Guarding Against Business Identity Theft

Guarding Against Business Identity Theft

Individuals aren’t the only targets for identity theft. Corporate, also known as commercial identity theft, saw a 46% increase last year according to the National Cybersecurity Society (NCSS). Although businesses of all sizes are at risk, small businesses are particularly vulnerable. “Small business identity theft—stealing a business’ identity to commit fraud—is big business for identity thieves,” remarks Mary Ellen Seale, CEO of NCSS.

 

She explains, “Unlike larger corporations, small businesses don’t always have the required security controls in place to detect and deter fraudulent activity, which can make them easier targets. There is also a general unawareness, among large and small businesses alike, of the magnitude of the threat and the devastating effects that business identity theft can have.”

 

Stealing an organization’s identity takes a lot less work than one might think. State laws require the public disclosure of proprietary business information in annual reports, names and addresses of key company personnel as well as the employee identification number (EIN). All of this information can be used by thieves to apply for a line of credit or loan as well as intercept business credit card information.

 

What can business owners do to help mitigate their risk?

– Educate your employees about phishing scams. Phishers aren’t just targeting your business … they are grabbing your customers, employees, partners and vendors. Make sure your employees know what red flags to look for when they receive an email that is asking for an action from them. Examples include bad grammar, mispelled words, links to unfamiliar websites and attachments.

– Don’t post sensitive company information on your website.

– Stay on top of computer security updates.

– Check your credit reports regularly.

– Follow the IRS new procedures to protect businesses. Visit https://www.irs.gov/individuals/identity-theft-guide-for-business-partnerships-and-estate-and-trusts for detailed information.

– File your company’s annual report on time and regularly check the secretary of state’s website. Keep in mind that if you operate your business in more than one state, each state may have their own due date.

 

Unfortunately, identity theft is here to stay. With the number of incidents growing each year, and financial losses piling up, it’s more important than ever for businesses to be vigilant. Do you have an anti-phishing plan for your business? Please contact us if you need assistance developing one or educating your employees about the topic.

New American Express Phishing Attack

New American Express Phishing Attack

A new form of phishing attack has recently targeted Amex cardholders and is more sophisticated than what experts have seen in the past. A phishing attack can arrive via email, text, social media message or even as a phone call and appears to be coming from someone you know (a person in your contact list or a company that you regularly interact with, such as your financial institution). According to the Identity Theft Resource Center, “the link embedded in the current American Express phishing attack comes via email and is two different parts. This way the hacker can insert malicious code into the link while also confusing the recipient’s antivirus software. Instead of warning about a harmful link, the software does not recognize it as malicious.”

 

How can you tell if an email is a phishing scam? The Amex email itself was very typical of a phishing attack – it was filled with grammatical errors including spelling and punctuation mistakes. Along with being on the lookout for language errors, here are some additional tips to keep in mind:

 

– Verify that the information is legitimate. If an email comes from your supervisor, call them and make sure. If an email comes from a company that you regularly do business with, ignore it and go directly to their website and check your account.

– Don’t click on a link or download an attachment from an email or message that you aren’t expecting.

– Double-check the sender’s address or the website address. For example, if it says, “AmazOn.com,” it is probably fake.

– Remember that caller ID is not trustworthy.

 

If you think you have received an American Express phishing email, don’t click on any of the links. The company suggests that you forward it to spoof@americanexpress.com so they can act to close down the phishing link. After the email is forwarded, delete it from your inbox.

 

Please call Guard Well Member Services at 888.966.4827 (GUARD) or email memberservices@guardwellid.com if you feel you have been a victim of identity theft. We are always available for you – 24/7/365.

 

 

Two-factor Authentication Phishing  Scam

Two-factor Authentication Phishing Scam

Have you tried to log into an account of yours, such as your insurance or financial institution, and been told to confirm your identity in order to keep your credentials safe? You then receive a code either via text or email which is required for you to enter. Also known as 2FA, this SMS multi-step process has been the trusted security step to protect your accounts … until recently.

