Cyber Security: Fraud Alerts and Security Freezes

If you experience identity theft, you will begin to feel the confusion and strain that comes with trying to recover your good name and pilfered finances. Identity theft is a real and growing concern for everyone; remain alert and prepare before it happens. We have put together some ways to deter identity thieves and protect your information:

• Shred financial documents as well as personal information before getting rid of them.
• Protect your Social Security number
• Remain cautious with personal information on the phone, by mail, or over the internet.
• Protect your home computer with anti-virus guard software.

In addition to the tips provided to deter identity theft, there are ways to help once you’ve detected your identity might be in danger. Utilizing these available tools could prevent and minimize potential losses. Here are two options to consider if you suspect your personal data has landed in the wrong hands.

Fraud alert. Say you lose your wallet or discover suspicious charges in your credit report. Don’t hesitate to contact one of the three main credit-reporting agencies (Experian, TransUnion, or Equifax). That agency will contact the others. Report that your identity may have been compromised and ask the company to place a fraud alert in your credit file. When lenders and service providers see this warning, they’re supposed to take extra precautions before granting credit in your name. Fraud alerts are free and can be renewed indefinitely in 90-day intervals. This alternative isn’t fail safe, but if you suspect you’ve been victimized, setting up a fraud alert is a prudent first step. A fraud alert is beneficial because it will make it difficult for an identity thief to open more accounts in your name. You could be contacted by a business for identity verification once you have an alert on report.

Security freeze. Also known as a credit freeze, this option is more restrictive than a fraud alert. When you “freeze” your record, lenders aren’t allowed to see your credit report unless you grant permission by temporarily lifting the freeze. To start the process, contact all three credit bureaus. You may be asked to provide evidence (for example, a police report) that you’ve been the victim of identity theft. Otherwise, you may have to pay a fee each time you freeze or unfreeze your account. Processing times for establishing the freeze can vary. You’ll need to take that into consideration when you plan financial activities that require a credit check, such as a car loan, revising the terms of your mortgage, or applying for a new job.

For more information regarding security theft, please read our Cyber Safety blog post. In order to establish good internal controls for your business, check out our blog post on How entrepreneurs can prevent fraud in their business.

Contact us at (212) 786-7476 if you have any questions about security theft issues.

Worried about the Cyber-Safety of your Business? How you can avoid E-mail Scams.

A common belief of identity theft is that it occurs mostly to individuals, for example when social security numbers and other personal information are obtained. Businesses are also subject to identity impersonation. The remainder of this article discusses business e-mail scams and the best practices for minimizing their likelihood as suggested by the Federal Bureau of Investigation (“FBI”).

Regardless of the nature of your business, anyone opening e-mail is a potential target for hackers. These illegitimate e-mails or “phishing e-mails” imitate e-mail addresses you would commonly send mail to or receive mail from.

Keith Kelly of the New York Post reported that Bonnier Publications was defrauded of $1.5 million in May of 2015. Bonnier is a leading magazine publisher with offices in New York City and Winter Park Florida. According to Kelly, the cyber hackers breached the e-mail of then CEO David Freygang – who weeks after the scam stepped down from his position. An e-mail hacker impersonating Freygang instructed a Bonnier accounting department employee to wire transfer $1.5 million to China. Days after their first scam, cyber hackers made a second attempt at defrauding the media company. This time employees of Bonnier Publications were successful in thwarting off the thievery of the hackers, and saved the firm from another $1.5 million scam. Kelly reports that the Chinese international authorities have been “uncooperative” and have “not been helpful in identifying the owner of the account that was receiving the stolen money”. Frequently once the funds are out of the United States they are gone. It is difficult for firms and individuals to ever recoup their funds.

In 2014 American businesses were robbed for over $200 million. The average amount lost in a case of this nature was $150,000. Approximately 2,000 American businesses have been negatively affected, and the number of victims is expected to grow rapidly as computer hackers increase in their ability and popularity. We are all potential victims for attacks, but most likely to be preyed upon are companies that send wire transfers and do not have proper internal controls. It is for this reason that the FBI has issued a fraud alert on wire transfers in an effort to vigilantly prevent and monitor any potential cybercrime. The FBI has a name for cyber scams such as the one Bonnier suffered, business e-mail compromise scams (BEC). In response to the rise of recent cyber attacks, the FBI has released guidelines and measures to prevent loss and repeat attacks on innocent U.S businesses. The IC3 Public Service Announcement does just that.

SUGGESTIONS FOR PROTECTION

The IC3 suggests the following measures to help protect you and your business from becoming victims of the BEC scam:

• Avoid Free Web-Based E-mail: establish a company website domain and use it to establish company e-mail accounts in lieu of free web-based accounts.
• Be careful what is posted to social media and company websites: job duties/descriptions, hierarchal information, and out of office details.
• Be suspicious of requests for secrecy or pressure to take action quickly.

Consider additional IT and financial security procedures and 2-step verification processes:

• Out of Band Communication: establish other communication channels, such as telephone calls to verify significant transactions. Arrange this second-factor authentication early in the relationship and outside the e-mail environment to avoid interception by a hacker.
• Digital Signatures: both entities on either side of transactions should use digital signatures. However, this will not work with web-based e-mail accounts. Additionally, some countries ban or limit the use of encryption.
• Delete Spam: immediately delete unsolicited e-mail (spam) from unknown parties. Do NOT open spam e-mail, click on links in the e-mail, or open attachments. These often contain malware that will give subjects access to your computer system.
• Forward vs. Reply: do not use the “Reply” option to respond to any business e-mails. Instead, use the “Forward” option and either type in the correct e-mail address or select it from the e-mail address book to ensure the intended recipient’s correct e-mail address is used.
• Significant Changes: beware of sudden changes in business practices. For example, if a current business contact suddenly asks to be contacted via their personal e-mail address when all previous official correspondence has been on a company e-mail, the request could be fraudulent.
• Always verify via other channels that you are still communicating with your legitimate business partner.

Our firm strongly suggests that you take the time to click and read the following link to a FBI Public Service Announcement provided by their internet cybercrime specialists. If you believe that your business may have received a fraud email or is victim to BEC, we recommend that you immediately file a complaint with the IC3 at www.IC3.gov . Remember to protect business information because the business saved could be your own. We would be glad to help you to review your internal controls over wire transfers. Please call us at 516-208-8363 if you have questions or would like additional information.