Help Protect Your Firm and Clients from Cyber Fraud
|
|
- John Hudson
- 7 years ago
- Views:
Transcription
1 One Step Ahead: Help Protect Your Firm and Clients from Cyber Fraud Actions for advisors and investors to consider In Brief: Threats grow more sophisticated: Just as technology advances, so do the tools cyber criminals use to steal from clients. Wire fraud, identity theft, and scams especially phishing currently threaten data security for broker-dealers and financial advisors and are growing in number and sophistication. An estimated 5% of U.S. adults fall victim to these crimes every year. 1 Advisors have required responsibilities: Many financial services firms are required to implement an Identity Theft Protection Plan (ITPP) under Regulation S-ID. Those not required to do so may wish to consider implementing an ITPP as a best practice and consider all applicable state laws. Inside, you will find details about: How threats to data security are intensifying Responsibilities of financial advisors Actions for advisors to consider to protect their firm Ways to educate your clients using the sample resources presented in this guide Be vigilant in educating and protecting: As part of their general fiduciary responsibility to customers, firms and their advisors should remain vigilant for signs of fraud and consider proactively warning investors of threats, educating them on how they can protect themselves. 1 Mary Jo White, SEC Open Meeting, 4/10/13,
2 Threats to Data Security Intensify Every hour, technology continues to evolve, changing the way we lead our lives. Unfortunately, cyber criminals are evolving just as fast, developing new ways to separate people from their assets. While the most common tactics used to compromise a victim s identity or login credentials are long-time nemeses such as malware, phishing, and social engineering, they are growing increasingly difficult to spot. The end game with these tactics is, of course, criminal. After gaining access to an investor s personal information, cyber criminals can use it to commit various types of fraud, including: Fraudulent trading Electronic funds transfer (EFT) fraud Wire fraud Establishing fraudulent accounts Common ways in which identity and login credentials are stolen Malware. Using malicious software (hence, the prefix mal in malware), criminals gain access to private computer systems (e.g., home computer) and gather sensitive personal information such as Social Security numbers, account numbers, passwords, and more. How it works: While malware can be inserted into a victim s computer by various means, it often slips in when an unwary user clicks an unfamiliar link or opens an infected . Phishing. In this ruse, the criminals attempt to acquire sensitive personal information via . Phishing is one of the most common tactics observed in the financial services industry. How it works: Masquerading as an entity with which the victim already has a financial relationship (e.g., a bank, credit card company, brokerage company, or other financial services firm), the criminals solicit sensitive personal data from unwitting recipients. Social engineering. Via social media and other electronic media, criminals gain the trust of victims over time, manipulating them into divulging confidential information. How it works: Typically, these scammers leverage something they know about the person like their address or phone number to gain their confidence and get them to provide more personal information, which can be used to assist in committing fraud. Social engineering has increased dramatically, and many times fraudsters are contacting investors by telephone. Recent trends in criminal activity William R. French, vice president of Customer Protection and Financial Intelligence at Fidelity Investments, has been focusing primarily on information security and risk management matters for more than 25 years. Mr. French is a Certified Fraud Examiner (CFE) and an active participant in the National Cyber-Forensics & Training Alliance, an FBI cyber unit based in Pittsburgh. With this industry-wide perspective, French has observed specific trends in cyber criminal activity that take place after a criminal has secured sensitive personal information from his or her victim: On the rise: fraudulent trading Imagine having your assets traded on the stock exchange without your knowledge or permission. That s one form of fraudulent trading the intentional misuse of business information or technology by an individual or entity to steal money or assets from another individual or entity. Fraudulent trading typically occurs when an investor s login credentials for his or her brokerage account are compromised. Fraudulent trading isn t an isolated problem, French warns. When financial services firms identify high levels of potentially fraudulent trading activity in a particular stock, they share that information with regulators and other firms so that everyone can be on alert. 2
3 On the rise: EFT fraud via prepaid bank cards Criminals abuse of traditional credit and debit cards for fraudulent EFTs has long been an issue. However, financial institutions are periodically seeing the use of prepaid bank cards to facilitate fraud. There are legitimate banking institutions issuing prepaid bank cards to customers for legitimate reasons, says French. However, the increased use of prepaid bank cards by consumers offers perpetrators another vehicle through which they can move fraudulently disbursed funds. EFT fraud traditionally involves getting into a customer s account using their login credentials, establishing bank money movement instructions online, and then moving money out of the account through a series of EFT disbursements after a pre-note period of seven to 10 days. A pre-note period is the hold period before newly established EFT instructions can be used to move money. (Note: Pursuant to regulations stemming from the Dodd- Frank legislation, the pre-note period is expected to be shortened to three banking days, effective September 19, 2014.) However, instead of moving the money out of the customer s accounts and into what would be considered a more traditional bank account, criminals are now moving the funds to prepaid bank accounts. On a comeback: wire fraud While wire fraud has been around much longer than some of today s emerging data security threats, it s experiencing a resurgence. The most common scenario involves fraudulent money transfers by phone or electronically. Typically, an individual s account has been compromised for a fraudster to gain access to one s personal information. Unfortunately, the number of these incidents in the securities industry has risen more than tenfold over the past decade and by more than 60% just since 2011, according to the Treasury Department s Financial Crimes Enforcement Network (FinCen). 