 

Unfortunately, there is an automated phishing attack on 2FA, which utilizes two tools: Muraena and NecroBrowser. Reported by Fortune, “The two tools work together like the perfect crime duo. Think of Muraena as the clever bank robber and NecroBrowser as the getaway driver.”

 

The attack was first demonstrated at the Hack in the Box Security Conference in Amsterdam last month. A video of the presentation was posted on YouTube on June 2nd bringing renewed attention to how hackers are getting better at penetrating extra layers of security, despite people using stronger tools, like 2FA.

 

So, what do you do? Do you still want to utilize SMS-based 2FA for your accounts? For the most part, the answer is yes.

 

Think of it like this. Say you want to put a lock on your front door to protect your home. Security professionals are arguing that the best type of lock available is way better than cheaper locks. Sure, makes sense. But if that more expensive lock isn’t available to you, isn’t having a cheaper lock still better than not having a lock at all?

 

As discussed on How-to-Geek’s website, there are some people who are more likely than others to be targeted by sophisticated hackers and should avoid using this SMS-based 2FA. For example, if you’re a politician, journalist, celebrity, or business leader, you could be targeted. Also, if you’re a person with access to sensitive corporate data, such as a system administrator, or just very wealthy, SMS may be too risky.

 

But, if you’re the average person with a Gmail or Facebook account and no one has a reason to spend a bunch of time getting access to your accounts, SMS authentication is fine and you should absolutely use it rather than using nothing at all.

 

If you suspect that your login credentials have been compromised, change your passwords as quickly as possible and report the website to the FTC and/or your identity theft resolution provider.

 

Sources:

https://conference.hitb.org/

https://Howtogeek.com/

 

 

Preventing a Mortgage Closing Scam

Preventing a Mortgage Closing Scam

Searching for a new home, can be as exciting as it is stressful, tedious and time-consuming. It will likely be one of your most memorable life moments, especially for first-time buyers. So when you do find that perfect home for you, your bid is accepted and the inspection comes back great, you and your family celebrate and start down the long check-list of things to do prior to your move.

 

As that closing date approaches, unfortunately, the risk of being a victim of a phishing scam does as well. The ultimate cost could be the loss of your entire life savings and there is usually not an insurance policy that will recover your money if this happens to you.

 

The FBI has reported that scammers are increasingly taking advantage of homebuyers with very complex, sophisticated schemes with reports of mortgage fraud rising over 1,100 percent each year. There was an estimated loss of nearly $1 billion in real estate transaction costs in 2017 alone.

 

How would mortgage fraud happen to you? Mortgage fraud, a sub-category of financial institution fraud (FIF), typically starts with a phishing email that appears to be coming from a trusted professional involved in your property purchase. The email claims to be notifying you of changes to your wiring instructions or that they had made a mistake and previously discussed the wrong wiring instructions with you. Wire fraud is so prevalent that many attorneys, lenders and realtors are starting to include a warning about it in their emails. “We do not accept or request wiring instructions or changes to wiring instructions via email. Always call to verify.” But, be wary that even phone conversations may be fraudulent.

 

What can you do to prevent mortgage fraud from happening to you? Consult the Consumer Financial Protection Bureau’s Mortgage Closing Checklist. Identity two trusted individuals involved in the closing process and have multiple ways for you to contact them. Real estate professionals suggest that you create a code phrase that is only known to the trusted parties involved in the transaction in case there is a need to confirm their identities in the future. Be mindful that email is never a secure way to send financial information or closing details.

 

What if mortgage fraud happens to you? Try to ask for a wire recall with your financial institution. Being swift in reporting the crime can greatly increase the likelihood of recovering your funds. Report the fraud to your identity theft resolution provider. Lastly, file a complaint with the FBI.

 

 

Sources:

https://www.fbi.gov/investigate/white-collar-crime/mortgage-fraud

https://consumerfinance.gov

 

Photo credit:

Tierra Mallorca via Unsplash