Here at Sinu, we spend our time safeguarding critical data so our customers can focus on what they do best - running a business. But often, the greatest threats to our data security come through our email. We’ve all been repeatedly warned to check for suspicious downloads, but often Trojan horses come with a logo from your local bank or credit union. Why rob a bank in person, when you can just politely ask for someone’s account information… and get it?
Cyber bank robbers have the resources and the financial incentive to develop sophisticated techniques to convince unsuspecting victims to hand over information to them. In the online fraud world, it’s called phishing. Instead of putting a worm on the line, they just send you a friendly notice from “your bank” with a logo that looks real. Hackers can even uncover your location from your email address and use a regional bank logo. Even the most wary of email users can be caught off guard.
According to the Charlotte Observer, phishing schemes are on the rise because… well, they work. Karl de la Guerra runs a Charlotte-based company that provides security-consulting services to businesses and law enforcement agencies. He told the Observer, “The criminals involved in phishing can be found all over the world, although Asia and central Europe are hotspots.” De la Guerra said some of the fraudsters tap away on laptops eight to 12 hours a day in warehouse-size buildings that can house 100 or more cybercriminals.
Email has become a central part of our lives, but it was never designed to be a secure communication medium. As such, banks don’t use it to request information from you. Never trust an email asking for bank account information. Call your local bank branch instead to verify an email communication that asks for sensitive information.
Here are some tips to keep you - and your company’s bank account - safe from cyber criminals:
- If you receive an email, check for misspellings and poor grammar. This is often a dead give-away.
- Before clicking on a link, check the URL. Often the fake URL will have the bank name in it, but it will not be a direct bank link.
- Use two-factor authentication for your bank accounts.
- Don’t store your bank or personal security passwords on an online storage system or email system. If a hacker gets into your online account, they then also have access to your passwords and other sensitive information.
- Set limits on who and how much can be wired from your accounts and be sure to close any unused bank accounts.
- Trust your instinct if you get a bad feeling in your gut about an email or an attachment. Sometimes your subconscious sees patterns that you may not have consciously put together yet. If you have even the slightest doubt, delete the email and call your financial institution.
Anyone can be vulnerable to attack. CSO reports that Ubiquiti Networks, Inc., a company that manufactures high-performance networking technology, fell prey to a more sophisticated email phishing scam, costing them more than $39 million. More importantly, it reminds us that even if companies use heavy encryption and coding to protect their data, security can easily be breached right through the front door. With the increased use of online banking and big potential payoffs for cyber criminals, this threat will only increase.