2 Of particular concern to advisors: they may be held personally liable for a wire transfer that turns out to be fraudulent if they failed to follow the proper procedures, which often includes calling the client to verify the transaction before initiating it. Advisors should consult their legal and compliance department to help ensure that they have proper procedures in place. On the rise: establishing fraudulent accounts Establishing a fraudulent account is a more sophisticated criminal technique but one that is nonetheless popping up more and more. French points to two emerging trends in fraudulent accounts: Fraudulent accounts in your clients names. First, the criminal establishes a fraudulent account in a client s name. The fraudster transfers assets from the client s legitimate account to the fraudulent account, and then quickly moves the money out of the fraudulent account. Multiple client distributions into a fraudulent third-party account. In many cases, wire or EFT instructions are used to process repetitive distributions from multiple client accounts. The wire or EFT instructions are altered to make transactions initiated by an unauthorized third party appear as though they have been made by an authorized party. This gives the appearance that the processed wire transfer or EFT is being paid into an account controlled by the beneficial owners of the distributing account, French explains. In reality, the receiving account is controlled by the perpetrator of the misappropriation. 2 Wire Fraud Is on the Rise, by Matthias Rieker, the Wall Street Journal, 10/12/13. 3
4 Phishing techniques: improving and abetting wire and EFT fraud One particularly scary trend is that phishing techniques, which once had telltale signs, are becoming vastly more sophisticated. Phishing s used to be fairly easy to spot, says French. Most phishing s were filled with typographical and grammatical errors, inaccuracies, or requests for information. Almost always, they also included an urgent request for immediate action. Lately, however, the financial services industry has seen an uptick in a vastly improved type of phishing scheme designed to capture the login credentials for accounts, which gives the perpetrators a gateway to their victims personal and business information. These criminals are skilled at identifying custodial financial relationships and mining saved s for critical information about account holdings, available cash, and money movement opportunities, says French. This information is then used to initiate illicit wire transfers and EFTs. The perpetrators impersonate legitimate customers on phone calls to determine when funds will be disbursed and quickly withdraw them before the customers or their financial firms become aware of what s happening. In some cases, says French, the criminals also modify victims account settings to divert legitimate s from their financial services providers into spam folders, providing additional time for the criminals to cover their tracks. Often, a request for a fraudulent transfer is accompanied by a request that the customer be contacted only through . While it s natural for advisors to want to go above and beyond for their clients, limiting communication to is why these scams are so effective, explains French. may very well be a common method of communication, but advisors really may not want to rely on it for high-risk transactions. Responsibilities of Financial Advisors Given the evolving, serious threats discussed, some financial advisors have federally mandated responsibilities, in addition to applicable state laws, to protect clients: The red flags rule: The identity theft red flags rule, known as Regulation S-ID, was issued jointly by the SEC and the U.S. Commodities Futures Trading Commission (CFTC) and became effective in The new rule requires any SEC or CFTCregistered financial entity that directly or indirectly holds transaction accounts for its clients to develop and implement an Identity Theft Protection Program (ITPP). What does it mean? By November 20, 2013, all advisors, broker-dealers, and other financial institutions (as defined by the regulations) were required to be in compliance by developing and implementing an identity theft protection program consisting of reasonable, board-approved compliance policies and supporting procedures to prevent, detect, and respond to any possible identity theft situations. While Fidelity encourages all advisors, as part of their fiduciary responsibility, to remain vigilant for signs of fraud, we suggest that you consult your legal and compliance department to gain a full understanding of the rules and regulations that apply to your firm, especially because current data protection and data breach notification laws vary from state to state. Cybersecurity: an SEC exam priority On April 15, 2014, the SEC s Office of Compliance Inspections and Examinations (OCIE) announced an initiative to conduct examinations of more than 50 investment advisors and broker-dealers, focusing on areas related to cybersecurity. As part of the Risk Alert announcement, the SEC provided a detailed list of questions to help all firms (regardless of whether they will be audited) assess their level of cybersecurity preparedness. You may read the full alert and access a copy of the detailed document list at SEC: OCIE Cybersecurity Initiative. 4
5 Actions for Firms & Their Advisors to Consider Technologies are constantly evolving including those used by criminals. Ask yourself: Are your security policies and procedures keeping up? Consider the following precautionary measures to help combat the growing threat of data security compromises: Ways to learn more about Regulation S-ID, Identity Theft Red Flags Rules Federal Trade Commission: Identity Theft Red Flags Rule SEC: Identity Theft Red Flags Rules FINRA: Customer Information Protection, Red Flags Rule Educate customers on proper third-party wire requests. Help clients understand the right practices involved in wire transactions for their good and yours. For example, faxes, voice mail messages, and s should not be used to verify wire transactions. Customer education and awareness about your third-party wire requests may help make these types of moneymovement controls more acceptable to your clients and actually encourages them to play an active role in protecting their personal information and assets. Limit home office employee access to sensitive client data to secure networks and devices. For example, public computers in locations like hotels or cybercafés have unknown virus protection and are highly susceptible to attacks; they should not be used to access confidential firm or client data. Establish, and regularly update, an employee education program on cybersecurity. Use this program to keep all firm personnel abreast of the latest trends in cybersecurity and firm policies and procedures. You may also want to make cybersecurity a regular agenda topic for team meetings and have a plan in place to train new employees. Make sure user IDs and passwords are kept current. Delete the login credentials of former employees, and periodically review the levels of access granted to current employees. As a further level of protection, consider making it a policy to regularly reset employee passwords. Don t give broad-based entitlement to anyone who doesn t need it. Limit authorizations to move money. Be careful whom in your organization you authorize to issue money movements and consider keeping this number limited. Know the security level on each of your systems. Make sure your use is appropriate for the level of security available. Maximize your system s security tools to identify suspect transactions ASAP. If a transaction is unusual or not typical for a customer s historical profile, you should immediately contact the client to verify the transaction. Review client account balances and transactions at least monthly. If you see transactions that are unusual or atypical for a client s historical profile, that should trigger an immediate phone call to the client to verify the transaction. Also, be sure to review any account profile changes. If anything seems unusual, verify the changes directly with the client. Keep the most up-to-date antivirus and antispyware software on all devices (PCs, laptops, tablets, smartphones). Consider setting antivirus software to run regularly, which could help detect viruses on the machine, as well as the presence of keystroke capture malware. Simply running a periodic virus scan may not offer protection between scans. 5
