January 22, 2015 - BUSINESS E-MAIL COMPROMISE
The Business E-Mail Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The BEC is a global scam with subjects and victims in many countries. The Internet Crime Complaint Center (IC3) has received BEC complaint data from victims in every U.S. state and 45 countries with losses to victims over $215 Million.
The BEC scam is linked to other forms of fraud, including but not limited to: romance, lottery, employment, and home/vacation rental scams. The victims of these scams are usually U.S. based and may be recruited as unwitting “money mules.” The mules receive the fraudulent funds in their personal accounts and are then directed by the subject to quickly transfer the funds using wire transfer services or another bank account, usually outside the U.S. Upon direction, mules may sometimes open business accounts for fake corporations both of which may be incorporated in the true name of the mule.
It is still largely unknown how victims are selected; however, the subjects monitor and study their selected victims prior to initiating the BEC scam. The subjects are able to accurately identify the individuals and protocol necessary to perform wire transfers within a specific business environment. Victims may also first receive “phishing” e-mails requesting additional details of the business or individual being targeted (name, travel dates, etc). Some victims reported being a victim of various Scareware or Ransomware cyber intrusions, immediately preceding a BEC scam request.
VERSIONS OF THE BEC SCAM
Based on the IC3 complaints and other complaint data received since 2009, there are three main versions of this scam:
A business, which often has a long standing relationship with a supplier, is asked to wire funds for invoice payment to an alternate, fraudulent account. The request may be made via telephone, facsimile or e-mail. If an e-mail is received, the subject will spoof the e-mail request so it appears very similar to a legitimate account and would take very close scrutiny to determine it was fraudulent. Likewise, if a facsimile or telephone call is received, it will closely mimic a legitimate request. This particular version has also been referred to as “The Bogus Invoice Scheme,” “The Supplier Swindle,” and “Invoice Modification Scheme.”
E-mail accounts of high-level business executives (CFO, CTO, etc.) are compromised. The account may be spoofed or hacked. A request for a wire transfer from the compromised account is made to a second employee within the company who is normally responsible for processing these requests. In some instances a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank “X” for reason “Y.” This particular version has also been referred to as “CEO Fraud,” “Business Executive Scam,” “Masquerading,” and “Financial Industry Wire Frauds.”
An employee of a business has his/her personal e-mail hacked. Requests for invoice payments to fraudster-controlled bank accounts are sent from this employee’s personal e-mail to multiple vendors identified from this employee’s contact list. The business may not become aware of the fraudulent requests until they are contacted by their vendors to follow up on the status of their invoice payment.
SUGGESTIONS FOR PROTECTION
The IC3 suggests the following measures to help protect you and your business from becoming victims of the BEC scam:
• Avoid Free Web-Based E-mail: Establish a company website domain and use it to establish company e-mail accounts in lieu of free, web-based accounts.
• Be careful what is posted to social media and company websites, especially job duties/descriptions, hierarchal information, and out of office details.
• Be suspicious of requests for secrecy or pressure to take action quickly.
• Beware of sudden changes in business practices. For example, if a current business contact suddenly asks to be contacted via their personal e-mail address when all previous official correspondence has been on a company e-mail, the request could be fraudulent. Always verify via other channels that you are still communicating with your legitimate business partner.
• Consider additional IT and Financial security procedures and 2-step verification processes.
• Out of Band Communication: Establish other communication channels, such as telephone calls, to verify significant transactions. Arrange this second-factor authentication early in the relationship and outside the e-mail environment to avoid interception by a hacker.
• Digital Signatures: Both entities on either side of transactions should use digital signatures. However, this will not work with web-based e-mail accounts. Additionally, some countries ban or limit the use of encryption.
• Delete Spam: Immediately delete unsolicited e-mail (spam) from unknown parties. Do NOT open spam e-mail, click on links in the e-mail, or open attachments. These often contain malware that will give subjects access to your computer system.
• Forward vs. Reply: Do not use the "Reply" option to respond to any business e-mails. Instead, use the "Forward" option and either type in the correct e-mail address or select it from the e-mail address book to ensure the intended recipient's correct e-mail address is used.
FILING AN IC3 COMPLAINT
If you believe your business is the recipient of a compromised e-mail or is a victim of the BEC scam (regardless of dollar amount), you should file with the Internet Crime Complaint Center. Please be as descriptive as possible, identify your complaint as "Business E-mail Compromise" or "BEC" and try to include the following information:
• Header information from e-mail messages
• Identifiers for the perpetrators such as names, e-mail addresses, websites, bank account information (especially where transfers were requested to be sent), and beneficiary names
• Details on how, why, and when you believe you were defrauded
• Actual and attempted loss amounts
• Other relevant information you believe is necessary
Complainants are also encouraged to keep all original documentation, e-mails, faxes, and logs of all telecommunications. You will not be able to add or upload attachments with your IC3 complaint; however, please retain all relevant information in the event you are contacted by law enforcement.
November 13, 2014: FBI Warning New twist to the telephone Tech Support Scam.
The FBI warns that users have received phone calls pretending to be from a major software company infoming them that their computer is sending error messages and numerous virus' have been detected. The caller convinces the user to give permission to gain remote access. The caller says the virus can be removed for a fee and may use intimidation tactics such as threat to black list or block access if fees are not paid. In a new twist the scam is implemented while browsing Internet websites and links to popular topics. Users are then redirected to a fraudulent site that advises that the computer has been hacked. Another window is displayed with telehone numbers to call for assistance. Upon calling the number the users computer is hijacked.
