On-line fraud is growing and can be any type of scheme that uses the Internet.
Chat rooms, email, message boards, and websites are some examples of ways that may be used to deceive prospective victims. These schemes, scams and frauds take advantage of the Internet's unique capabilities of sending messages worldwide in seconds.
Fraudulent emails, appearing to be from a trusted source such as your bank, or a government agency, direct you to websites. Once there, you are asked to verify personal information such as name, account and credit card numbers and passwords. These sites are often designed look exactly like the site they are imitating.
Identity Theft Frauds
Internet fraudsters often use identity theft as a starting point for larger crimes. In one case, criminals obtained the names and social security numbers of military personnel then used them to apply to a bank over the Internet for credit cards. In another case, stolen personal data was used to submit car loan applications online.
The Internet is a great tool for information and to conduct on-line business, as long as consumers take appropriate precautions and are aware of the possibility that someone may be trying to scam them. If it seems too good to be true, it probably is.
The consumer information links below exist to assist customers in locating information and providing guidance on how to file complaints when appropriate.Federal Trade Commission (FTC) Consumer Response Center
You can file a complaint with the FTC against a company or organization that you believe has cheated you by contacting the Consumer Response Center by phone toll free 877-FTC-HELP (382-4357). Internet Fraud Compliant Center (IFCC)
The IFCC's mission is to combat fraud committed over the Internet through a unique partnership between the National White Collar Crime Center (NW3C) and the Federal Bureau of Investigation (FBI). The IFCC website allows consumers to report Internet fraud, among other services. Consumer Fraud (DOJ/Homepage)
"Fraud" is a link on the Department of Justice's (DOJ) homepage under "Information for Individuals and Communities." FirstGov
"FirstGov" is a free-access website designed to give a centralized place to find information from local, state, and U.S. Government Agency websites. Consumers may call the toll-free number at 1-800-FED-INFO (1-800-333-4636). Consumer.gov
"Consumer.gov" is a one-stop link to a broad range of federal information resources available online. Social Security Administration
Report a Fraud: 800-269-0271 Identity Theft Resource Center
Help 9-1-1 Keep Your Family Safe
Smart911 is a free national service provided to you by your local 9-1-1 agency. By creating a Safety Profile for your household that includes the vital personal and medical information you would want response teams to have in the event of an emergency, your profile is immediately available should you have the need to dial 9-1-1. This allows call takers and first responders to assist you faster and more effectively.
Your family's profile information is completely private and secure. The details you enter on the secure and protected website are only shared with 9-1-1 dispatchers and first responders in the field, and only when you or your family members dial 9-1-1.
Create your Safety Profile or learn more at www.smart911.com.
Visit www.consumer.ftc.gov for consumer information and resources on a variety of topics such as: Money and Credit, Homes and Mortgages, Health and Fitness, Jobs and Making Money or Privacy and Identity.
Money Smart - A Financial Education Program
Financial education fosters financial stability for individuals, families, and entire communities. The more people know about credit and banking services, the more likely they are to increase savings, buy homes, and improve their financial health and well-being. The FDIC offers Money Smart - A Financial Education Program for Adults, Young Adults and/or Small Business. The curriculum is available in English and Spanish. Visit the following link to learn more: www.fdic.gov/consumers/consumer/moneysmart/index.html.
Corporate Account Takeover
What is Corporate Account Takeover?
Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. Corporate account takeover is a growing threat for small businesses. In 2011, seventy two percent of data breach cases affected businesses with 100 employees or less1. It is important that businesses understand and prepare for this risk. Cyber thieves target employees through phishing, phone calls, and even social networks. It is common for thieves to send emails posing as a bank, delivery company, court or the Better Business Bureau. Once the email is opened, malware is loaded on the computer which then records login credentials and passcodes and reports them back to the criminals.
Employee Education is Essential, but is Missing the Mark
Ninety two percent of respondents to a recent survey indicated employee education of small business employees was effective in reducing the threat of account takeover2. However, nearly 80 percent of respondents to a small business survey said they had no formal internet security policy, with almost half indicating they provide no internet safety training to employees3.
How do I protect myself and my small business?
The best way to protect against corporate account takeover is a strong partnership with your financial institution. Work with your bank to understand security measures needed within the business and to establish safeguards on the accounts that can help the bank identify and prevent unauthorized access to your funds.
A shared responsibility between the bank and the business is the most effective way to prevent corporate account takeover. Consider these tips to ensure your business is well prepared:
- Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
Industry and Law Enforcement Warning to Businesses on Business Email Compromises
Several warnings were released to raise awareness regarding an increase in phishing scams targeting businesses in an attempt to compromise their accounts. Known as Business Email Compromise, this scam is conducted by cybercriminals who compromise legitimate business email accounts to impersonate executives and conduct the unauthorized transfers of funds.
The following alerts outline the various versions of the scam, identify characteristics of the complaints received by law enforcement, and provide recommended mitigation tips:
- IC3 Releases PSA on Business Email Compromise (May 2017)
- IC3 Releases PSA on Business Email Compromise (June 2016)
- Tips for Consumers and Businesses on Ransomware Attacks
- Business Email Compromise (FBI)
- Safeguarding Your Point-of-Sale System (U.S. Secret Service and U.S. Department of Homeland Security)
- Internet Security Essentials for Business (U.S. Chamber of Commerce)
- Small Biz Cyber Planner (FCC)
- 10 Cybersecurity Strategies for Small Business tip sheet (FCC)
- Data Security Made Simpler (Better Business Bureau)
1Source: VeraCode 2011 fraud survey of small business preparedness
2FS-ISAC Account Takeover Task Force survey, 2011
3National Cyber Security Alliance Small Business Survey, 2011