6 Proactively prepare for a compromise Security compromises can occur despite the best efforts of all involved. Consider taking these proactive measures to prepare your firm for a potential problem from outside criminals or employees within your firm: Create a detailed set of written procedures for reacting to fraud. This includes steps to take internally, as well as any client communications. Your procedures should also include the after-hours escalation processes through any financial institutions you work with. Identify a point person responsible for carrying out the procedures. This person should be well versed in the procedures and able to escalate them in a timely manner when fraud occurs. Timely escalations are critical to any success you may have in recovering fraudulently disbursed funds. Train your team. Conduct internal training to ensure that all professionals in your organization understand what needs to happen if an incident occurs. Familiarize yourself with all available resources. Take stock of the types of resources available through the financial institutions and third-party vendors you work with to protect your firm and your clients against cyber fraud. 6
7 Educating Your Clients While you may be taking all the necessary steps to protect your firm from cyber fraud, we encourage you to consider developing an ongoing communications program to help your clients better understand the ways they can protect themselves from cyber threats. The sample resources that follow are intended to help you deliver your message effectively. On this and the following pages, you ll find: A sample cyber fraud client communications plan A sample client letter you can consider and customize to your unique needs An investor protection checklist to aid client awareness of action items across six important areas SIX WAYS CLIENTS MAY BE ABLE TO HELP PROTECT THEMSELVES AGAINST CYBER FRAUD 6 SAFEGUARD YOUR FINANCIAL ACCOUNTS 5 PROTECT YOUR ACCOUNTS 1 MANAGE YOUR DEVICES 2 PROTECT ALL PASSWORDS 4 3 SURF THE WEB SAFELY PROTECT INFORMATION ON SOCIAL NETWORKS SAMPLE CYBER FRAUD CLIENT COMMUNICATIONS PLAN TIMING AUDIENCE SUGGESTED STEPS TO CONSIDER Immediately All clients Send customized copies of the client letter and investor protection checklist, found at the back of this guide, to all clients. Consider a proactive phone outreach to clients you feel could benefit from a conversation about the checklist items. Ongoing All clients During your annual review meetings, remind all clients of the importance of protecting their personal information. Allow time in your discussion to answer any questions they may have, and give them another copy of the checklist as a reminder. Communicate new developments or best practices to your clients when you learn of them. Onboarding New clients When onboarding new clients, provide them with a copy of the investor protection checklist and client letter. 7
8 Sample Client Letter Based on your clients specific needs, consider incorporating the points in this sample letter into your client communications. Dear [Insert Client Name]: Keeping your information secure from criminals is a top priority for our firm. To better protect you and your accounts from cybersecurity threats, we continuously review security procedures to ensure that we are following best practices recommended by the custodians, financial institutions, and industry experts with whom we work. While we feel we are taking clear and actionable steps in our own firm s security measures, cyber fraud continues to escalate, is becoming more sophisticated, and is ever changing. These threats take various forms, including scams (e.g., phishing), where criminals obtain investors identity and use that information to commit various forms of wire fraud. The attachment to this letter describes these phishing scams and other tactics that we believe investors should be aware of. We are encouraging our clients to embrace a series of measures to help protect their identity and mitigate potential security risks. The attached investor protection checklist outlines some best practices for investors across six key areas to help you: Manage your devices Protect all passwords Surf the Web safely Protect information on social networks Protect your accounts Safeguard your financial accounts Please carefully review this checklist with all members of your household. We also ask that you do the following: If you change a current address, notify us so that we can update our records. If you suspect that your account has been compromised, call us immediately. If you suspect that your account has been compromised, call us immediately. Do not hesitate to contact us with questions or concerns about how we protect your accounts or the steps you and your family can take to better protect yourselves and mitigate risk. As always, we appreciate the opportunity to help you achieve your financial goals. Sincerely, [Insert Advisor Name] 8
9 Attachment: Common tactics used to steal identity and login credentials Some of the most common tactics criminals use to compromise a victim s identity or login credentials are described below. After gaining access to an investor s personal information, criminals can use it to commit various types of fraudulent activity. The action items presented in the investor protection checklist are intended to help you and your family better protect yourselves against such activity. Malware. Using malicious software (hence, the prefix mal in malware), criminals gain access to private computer systems (e.g., home computer) and gather sensitive personal information such as Social Security numbers, account numbers, passwords, and more. How it works: While malware can be inserted into a victim s computer by various means, it often slips in when an unwary user clicks an unfamiliar link or opens an infected . Phishing. In this ruse, the criminals attempt to acquire sensitive personal information via . Phishing is one of the most common tactics observed in the financial services industry. How it works: Masquerading as an entity with which the victim already has a financial relationship (e.g., a bank, credit card company, brokerage company, or other financial services firm), the criminals solicit sensitive personal data from unwitting recipients. Social engineering. Via social media and other electronic media, criminals gain the trust of victims over time, manipulating them into divulging confidential information. How it works: Typically, these scammers leverage something they know about the person like their address or phone number to gain their confidence and get them to provide more personal information, which can be used to assist the criminal in committing fraud. Social engineering has increased dramatically, and many times fraudsters are contacting investors by telephone. 9
