Banking and Brokerage Accounts vulnerable to “Account Takeover”
It wasn’t pretty: those fairly recent credit card breaches at a few big-name retailers. As newsworthy as these were, they’re actually not the greatest risk for wealthy folks; a bigger foe is a money management firm lacking sufficient checks and balances.
Another type of attack can hit an organization hard: some cyber punk getting into your clients e-mail account, then using their stolen information to rob money from the clients financial accounts. E-mail related fraud is booming.
Perhaps the biggest scheme is when an employee gets an e-mail in which someone is requesting money—and urgently. Often, the employee is lured into clicking on a link inside the e-mail, and the end result is that the employee ultimately reveals personal data, allowing the system to get hacked.
Another common realm of infiltration is via unsecured public wireless networks, such as at an airport or hotel. Fraudsters will set up hot spots—fake, of course—that yield Internet access but will ensnare employee data.
Employees can also expose their accounts to hacking by using their e-mail address to log into their own financial accounts. This makes the job easier for cybercriminals.
Protect Your Business
Here are some ways to add protection:
Revamp how employees wire money for clients (one way to do this is to require that the recipient’s authenticity be verified with a phone call).
Clients should verify any and all wire transfers from their accounts.
If a client’s computer is not recognized or has an unfamiliar IP address, the client should be called with a code that completes the transaction.
Incorporate multifactor authentication in the login process and when transfers of any substantial amount are made.
Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.