Cybercrime and Your Money
As technology advances so do emerging risks. LBW’s Tech Secure® division warns you to be extra careful when it comes to protecting and transferring money. Threats from computer viruses, online bank fraud, and business email compromise continue to cost organizations billions in losses across the globe. FBI Warns of Dramatic Increase in Business E-Mail Scams These monetary losses can jeopardize the long term success of any company or nonprofit organization.
With the proliferation of cybercrime, banks are under increased pressure to maintain commercially reasonable security and protect their assets and client assets from loss; but banks have no control over the security or controls at customer organizations. You have a responsibility to protect your own organization if your online bank credentials get stolen, your computer gets infected leading to a fraudulent transfer of money or securities, or an employee gets deceived into releasing funds to a cyber-criminal.
FDIC - Doesn’t the FDIC Cover This?
From the FDIC's website:
“The FDIC (Federal Deposit Insurance Corporation) is an independent agency of the United States government that protects you against the loss of your insured deposits if an FDIC-insured bank or savings association fails. FDIC insurance is backed by the full faith and credit of the United States government.
When a Bank Fails: “A bank failure is the closing of a bank by a federal or state banking regulatory agency, generally resulting from a bank's inability to meet its obligations to depositors and others. In the unlikely event of a bank failure, the FDIC acts quickly to ensure depositors get prompt access to their insured deposits.”
Why It's Not Covered “…by law, deposit insurance only protects accounts if your insured banking institution fails. FDIC deposit insurance does not protect accounts from a fraud or theft online (or otherwise). However, other laws and industry practices may provide coverage from cyber theft.”
Financial Institution - My Bank Is Going to Cover My Losses, Right?
According to the FDIC, “Unauthorized access to your funds may be covered by the Electronic Funds Transfer Act and other consumer protections. If a third party somehow gains access to your account and transacts business you did not authorize, you must contact the bank as soon as you notice the loss to learn about their procedures for protecting your rights.” We have underlined consumer protections because business customers may not fall under these protections. The bank usually is not liable for monetary losses on business accounts from a failure of the customer’s security leading to theft or deception. That leaves you, the business banking customer, potentially responsible for losses when it comes to cybercrime. Even consumers can be devastated to find out that they may be responsible for falling victim for scams and fraud.
My Money - What Are Some Examples of Cyber Crime?
Example: A vendor realized that its best customer’s payment was well overdue. An investigation determined that the vendor’s email had been hacked, and an imposter had been socially engineering the client into believing that a change in bank information was authentic. In the end, the fraudster finagled almost $100,000 through this scheme.
Example: A California escrow firm’s computer system was hacked in December 2012 and January 2013. Through the hack, cybercriminals were able to wire three payments, totaling $1.5 million, to accounts in China and Russia. Only $432,215 was recovered, and the escrow company went out of business.
Example: A fax requesting a wire was sent to a bank. The bank verified the customer’s request by phone. Unfortunately, the customer’s VoIP phone had been hacked and a cyber-criminal pretending to be the customer authorized the transaction resulting in a $719,000 loss. The funds were never recovered.
How Do I Educate Myself So I Do Not Become a Victim of Cyber Crime?
- See our cybercrime resource page
Being heads up and proactive can keep your organization, and its funds, safe. Here are a few quick tips to spot “phishing” e-mail messages in your inbox. Visit TechRepublic for an expanded description of each of these tips.
- The message contains a mismatched URL
- URLs contain a misleading domain name
- The message contains poor spelling and grammar
- The message asks for personal information
- The offer seems too good to be true
- You didn't initiate the action
- You're asked to send money to cover expenses
- The message makes unrealistic threats
- The message appears to be from a government agency
- Something just doesn't look right