Recently the American Bankers Association (ABA), FDIC, Federal Reserve, and FBI have issued warnings to small and midsized businesses on security risks to online banking. There have been increasing instances of cyber criminals using malicious programs to access online accounts of small and midsized businesses. If a cyber criminal is successful in getting these programs on a company’s computer, the cyber criminal can then use them to gain access to bank accounts and fraudulently send money to their own accounts.
USA Today wrote a detailed article on a few ways this has been occurring. Here’s one method:
Cyber criminal sends an email to a business. Email looks legitimate and often is made to look as if it is coming from the IRS, Better Business Bureau, or even the businesses internal IT department.
Business user clicks on link within email, which executes malicious program to download on user’s computer without their knowledge.
Business user logs into bank. Cyber criminal’s program logs keystrokes and captures user ID and password.
With stolen user ID and password, the criminal logs into the bank as the business user. Steals money.
The USA today article offers a “Guide to Safer Online Banking” for both account holders and banks. These steps should tighten your security and decrease the risk of this crime happening to your company. An additional step that is not mentioned in the “Guide to Safer Online Banking” is for businesses to hold periodic security awareness training on topics such as these.
Have you experienced this type of cyber crime? Do you think there are more methods to protect account holders and banks? We'd love to talk.
Additional Cybersecurity Resources:
- Data Breach – It can happen to you!
- SOC for Cybersecurity: An Answer to Leadership’s Cybersecurity Responsibilities
- What companies need to know about General Data Protection Regulation (GDPR)
- Five Reasons Why Your IT Outsourcer Isn’t Keeping You Cyber Secure (and neither is your internal IT team)
- Cybersecurity: So You Think You Have A Breach
- Cybersecurity: Educate and Motivate Staff to Be Careful
- Infosecstack: Your Collection of Free Cybersecurity Resources
- Access all of our Cybersecurity Resources
The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.