CORPORATE ACCOUNT TAKEOVER
WHAT IS CORPORATE ACCOUNT
Simply put, corporate account takeover is the business equivalent of personal identity theft. Hackers, backed by
professional criminal organizations, are targeting small and medium businesses to obtain access to their web
banking credentials or remove control of their computers. These backers will then drain the deposit and credit lines of the compromised bank accounts, funneling the funds through mules that quickly redirect the monies overseas into backers accounts. A computer can be compromised very easily by visiting an infected website or by simply opening an email. There has been a steady increase in account takeovers since 2009 resulting in billions of dollars of damage.
SECURITY BEST PRACTICES
When it comes to protecting sensitive financial information from hackers, there's no substitute for good old-fashioned knowledge. As a business owner, you should have a level of understanding about how to secure
your computers that allows you to take proactive steps and avoid, or at least minimize most threats. Experts
advise following best practices including using a dedicated computer, keeping patches and anti-virus up
to date, installing a host based firewall, verifying all transactions before approving and reviewing bank
transactions daily. These best practices should be the minimum security baseline for every company's online
STEPS FOR BETTER SECURITY
- Use a dedicated computer for financial transactional activity. Do not use this computer for general web browsing and email.
- Apply operating system and application updates regularly (patches).
- Ensure that anti-virus/spyware software is installed, functional and is updated with the most current version.
- Have host-based firewall software installed on computers.
- Use the latest version of internet browsers, such as Explorer, Firefox or Google Chrome and keep patch up to date.
- Activate a "pop-up" blocker on internet browsers to prevent intrusions.
- Turn off your computer when not in use.
- Do not batch approve transactions; be sure to review and approve each one individually.
- Review your credit report/banking transactions regularly.
- Contact your information technology provider to determine the best way to safeguard the security of your computers and networks.
WARNING SIGNS OF A SYSTEM OR NETWORK COMPROMISE
- Inability to log into online banking (thieves could be blocking access so that you won't see the theft until the criminals have control of the money).
- Dramatic loss of computer speed.
- Changes in the way things appear on the screen.
- Computer locks up so the user is unable to perform any functions.
- Unexpected rebooting or restarting of the computer.
- Unexpected request for a one time password (or token) in the middle of an online session.
- Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.).
- New or unexpected toolbars and/or icons.
- Inability to shut down or restart the computer.
EXAMPLES OF DECEPTIVE WAYS CRIMINALS CONTACT ACCOUNT HOLDERS
- The FDIC does not directly contact bank customers (especially related to ACH and Wire transactions, account suspension, or security alerts), nor does the FDIC request bank customers to install software upgrades. Such messages should be treated as fraudulent and the account holder should permanently delete them and not click on any links.
- Messages or inquiries from the Internal Revenue Service, Better Business Bureau, NACHA, and almost any other organization asking the customer to install software, provide account information, or access credentials is probably fraudulent and should be verified before any files are opened, software installed, or information provided.
- Phone calls and text messages requesting sensitive information are likely fraudulent. If in doubt, contact the organization at a phone number you obtained from a different source (such as the number you have on file, that is on your most recent statement, or that is from the organization's website). You should not call phone numbers (even with local prefixes) that are listed in the suspicious e-mail or text message.
If you believe your Gibsland Bank & Trust account has been compromised contact us immediately.
ONLINE BANKING AUTHENTICATION INFORMATION/TIPS/FAQ
The one-time refers to the security code being good for one-time only, not that the authentication security will occur one time. It will be at least once from each device and it also depends on your computer settings. Below are some FAQ's that may help:
Helpful Hints for repeated step-up (step-up is the phone text or phone voice)
If user continues to get stepped up over and over, we have found that sometimes user's browsers don't encrypt the Device ID correctly and therefore cannot be recognized as a previously used Device. Here are some hints we have found helpful in resolving client-side issues that prevent device from properly registering and resulting in users being c stepped on every login:
- Clear cookies; do not check "Preserve Favorite Sites" - Internet Explorer only.
- Add the institution's website to trusted sites - All browsers
- Delete any flash cookies for the institution's website (This can be accomplished at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html and scroll through the list to find the institution's website. Highlight and click 'Delete Website'.) – All browsers
Advanced Login Authentication FAQs OLB Device Profile
Q: Why did I have to go through the additional authentication process? (Why did I get stepped up?)