For more information about Internet scams please visit the FBI Cyber division website at www.ic3.gov.
November 11, 2014: Microsoft Security Update: Please be aware that Microsoft issued security updates for Windows and Microsoft Internet Explorer. Microsoft's update addresses new vulnerabilities and is rated as a Critical Update. Our Online Banking systems may not be assessible from computers that do not utilize a current operating system and browser software. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. For customers who do not have automatic updating enabled, Microsoft website provides assistance.
October 15, 2014: You may be hearing about the Sandworm vulnerability in the news. As with any security issue, your security is our top priority. Our Online Banking is not impacted by this issue; and has been proactively patched with the Microsoft patch as a security best practice. We recommend that clients also keep their computers protected with current versions of software and security updates as they are released.
October 7, 2014: Our website address has changed from www.coronadofirst.com to www.sandiegoprivatebank.net.
If you have personal links or shortcuts, please delete them and add new links using our new address.
You may login to personal Online Banking or Business Banking from the top-right corner of our website.
September 12, 2014: We have received reports of a scam initiated on cellular phones. Customers report receiving phone calls that appear to be automated messages from large national banks. The message informs customers that their credit or debit card has been blocked. The message instructs them to go to a personal link, or press a number to unblock the card. This is a typical phishing scam to try to obtain personal information from you or install malware on your phone. Do not respond to a text message from a financial institution asking for your personal information. Always call the bank's publicly listed phone number for assistance.
August 28, 2014: We take security threats very seriously and prioritize the security of your account information and log in credentials. You may have heard about the recent cyber-attack against Banks or about the earlier theft of 1.2 billion user name and password credentials by a Russian crime ring. Our online banking vendor has strong security measures in place to prevent our vulnerability to this attack.
July 11, 2014: We have enhanced Bill Payment Service to show a better view of your Payees and Payee Options. You can easily see if the Payee has an in-process payment, pending payment, or the last payment made to the Payee. When viewing past payment details you will now see the check cleared date and be able to view an image of the cleared check. Note, this is only for Payees who receive a check, not electronic payment.
July 8, 2014: Microsoft Security Update: Please be aware that on Tuesday, July 8, Microsoft issued security updates for Windows and Microsoft Internet Explorer. Microsoft's update addresses 29 vulnerabilities and is rated as a Critical Update for versions: IE6, IE7, IE8, IE9, IE10, and IE11 on affected Windows Servers. The most severe of these vulnerabilities allows an attacker to gain remote access to a user's computer by luring visitors to a specially crafted webpage.
Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. For customers who do not have automatic updating enabled, Microsoft Security Bulletin MS14-037 provides assistance.
For more information about these vulnerabilities you can view the Microsoft Security Bulletin here: https://technet.microsoft.com/library/security/ms14-037.
June 18, 2014 IMPORTANT NOTICE – SMART PHONE AND PC SECURITY MALWARE THREAT: Spveng and Dyreza
We take security issues very seriously and understand that you do too, San Diego Private Bank recommends end users employ security best practices to proactively mitigate this threat including:
• Installing an antivirus app and keeping it updated
• Avoiding installing Android apps from third-party websites or unreliable sources
• Reading the permissions requested by every application before installing
• Performing regular backup of data stored in Android devices
• Protecting devices with a password
• Not viewing or sharing personal information over a public Wi-Fi network
Additional information about Svpeng and Dyreza:
What is Dyreza?
Dyreza or "Dyre" is a new family of malware that targets Online Banking users and redirects traffic to malicious servers. Dyreza is spread through spam e-mail messages such as "Your FEDTAX payment ID[random number]" and "RE:Invoice # [random number]." These messages contain a ".zip" file often hosted on legitimate domains to minimize suspicion. Opening this file infects the computer with malware. Using a technique called "browser hooking" Dyreza views unencrypted web traffic in the Chrome, Firefox and Internet Explorer browsers, and captures an enduser's credentials by sending the user to malicious servers, while the end user thinks they are securely connected to their financial institution's legitimate website.
Is my Phone vulnerable to Svpeng and Dyreza?
iPhones and Android devices use different operating sytems. Svpeng specifically targets the Android operating system. Dyreza does not target mobile devices; it exploits Chrome, Firefox and Internet Explorer browsers.
What is Svpeng?
Svpeng is a new malicious malware, ransomware app for Android devices. Svpeng searches for specific mobile banking apps on the device, then locks the device and demands money to unlock it. In the U.S., Svpeng breaks into a mobile device thourgh a social engineering campaign using text messages.
Svpeng capabilities include:
• Spoofing legitimate banking applications
• Stealing personal banking information
• Capturing user input, including passwords
• Sending SMS messages to permium numbers without user's knowledge resulting in charges
• Sending SMS messages
• Stealing contact information and pictures
• Tracking user location
FDIC CONSUMER NEWS! The FDIC Consumer Quarterly Newsletter is now available. You can get a copy at our offices or at www.fdic.gov/consumernews
Online Banking includes a secure multi-layer log in. You may be prompted to enter a one-time verification code if using a pc that is not recognized. To enable your phone to receive one-time verification codes via voice message or text, click on the ""My Settings"" button at the top of the page in online banking. For the best security protection we suggest that you always use both your phone and your password. If you opt to enroll your computer, we recommend that you do so only on computers that you personally own and that have the latest updates and virus protection software installed on them.