10 Investor Protection Checklist The educational checklist presented below is designed to help you take appropriate action to better protect you and your family and mitigate risk of cyber fraud. Carefully review the items in each of the categories below to determine which apply to your unique situation. TOPICAL AREA ACTIONS TO CONSIDER CHECK WHEN COMPLETED Manage your devices Protect all passwords Surf the Web safely Protect information on social networks Protect your accounts Safeguard your financial accounts Install the most up-to-date antivirus and antispyware programs on all devices (PCs, laptops, tablets, smartphones) and update these software programs as they become available. These programs are most effective when users set them to run regularly rather than just running periodic scans, which may not provide maximum protection to your device. Access sensitive data only through a secure location or device; never access confidential personal data via a public computer, such as in a hotel or cybercafé. If you have children, set up a separate computer they can use for games and other online activities. Use a personalized custom identifier for financial accounts you access online. Never use your Social Security number in any part of your login activity. Regularly reset your passwords, including those for your accounts. Avoid using common passwords across a range of financial relationships. Avoid storing passwords in folders. Consider using a password manager program. Do not connect to the Internet via unsecured or unknown wireless networks, such as those in public locations like hotels or cybercafés. These networks may lack virus protection, are highly susceptible to attacks, and should never be used to access confidential personal data. Limit the amount of personal information you post on social networking sites. Never post your Social Security number (even the last four digits). Consider keeping your birthdate, home address, and home phone number confidential. We also discourage clients from posting announcements about births, children s birthdays, or loss of loved ones. Sharing too much information can make you susceptible to fraudsters and allow them to quickly pass a variety of tests related to the authentication of your personal information. Never underestimate the public sources that individuals will use to learn critical facts about people. Delete any s that include detailed financial information beyond the time that it s needed. In addition, continuously assess whether you even need to store any personal and financial information in an account. Use secure data storage programs to archive critical data and documents. Review unsolicited s carefully. Never click links in unsolicited s or in pop-up ads, especially those that warn that your computer is infected with a virus and request that you take immediate action. Establish separate accounts for personal correspondence and financial transactions. Review all your credit card and financial statements as soon as they arrive or become available online. If any transaction looks suspicious, immediately contact the financial institution where the account is held. Never send account information or personally identifiable information over , chat, or any other unsecure channel. Suspiciously review any unsolicited requesting personal information. Further, never respond to an information request by clicking a link in an . Instead, type the Web site s URL into the browser yourself. Avoid developing any online patterns of money movement, such as wires, that cyber criminals could replicate to make money movement patterns appear more legitimate. o I ve reviewed and understand all the items in this topical area. o I ve taken action for those that apply to my situation. o I ve reviewed and understand all the items in this topical area. o I ve taken action for those that apply to my situation. o I ve reviewed and understand all the items in this topical area. o I ve taken action for those that apply to my situation. o I ve reviewed and understand all the items in this topical area. o I ve taken action for those that apply to my situation. o I ve reviewed and understand all the items in this topical area. o I ve taken action for those that apply to my situation. o I ve reviewed and understand all the items in this topical area. o I ve taken action for those that apply to my situation. 10
11 11
12 NATIONAL FINANCIAL 200 SEAPORT BOULEVARD BOSTON, MA For more information, please contact your Fidelity Relationship Manager. For Broker-Dealer Use Only. Not for distribution to the public. The information contained herein is as of the date of its publication unless otherwise noted, is subject to change, and is general in nature. Such information is provided for informational purposes only and should not be considered legal, tax, or compliance advice. Fidelity does not provide legal, tax, or compliance advice. Fidelity cannot guarantee that such information is accurate, complete, or timely. Federal and state laws and regulations are complex and are subject to change. Laws of a specific state or laws that may be applicable to a particular situation may affect the applicability, accuracy, or completeness of this information. This information is not individualized; is not intended to serve as the primary or sole basis for your decisions, as there may be other factors you should consider; and may not be inclusive of everything that a firm should consider in this type of planning decision. Some of the concepts may not be applicable to all firms. Always consult an attorney, tax professional, or compliance advisor regarding your specific legal or tax situation. Third-party marks are the property of their respective owners; all other marks are the property of FMR LLC. National Financial Services LLC, Member NYSE, SIPC FMR LLC. All rights reserved
Protecting Your Firm from Data Security Threats
Data Security March 2014 Protecting Your Firm from Data Security Threats Recent headlines are a stark reminder that all kinds of enterprises are vulnerable to security breaches. Broker dealers and financial
More informationBest Practices: Reducing the Risks of Corporate Account Takeovers
Best Practices: Reducing the Risks of Corporate Account Takeovers California Department of Financial Institutions September 2012 INTRODUCTION A state led cooperative effort, including the United States
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationProtecting your business from fraud
Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.
