Establish dual control for all money movement activities. Ensure that every funds transfer requires a transaction creator and separate approversl. Utilize online banking security features to set additional approval levels based on the dollar amount of the transaction. Set up online alerts to notify approvers when a money transfer request is awaiting approval. Utilize the approval feature within your bank’s mobile application to ensure that senior management can approve transactions on-the-go.
Instruct employees to always conﬁrm requests for money movement. To conﬁrm requests, employees should use a channel different from the channel used to make the request. For example, an email request should be followed up with a telephone call to the requestor
Exercise restraint when publishing information regarding employee activities. Fraudsters will use this information to determine ideal time frames for committing fraud.
Regularly review your online activity for debits, credits, check orders, wires, ACH transactions and new payees and accounts that you don’t recognize. If you see unauthorized activity contact American Business Bank immediately so we can disable online banking and stop any additional unauthorized activity.
When you are in Online Banking if your screen freezes or an unexpected pop up box appears asking you for other types of personal information or prompts you to authenticate with a secure code when you are not conducting a transaction, please call us at 213.430.4000 and speak to Treasury Management Services so we can assist you in determining if what you are experiencing indicates that your machine may have been compromised.
A man-in-the-middle attack is like eavesdropping. Data is sent from your computer to a website, and an attacker can get in-between these transmissions. They then set up tools programmed to “listen in” on transmissions, intercept data that is specifically targeted as valuable, and capture the data. Sometimes this data can be modified in the process of transmission to try to trick the end user to divulge sensitive information, such as log-in credentials. Once the user has fallen for the bait, the data is collected from the target, and the original data is then forwarded to the intended destination unaltered.
Man-in-the-browser is a form of Internet threats related to man-in-the-middle, it infects a web browser by taking advantage of vulnerabilities to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application. These attacks may be countered by using out-of-band transaction verification.
Ensure employees are aware that this type of fraud is a real threat. Educate employees on the proper process for initiating money transfers, and enforce this process with all requests. Coach executives to encourage verification of all wire transfer requests. Encourage executives to introduce themselves to the Accounts Payable team and let them know it is acceptable to question any payment request.
Often this type of fraud will trigger alarms at your bank. When the bank contacts the business to conﬁrm the authenticity of the wire, the company employees will conﬁrm the wire as legitimate since it originated from an executive’s request. Thus, the wire transfer is processed even though the bank questioned its authenticity. Instruct employees to take additional steps to ensure a wire is accurate and legitimate if they are contacted by the bank regarding a wire’s validity.
These attacks consist of flooding a website with millions of requests for information at once to create a “traffic jam” that temporarily disrupts legitimate users from accessing a website. In recent years, many businesses have faced online DDOS Attacks meant to delay or prevent customers from accessing their website resources. These attacks do not compromise the website security or banking systems, merely slow down or make the site inaccessible. American Business Bank has processes in place to identify and block these types of attacks, but initially customers may experience slower-than-normal connections to ABB Connect. If you are ever unable to connect to americanbusinessbank.com or ABB Connect during an attack, you may contact us for assistance at 213.430.4000.
A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection and require some expertise to configure.
Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users’ knowledge. Most types of antivirus software can be set up to update automatically.
Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code. It’s like buying groceries—shop where you trust.
Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.
E-mail is a prevalent method of attack via delivery method of malicious links and attachments. Links can be disguised as harmless pointers while behind the scenes when clicked they can activate the install of spyware, Trojans, or other malicious software. If you hover your mouse over the link you can see where the link will take you. If that is a different location then the link is portraying that is a red flag.
Carelessly downloading email attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don’t know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code. Scan all attachments before opening them.
With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker’s connection—be it spyware or a botnet that employs your computer’s resources to reach out to other unwitting users.
To determine some of the federal investigative law enforcement agencies that may be appropriate for reporting certain kinds of crime, please refer to the following table:
|Type of Crime||Appropriate federal investigative law enforcement agencies|
|Computer intrusion (i.e. hacking)|
|Internet Fraud matters that have a mail nexus|
● U.S. Postal Inspection Service
|Internet fraud and SPAM|
● Federal Trade Commission (online complaint)
● if securities fraud or investment-related SPAM e-mails, Securities and Exchange Commission (online complaint)
|Internet harassment||● FBI local office|
|Internet bomb threats|
The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). IC3’s mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. For law enforcement and regulatory agencies at the federal, state, and local level, IC3 provides a central referral mechanism for complaints involving Internet related crimes.
Cyber Security for Small Business
FBI Internet Crime Complaint Center
Homeland Security – Business Resources
US Cert- Resources for Small to Mid-Size Businesses
NIST- National Institute of Standards and Technology – Small Business Cyber Security