken in by it.

Business E-mail Compromise: Don’t Be a Victim

By Stan Stahl, PhD, President of Citadel Information Group, Inc. & Founder and President of Secure the Village

What to Do: Implement very strong controls on wire transfers

Screen Shot 2017-05-02 at 5.47.51 PMAssume all email or fax requests from a vendor to change bank accounts are fraudulent. Assume all email or fax requests from the company President or others are fraudulent. Assume all email or fax requests to set-up a new vendor are fraudulent. Pick up the phone, call the party in question and verify the request is legitimate.

If you discover you are a Business Email Compromise victim, immediately contact the FBI’s Southern California Cyber Fraud unit at sccf@leo.gov. They have established banking relationships and are often able to recover funds if they are notified within 72 hours.

And talk to your banker. Make sure they have your back.

It’s also a good idea to check with your insurance broker to ensure that business email compromise losses are covered.

Background

Not too long ago, email scams were relatively easy to detect. They were often from unknown contacts and referenced bank or credit card information which was clearly incorrect. Sometimes, the emails would simply contain a link. As time has passed, fraudulent attempts to gain control of your online banking, your critical information, and your identity have become more skillful and harder to spot. These days’ emails often appear to come from recognized accounts, are well written, and–at least at first glance–seem legitimate.

The newest — and one of the costliest — in a long line of fraudulent e-mail scams is “Business E-Mail Compromise” (BEC).

Business Email Compromise (BEC) is a very sophisticated attempt to induce a business to willingly hand over their money to a cybercriminal. In Business Email Compromise (BEC), crooks spoof communications from executives or vendors at the victim firm in a bid to initiate unauthorized wire transfers.

According to the FBI, thieves stole nearly $750 million in such scams from more than 7,000 victim companies in the U.S. between October 2013 and August 2015. Business Email Compromise cost Ubiquiti Networks $46 million.screen-shot-2016-09-13-at-11-07-51-am

Collectively, Business Email Compromise has resulted in actual and attempted losses of over a billion dollars worldwide. The FBI reports, “…since the beginning of 2015 there has been a 270 percent increase in identified BEC victims. Victim companies have come from all 50 U.S. states and nearly 80 countries abroad.”

BECs can target businesses working with foreign suppliers or regularly performing wire transfer payments, although they have also targeted some that do not strictly fit this criterion. In order to solicit unauthorized transfers of funds, the scams compromise legitimate business e-mail accounts through social engineering or computer intrusion techniques. Prior to making contact, the scammers learn enough about their target to create emails that use language specific to the company and request wire transfers that seem legitimate.

For more information on BECs, see https://www.fbi.gov/news/stories/2015/august/business-e-mail-compromise/business-e-mail-compromisescreen-shot-2016-09-13-at-11-07-51-am and http://krebsonsecurity.com/2015/08/fbi-1-2b-lost-to-business-email-scams/screen-shot-2016-09-13-at-11-07-51-am

screen-shot-2016-09-28-at-7-28-21-pm

____________________________________________________________________________________________

screen-shot-2016-09-13-at-11-07-51-amLinking to Non-Grandpoint Bank Websites
This icon appears next to every link that directs to a third party website not affiliated with Grandpoint Bank. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Grandpoint Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Grandpoint Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.

fbtwitterLinkedIngp

CIO John Coleman Recognized by Los Angeles Business Journal

screen-shot-2016-09-16-at-11-21-45-amEarlier this summer, Grandpoint SVP & Chief Information Officer John Coleman was honored as one of a select group of nominees for the Los Angeles Business Journal’s Chief Technology Officer Awards at a dinner in Santa Monica. The nominees were also featured in the Business Journal.

John, who has managed the Bank’s information systems and technology since 2012, was praised for his technical knowledge as well as his ability to foresee emerging trends, balance risk with growth objectives, and communicate effectively with the Bank’s leadership.

“Not only has John done a great job helping us keep pace with new technologies, he’s also played a key role in addressing the evolving risks of cyber crime,” said Loraine White, EVP and Chief Administrative Officer at Grandpoint Bank. “His involvement in numerous IT and cyber security working groups and public-private collaborations has kept us on the forefront of these developing threats and built partnerships that have been very beneficial to our bank and our clients.”

His knowledge and expertise in this area have been especially valuable as the Bank has sought out new ways to help business clients thwart the risk of cyber crime. In June, the Bank announced the availability of a new Client Cyber Crime Insurance policy, offered exclusively to its business clients through Grandpoint Insurance Services, Inc., a non-bank insurance agency affiliate of Grandpoint Bank. The policy helps protect clients against monetary losses to their Grandpoint business accounts as a result of cyber deception and wire transfer fraud.

Given his wealth of knowledge about cyber security, we asked John to share some of his top tips:

  • Understand the basics of information security and apply them
  • Practice password management, which involves using complex passwords that are changed regularly
  • Make sure to keep computers up-to-date with antivirus software and patches
  • Use common sense
  • Once a business starts employing 10 or 20 people, appoint someone to be responsible for the management of the computer and security systems. Policies and procedures should be in place and known to all.
  • Backup information! Many businesses overlook this. Backed up information should be stored somewhere offsite and offline. It should be difficult to get into the backup copies.

John also recommends these sites as good sources of information about cybersecurity threats and best practices:

Additionally, the Department of Homeland Security has designated October as National Cyber Security Awareness month and provided some helpful resources here.↗

John is very active in the business and civic community on the topic of cyber crime. Through his involvement with ISSA↗ (Information Systems Security Association), John not only spoke at one of its events, he also formed relationships with financial and security professionals, including those from the FBI,↗ Los Angeles County District Attorney’s High Tech Crime Department↗ and the Secret Service’s↗ electronic crimes taskforce. The FBI subsequently reached out to John and Grandpoint Bank to help them host a nationwide gathering of their field office representatives at the Grandpoint offices to talk about cyber crime. (John was the only non-government participant invited to attend that day.) The two-day event also included a session for tech companies, financial institutions and other law enforcement regarding the hot topic of business email compromise.

John has also been active with the California Bankers Association’s annual Risk, Cybersecurity and Technology conference↗ by serving on the planning committee, helping to arrange speakers, providing opening remarks for the conference and moderating the Incident Response panel discussion. He also serves on the advisory board and on the executive council of Secure the Village,↗ a nonprofit organization dedicated to cyber security education and awareness for small and mid-sized businesses as well as nonprofits. He has also served as a speaker for one of Secure the Village’s roundtable events.

Well-deserved congratulations on your nomination for top Chief Technology Officer, John! You’re certainly ours!

For more information on the Client Cyber Crime Insurance, visit www.grandpointinsurance.com (California Insurance License #0K82434).

Insurance Products are:
Screen Shot 2016-06-23 at 9.12.21 AM
Insurance Products are offered through Grandpoint Insurance Services, Inc., a non-bank insurance agency affiliate of Grandpoint Bank, and facilitated through LBW Insurance & Financial Services, Inc., an unaffiliated insurance agency.

screen-shot-2016-09-28-at-7-28-21-pm


↗ Linking to Non-Grandpoint Bank Websites
This icon appears next to every link that directs to a third party website not affiliated with Grandpoint Bank. Please be advised that if you click this link you will be taken to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Grandpoint Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Grandpoint Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.

fbtwitterLinkedIngp