More informationOnline Cash Manager Security Guide
Online Cash Manager Security Guide You re the One who can protect your business from the threat of a Corporate Account Takeover. 102 South Clinton Street Iowa City, IA 52240 1-800-247-4418 Version 1.0
More informationRetail/Consumer Client. Internet Banking Awareness and Education Program
Retail/Consumer Client Internet Banking Awareness and Education Program Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 E-mail Risk... 3 Internet
More information1. Any email requesting personal information, or asking you to verify an account, is usually a scam... even if it looks authentic.
Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone who can potentially harm your good name and financial well-being. Identity theft
More informationPayment Fraud and Risk Management
Payment Fraud and Risk Management Act Today! 1. Help protect your computer against viruses and spyware by using anti-virus and anti-spyware software and automatic updates. Scan your computer regularly
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationCorporate Account Take Over (CATO) Guide
Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,
More informationFrom Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense
1 of 5 11/17/2014 4:14 PM 800.268.2440 From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense Share This Every other week it seems like there is another secure data breach
More informationCyber Security. Securing Your Mobile and Online Banking Transactions
Cyber Security Securing Your Mobile and Online Banking Transactions For additional copies or to download this document, please visit: http://msisac.cisecurity.org/resources/guides 2014 Center for Internet
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationInformation Security Field Guide to Identifying Phishing and Scams
Information Security Field Guide to Identifying Phishing and Scams 010001010100101010001010011010101010101010101 01000101010011010010100101001010 1 Contents Introduction Phishing Spear Phishing Scams Reporting
More informationBusiness Identity Fraud Prevention Checklist
Business Identity Fraud Prevention Checklist 9 Critical Things Every Business Owner Should Do Business identity thieves and fraudsters are clever and determined, and can quickly take advantage of business
More informationCybersecurity Risks, Regulation, Remorse, and Ruin
Financial Planning Association of Michigan 2014 Fall Symposium Cybersecurity Risks, Regulation, Remorse, and Ruin Shane B. Hansen shansen@wnj.com (616) 752-2145 October 23, 2014 Copyright 2014 Warner Norcross
More informationOCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875
OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationDon t Fall Victim to Cybercrime:
Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security
More informationONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS
$ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security
More informationTax Fraud and Identity Theft Frequently Asked Questions [Updated February 10, 2015] 4. WHAT CAN I DO TO PROTECT MYSELF FROM TAX FRAUD IN THE FUTURE?
1. WHAT HAPPENED (2015 UPDATE)? Tax Fraud and Identity Theft Frequently Asked Questions [Updated February 10, 2015] 2. WHAT IS THE ARCHDIOCESE DOING ABOUT THIS? 3. WHAT WERE THE RESULTS OF THE INVESTIGATIONS?
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationIdentity Theft Protection
Identity Theft Protection Email Home EDUCATION on DANGER ZONES Internet Payments Telephone ID theft occurs when someone uses your personal information with out your knowledge to commit fraud. Some terms
More informationContents Security Centre
Contents Security Centre... 1 1. Search Engines... 2 2. Online Applications... 2 3. Virgin Money Credit Card Online Banking Security Measures... 2 3.1 Access Number, PIN and Password... 2 3.2 Keypad...
More informationLearn to protect yourself from Identity Theft. First National Bank can help.
Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone
More informationOnline Cash Management Security: Beyond the User Login
Online Cash Management Security: Beyond the User Login Sonya Crites, CTP, SunTrust Anita Stevenson-Patterson, CTP, Manheim February 28, 2008 Agenda Industry Trends Government Regulations Payment Fraud
More informationDefense Media Activity Guide To Keeping Your Social Media Accounts Secure
Guide To Keeping Your Social Media Accounts Secure Social media is an integral part of the strategic communications and public affairs missions of the Department of Defense. Like any asset, it is something
More informationBest Practices Guide to Electronic Banking
Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have
More informationAvoid completing forms in email messages that ask for personal financial information.