A: Most common reason would be this is a new device profile identified for the customer or there has not been enough consistent use of the Device to confirm the correlation.
Because the Device Profiling looks at many factors together, as well as a system cookie and a Flash Object from a prior session, there are some instances where changes to a combination of factors would trigger a risk score that requires additional authentication.
- Clearing Cookies + a Browser Setting Change
- Many devices used by a single user in a short period of time
- Multiple people using the same device can trigger a risk profile
- A Browser Update, Cleared Flash Object, Dates Out-of-Synch
These situations are difficult to pinpoint and difficult to explain but essential to appropriate assessment of risk.
Suggested response to consumers: We recently upgraded our security system and our system controls are asking you to confirm your PC and network path before proceeding. Please follow the instructions to provide additional authentication so the system can learn this profile is safe and you can access the system from this profile in the future.
Q: Are there adjustments that can made to my PC to make it work better?
A: There are some settings in a PC that make Device Profile work more effectively. Essentially these settings will expose more of the PC Profile to the Device Review so make it easier for the system to tell the legitimate customer from a fraud attempt.
If a user continues to get stepped up over and over, we have found that sometimes users' browsers don't encrypt the Device ID correctly and therefore cannot be recognized as a previously used Device.
Here are some hints we have found helpful in resolving client-side issues that prevent device from properly registering and resulting in users being stepped on every login:
1. Clear cookies but do not check "preserve favorite sites" in Internet Explorer. (NOTE: this should be done once to give user a clean slate for registration to adhere, it should not be done frequently as this can cause step up to take place. See item # 6)
2. Add the bank site and online banking to trusted sites list in your browser setting
3. Ask the user delete any Flash cookies for the bank and online banking website (this can be done at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html and scroll through the list to find the bank website, highlight and click delete website)
4. Confirm that user is using a supported browser. If they are, attempt with a different supported browser. The list of compatible browsers is available on FIS Client Portal under Documentation / Online Banking
5. Confirm that user is not accessing OLB with network/router/ VPN device - if they are, they need to try without that device in place. These types of devices will cause step up to take place if users cannot avoid using them they will be stepped-up.
6. Make sure that the users do not have any settings/programs in place that will clear cookies automatically upon leaving browser, leaving page, shutting down computer or on a daily run that cleans computer. This will potentially cause the users to be stepped up each time they login.
7. Make sure that that following settings are set on their device:
- Third-Party Cookies should be allowed
- Flash available
Additionally some browser software/plug-ins stops items from loading and can limit our ability to recognize their system.
Gibsland Bank & Trust customers should be aware that fraudulent emails ("Phishing," pronounced fishing) are being sent to some U.S. residents. These unsolicited "phony" emails are sent to random email addresses hoping to trick recipients into revealing their credit card or banking account numbers, PIN numbers, and/or online banking login data.
GBT policy does not allow requests for confidential information (passwords or PIN numbers) through regular email. Contact your local GBT Branch Office with questions or concerns.
The senders of these emails do not represent GBT. Please Do NOT reveal your information to them.
Click Here For More information on Phishing.
UNLAWFUL INTERNET GAMBLING ENFORCEMENT ACT (UIGEA) of 2006
The UIGEA, signed into law in 2006, prohibits any person engaged in the business of betting or wagering (as defined in the Act) from knowingly accepting payments in connection with the participation of another person in unlawful internet gambling. The Dept of Treasury and the Federal Reserve Board have issued a joint final rule, Regulation GG, to implement this Act.
As defined in Regulation GG, unlawful Internet gambling means to "place, receive or otherwise knowingly transmit a bet or wager by any means which involves the use, at least in part, of the internet where such bet or wager is unlawful under any applicable Federal or State law in the State or Tribal lands in which the bet or wager is initiated, received or otherwise made".
As a customer of Gibsland Bank & Trust these restricted transactions are prohibited from being processed through your account or banking relationship with us. Restricted transactions are transactions in which a person accepts credit, funds, instruments or other proceeds from another person in connection with unlawful Internet gambling.
If you do engage in an Internet gambling business and open a new account with us, you must provide evidence of your legal capacity to do so.