A denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. A distributed denial-of-service (DDoS) attack is a common attack used against businesses, including financial institutions, where the attack source uses more than one, often thousands, of unique IP addresses that are targeted at the victim causing on overload of activity rendering the service unavailable.
If you experience a DDoS attack at your business, you should shift your attention to any payment systems or any recent online fund transactions you have. DDoS attacks do not involve the hacking of your business, but they are used as a distraction for other means of criminal activity that could include hacking or insider theft within your money payment systems or online banking (funds transfer and ACH) sessions. As a business, you should train your employees in the event you experience a DDoS attack, to first focus on and review all payments going in and out of your organization. You can then work with your vendor to remediate the attack against your systems.
At Central Bank, our employees and third party vendors are trained on DDoS attacks and we have systems in place to monitor and block these types of activities.
Equifax announced recently that an estimated 143 million Americans have been subject to one of the largest data breaches in U.S. history. Hackers gained accessed to files through a website application flaw from mid-May through July. Data included names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.
Don't be a victim! Please click here to be directed to an article that will help you identify and report scams. .
Business email compromise (BEC)—also called “wire transfer phishing,” “impostor phishing,” and “CEO phishing”—is a type of cyber attack comprising low-volume campaigns of highly targeted phishing emails. These campaigns focus on one or two people within an organization, asking the recipient to transfer funds or private information of value such as W2 forms directly to attackers.
Please CLICK HERE to review a diagram on how BEC works.
Tips to Prevent BEC
From a technical perspective, you need a secure email gateway that supports advanced options for flagging suspicious messages based on attributes (such as direction and Subject line) and email authentication techniques. At a minimum, configure your email gateway to block messages that spoof your domain(s); this function is built into most secure email gateways. Another best practice is automatically adding the [EXTERNAL] tag or a similar designation to the subject line of emails sent from outside your organization.
From a human resources perspective, train your staff and put the effective processes in place. Here are a few basic guidelines:
Adding safeguards that include out-of-band contact (personal interactions outside the back and forth of email conversations) can save organizations hundreds of thousands or even millions of dollars. Vigilant employees are the last line of defense against these threats. You should create a culture in which employees ask questions, think carefully, and understand their important role in security.
Your home has locks on the doors and windows to protect your family and prevent thieves from stealing cash, electronics, jewelry and other physical possessions. But do you have deterrents to prevent the loss or theft of your electronic assets, including bank account and other information in your personal computers, at home and when banking or shopping remotely online?
Please CLICK HERE to review a guide with great information on what you can do to help prevent online fraud and theft.
Identity theft is a growing problem in the world, but there are certain things you can do to avoid ID theft. Below are different ways to deter, detect, and defend yourself against ID theft.
The Federal Trade Commission wants you to help fight back against identity theft so for more information about ID theft, please visit their website at www.ftc.gov/idtheft.
Identity theft is a serious crime. It occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes. Identity theft can cost you time and money. It can destroy your credit and ruin your good name.
Deter identity thieves by safeguarding your information.
Detect suspicious activity by routinely monitoring your financial accounts and billing statements.
Be alert to signs that require immediate attention:
Defend against ID theft as soon as you suspect it.
Skilled identity thieves use a variety of methods to steal your personal information, including:
To learn more about ID theft and how to deter, detect, and defend against it, visit www.ftc.gov/idtheft. Or request copies of ID theft resources by writing to:
Consumer Response Center
Federal Trade Commission
600 Pennsylvania Ave., NW, H-130
Washington, DC 20580