INTERNET FRAUD Online scams and viruses are constantly evolving and they threaten the security of computers worldwide. As criminals evolve their tactics, you need to keep your PC's security software (virus
More informationecommercial SAT ecommercial Security Awareness Training Version 3.0
ecommercial SAT ecommercial Security Awareness Training Version 3.0 Welcome The goal of this training course is to provide you with the information needed to assist in keeping your online banking account
More informationPROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
More informationProtect yourself online
Protect yourself online Advice from Nottinghamshire Police s Pre Crime Unit Get daily updates: www.nottinghamshire.police.uk www.twitter.com/nottspolice www.facebook.com/nottspolice www.youtube.com/nottinghampolice
More informationFrequently Asked Questions [Updated January 20, 2015]
Frequently Asked Questions [Updated January 20, 2015] Some information in these FAQs has been provided to the Archdiocese of Portland in Oregon by the Internal Revenue Service. Note: Given the immediate
More informationDesktop and Laptop Security Policy
Desktop and Laptop Security Policy Appendix A Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious
More informationRemote Deposit Quick Start Guide
Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you
More informationOIG Fraud Alert Phishing
U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION Washington, D.C. 20507 Office of Inspector General Aletha L. Brown Inspector General July 22, 2005 OIG Fraud Alert Phishing What is Phishing? Phishing is a
More informationIDENTITY THEFT: MINIMIZING YOUR RISK
IDENTITY THEFT: MINIMIZING YOUR RISK What is Identity Theft? Identity theft occurs when someone uses another person s information to commit fraud or other crimes. Information such as your name, Social
More informationBad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May 2014. TrustInAds.org. Keeping people safe from bad online ads
Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams May 2014 TrustInAds.org Keeping people safe from bad online ads OVERVIEW Today, even the most tech savvy individuals can find themselves
More informationDEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000
DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 CHIEF INFORMATION OFFICER October 1, 2015 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF
More informationCYBERSECURITY EXAMINATION SWEEP SUMMARY
This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,
More informationSecurity Bank of California Internet Banking Security Awareness
Security Bank of California Internet Banking Security Awareness INTRODUCTION Fraudsters are using increasingly sophisticated and malicious techniques to thwart existing authentication controls and gain
More informationDesigning an Identity Theft Prevention Program
The Federal Trade Commission has indicated that mortgage brokers are covered by the Red Flags Rule and must design identity theft prevention programs to comply with the law. The FTC has published a How-To
More informationProtect Yourself. Who is asking? What information are they asking for? Why do they need it?
Protect Yourself Your home computer serves many purposes: email, shopping, social networking and more. As you surf the Internet, you should be aware of the various ways to protect yourself. Of primary
More informationIdentity Theft Awareness: Don t Fall Victim to these Common Scams
Identity Theft Awareness: Don t Fall Victim to these Common Scams We want you to understand what identity theft is, how it happens, and how to protect yourself. Please read and familiarize yourself with
More informationCard Not Present Fraud Webinar Transcript
Card Not Present Fraud Webinar Transcript All right let s go ahead and get things started, and to do that, I d like to turn it over to Fae Ghormley. Fae? Thank you for giving us this opportunity to share
More informationPhishing for Fraud: Don't Let your Company Get Hooked!
Phishing for Fraud: Don't Let your Company Get Hooked! March 2009 Approved for 1 CTP/CCM recertification credit by the Association for Financial Professionals 1 Today s Speakers: Joe Potuzak is Senior
More informationEveryone s online, but not everyone s secure. It s up to you to make sure that your family is.
TrendLabs Everyone s online, but not everyone s secure. It s up to you to make sure that your family is. We live out our digital lives on the Internet. There, communication is quicker and easier, and our
More informationSection 5 Identify Theft Red Flags and Address Discrepancy Procedures Index
Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...
More informationIdentity Protection Guide. The more you know, the better you can protect yourself.
Identity Protection Guide The more you know, the better you can protect yourself. Be Aware According to a 2012 report, identity theft is one of the fastest growing crimes in America 1 and it can have serious
More informationSupplement to Authentication in an Internet Banking Environment
Federal Financial Institutions Examination Council 3501 Fairfax Drive Room B7081a Arlington, VA 22226-3550 (703) 516-5588 FAX (703) 562-6446 http://www.ffiec.gov Purpose Supplement to Authentication in
More informationUW-Madison. Tips to Avoid Phishing Scams
UW-Madison Tips to Avoid Phishing Scams What is phishing? Phishing is the use of fraudulent email, websites, text messages and phone calls to trick people into disclosing personal financial or identity
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationPROTECT YOUR FINANCIAL TRANSACTIONS
PROTECT YOUR FINANCIAL TRANSACTIONS Caisses populaires acadiennes www.acadie.com/en It s a wealth of ways to strengthen the security of your financial transactions. By implementing simple measures to mitigate
More informationCybersecurity: Is Your Company Prepared?
Treasury and Trade Solutions April 29, 2015 Cybersecurity: Is Your Company Prepared? Sabine Mcintosh Managing Director Global Head of TTS Digital Security and Account Services sabine.mcintosh@citi.com
More informationUnderstand What s Going On
Internet Safety Tips For Dummies In This Book Recognizing how online risks occur Staying safer with technology Taking care with shared photos Understanding how crooks collect information Reporting fraud
More informationWhat are the common online dangers?
ONLINE SECURITY GUIDELINES Internet Banking is convenient and times saving. You can do remittances, place online deposit and other transactions through online banking with the convenience and privacy of
More informationIdentity Theft, Fraud & You. Prepare. Protect. Prevent.
Prepare. Protect. Prevent. Identity Theft, Fraud & You Fraud and identity theft incidents claimed fewer victims in 2010 than in previous years. But don t get too comfortable. Average out-of-pocket consumer
More informationOCIE Technology Controls Program
OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview
More informationDON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? FREEMAN WOOD HEAD OF MERCER SENTINEL NORTH AMERICA GREGG SOMMER HEAD OF OPERATIONAL RISK ASSESSMENTS MERCER
More informationDeception scams drive increase in financial fraud
ADDRESS 2 Thomas More Square London E1W 1YN WEBSITE www.financialfraudaction.org.uk DIRECT LINE 020 3217 8436 NEWS RELEASE EMAIL press@ukcards-ffauk.org.uk Deception scams drive increase in financial fraud
More informationIdentity Theft and Online Fraud IRS Efforts to Protect Taxpayers. Privacy, Governmental Liaison and Disclosure May 9, 2012
Identity Theft and Online Fraud IRS Efforts to Protect Taxpayers Privacy, Governmental Liaison and Disclosure May 9, 2012 Today s presentation How identity theft is a threat to the taxpayer What IRS is
More informationCAPITAL PERSPECTIVES DECEMBER 2012
CAPITAL PERSPECTIVES DECEMBER 2012 MITIGATING PAYMENT FRAUD RISK: IT S A WAR ON TWO FRONTS Payment fraud continues to be one of the biggest risk management challenges facing corporate treasury managers
More informationInfocomm Sec rity is incomplete without U Be aware,
Infocomm Sec rity is incomplete without U Be aware, responsible secure! HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD [ 2 ] FASTEN
More informationDeter, Detect, Defend
Deter, Detect, Defend Deter Never provide personal information, including social security number, account numbers or passwords over the phone or Internet if you did not initiate the contact Never click
More informationEmail Expanded Header: Viewing in Microsoft Outlook
Email Expanded Header: Viewing in Microsoft Outlook Figure 1: Default Shown Header in an Outlook 2003 E-mail Message The Internet header of an e-mail message can have twenty lines or more showing all kinds
More informationlocation of optional horizontal pic Corporate and Investment Banking Business Online Information Security
location of optional horizontal pic Corporate and Investment Banking Business Online Information Security Business Online Information Security Risk reduction: Ensuring your sensitive information is secure
More informationStopping the Flow of Health Care Fraud with Technology, Data and Analytics
White Paper and New Ways to Fight It Stopping the Flow of Health Care Fraud with Technology, Data and Analytics January 2014 Health care costs are rising and everyone is being affected, including patients,
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR WHAT DO YOU NEED TO DO IF YOU SUSPECT YOUR
ONLINE IDENTITY THEFT KEEP YOURSELF SAFE FROM BESTPRACTICES 01 One must remember that everyone and anyone is a potential target. These cybercriminals and attackers often use different tactics to lure different
More informationSafety precautions for Internet banking or shopping How to avoid identity theft online
Winter 2016 A Customer s Guide to Cybersecurity To Help Prevent Online Fraud and Theft Safety precautions for Internet banking or shopping How to avoid identity theft online Protect Your Cyber Home With
More informationCorporate Account Takeover & Information Security Awareness. Customer Training
Corporate Account Takeover & Information Security Awareness Customer Training No computer system can provide absolute security under all conditions. NO SECURITY MEASURE OR LIST OF SECURITY MEASURES CAN
More informationCybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015
Cybersecurity: A Growing Concern for All Businesses RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 RLI Design Professionals is a Registered Provider with The American
More informationProtecting your business from some of the current fraud threats
Protecting your business from some of the current fraud threats This literature provides guidance on fraud prevention and is provided for information purposes only. Where noted the guidance provided has
More informationTips for Banking Online Safely
If proper attention is given to safety and security, banking and monetary activities can be completed online in a convenient and effective fashion. This guide helps to establish procedures for remaining
More informationElectronic Fraud Awareness Advisory
Electronic Fraud Awareness Advisory Indiana Bankers Association Fraud Awareness Task Force February, 2012 Electronic Fraud Awareness Advisory Purpose/Summary The Indiana Bankers Association (IBA) was involved
More informationFive Trends to Track in E-Commerce Fraud
Five Trends to Track in E-Commerce Fraud Fraud is nothing new if you re in the e-commerce business you probably have a baseline level of fraud losses due to stolen credit cards, return fraud and other
More informationPROTECT YOURSELF AND YOUR IDENTITY. Chase Identity Theft Tool Kit
PROTECT YOURSELF AND YOUR IDENTITY Chase Identity Theft Tool Kit USE THESE IMPORTANT CONTACTS TO KEEP YOURSELF PROTECTED CHASE CONTACTS Customer Protection Group Credit Cards 1-888-745-0091 Other Account
More informationYour Personal Information: Protecting it from Exploitation
Your Personal Information: Protecting it from Exploitation Data breaches involving personal information result in a broad range of risks to individuals and organizations. This includes identity theft,
More informationSecurity Best Practices for Mobile Devices
Security Best Practices for Mobile Devices Background & Introduction The following document is intended to assist your business in taking the necessary steps needed to utilize the best security practices
More informationWhen registering on a jobsite, first ensure that the site is reputable and has a physical address and landline phone number.
Job searching online has become the most popular method of finding employment. Searching for the type of job you want is fast and easy, and you can see new jobs as soon as employers / agencies post them.
More informationCommon Data Breach Threats Facing Financial Institutions
Last Updated: February 25, 2015 Common Data Breach Threats Facing Financial s Although exact figures are elusive, there is no question that the number of data security breaches both reported and unreported
More informationDON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES
More informationE Commerce and Internet Security
E Commerce and Internet Security Zachary Rosen, CFE, CIA President, ACFE Czech Republic Chapter Introduction The Internet has become a global phenomenon reshaping the way we communicate and conduct business.
More informationE-MAIL & INTERNET FRAUD
FRAUD ALERT! FRAUD ALERT! Guarding Against E-MAIL & INTERNET FRAUD What credit union members should know to counter Phishing Pharming Spyware Online fraud On-Line Fraud Is Growing E-Mail and Internet Fraud
More informationPreventing Corporate Account Takeover Fraud
Preventing Corporate Account Takeover Fraud Joe Potuzak Senior Vice President Payment Solutions Risk Manager Member FDIC 1 About Our Speaker Joe Potuzak is the Risk Manager for BB&T s Payment Solutions
More informationCovered Areas: Those EVMS departments that have activities with Covered Accounts.
I. POLICY Eastern Virginia Medical School (EVMS) establishes the following identity theft program ( Program ) to detect, identify, and mitigate identity theft in its Covered Accounts in accordance with
More informationAs a precaution, we have arranged with AllClear ID to provide identity protection services to affected clients at no cost for a period of one year.
October 1, 2015 Office of the Attorney General Attn: Security Breach Notification 200 St. Paul Place Baltimore, MD 21202 Idtheft@oag.state.md.us To Whom It May Concern: I am writing on behalf of Scottrade
More informationOnline Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts
A Guide to Protecting Your Identity and Accounts As part of SunTrust s commitment to protecting your accounts and identity, we ve created the Online Fraud & Identity Theft Guide, which provides information
More informationGeneral Security Best Practices
General Security Best Practices 1. One of the strongest physical security measures for a computer or server is a locked door. 2. Whenever you step away from your workstation, get into the habit of locking
More informationBE SAFE ONLINE: Lesson Plan
BE SAFE ONLINE: Lesson Plan Overview Danger lurks online. Web access, social media, computers, tablets and smart phones expose users to the possibility of fraud and identity theft. Learn the steps to take
More informationHelping you to protect yourself against fraud and financial crime
Helping you to protect yourself against fraud and financial crime first direct takes fraud & other financial crimes very seriously. Even though we have market-leading fraud detection systems, we want you
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationIt Could Happen To You! Attorney General Tom Reilly s. Guide to Protecting Yourself and Your Credit
Identity Theft: It Could Happen To You! Attorney General Tom Reilly s Guide to Protecting Yourself and Your Credit One Ashburton Place ~ Boston, MA 02108 ~ (617) 727-2200 www.ago.state.ma.us February 2005
More informationCybersecurity and the Threat to Your Company
Why is BIG Data Important? March 2012 1 Cybersecurity and the Threat to Your Company A Navint Partners White Paper September 2014 www.navint.com Cyber Security and the threat to your company September
More informationFrequently Asked Questions. OPM Data Breach. Department of the Navy
Frequently Asked Questions OPM Data Breach Department of the Navy 17 June 2015 (New Information Included) Table of Contents Summary... 2 Notification Update New... 2 General Information... 4 What s Next...
More informationTHE UNIVERSITY OF NORTH CAROLINA AT GREENSBORO IDENTITY THEFT PREVENTION PROGRAM
Program Adoption THE UNIVERSITY OF NORTH CAROLINA AT GREENSBORO IDENTITY THEFT PREVENTION PROGRAM As a best practice and using as a guide the Federal Trade Commission s ( FTC ) Red Flags Rule, implementing
More informationRLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses
RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright
More informationDeterring Identity Theft. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year.
Deterring Identity Theft The evolving threats of Identity Theft The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year. Identity theft complaints
More informationIdentity Theft Prevention Program
Smyth County Policy Identity Theft Prevention Program Purpose The purpose of the program is to establish an Identity Theft Prevention Program designed to detect, prevent and mitigate identity theft in
More informationRADLEY ACURA RED FLAG IDENTITY THEFT PROTECTION PROGRAM and ADDRESS DISCREPANCY PROGRAM
RADLEY ACURA RED FLAG IDENTITY THEFT PROTECTION PROGRAM and ADDRESS DISCREPANCY PROGRAM SUMMARY OF OUR PROGRAM AND PROCESSES This dealership is committed to protecting its customers and itself from identity
More information