Cybersecurity threats and fraud attempts have become so common it often feels like being stuck in a state of perpetual reaction. Keeping your defense program strong starts with an effective strategy, and having one means we need to occasionally shift our mindset from reactive to proactive. October gives us the opportunity to pause and reflect on the cybersecurity trends and events from the past year, as well as review our business practices. What tactics have changed? How effective have our existing controls and processes been? Where do we need to invest and what can we modify within our existing toolset to strengthen our defense?
The most common and successful attack methods seen over the past year can be summarized into two categories:
Online Banking Takeover - Attackers gaining access to legitimate online banking profiles. These compromises are the result of successful phishing attacks or impersonation leading to passwords and Multifactor Authentication (MFA) codes being provided to the fraudster. Once the account is compromised, money is moved using legitimate payment methods such as wire and external transfers, ACH, Zelle, Venmo, or bill pay services.
Stolen Vendor Payments – You or your employee receives updated payment instructions for a known vendor (oftentimes as a result of a successful email account compromise at the vendor office) or a fake invoice that appears to be legitimate. Once the money is sent, it often takes weeks to detect because of the amount of time required for a late or missed payment to be noticed by the true recipient. Learn more about preventing fraud stemming from vendor email compromise.
Direct Deposit Theft – Your finance or HR teams receive an email from a seemingly personal email address of a current employee asking to update their direct deposit information. The personal email was created by a fraudster using free email services like Gmail and configured with the true first and last name of the targeted employee. If the email request is granted, the direct deposit will process to the account controlled by the fraudster during the next payroll cycle.
Payroll Funding Account Theft – Similar to the above example but targeting the entire payroll run instead of individual employees. A fraudster will impersonate a senior executive, usually the CEO or CFO, and request a change to wiring instructions for the next payroll to a new provider. If the request is granted, the payroll will fund to an account controlled by the fraudster.
Malware and Ransomware Infections – Malware especially ransomware is still a common threat and usually delivered through crafted phishing emails with attachments or links to downloads. Once deployed, the malware can capture keystrokes including online banking credentials, intercept and forward VoIP phone calls, corrupt and steal sensitive data, and extort your employees.
Dual Approval & Limits – Digital Banking platforms are capable of preventing a single person from both initiating and processing a transaction, as well as setting dollar limit thresholds. Many of the above examples can be prevented by introducing a speedbump and a second set of eyes on transaction requests.
Email and Text Notifications – Set up notifications for activity inside Digital Banking. For example, you can receive an email or text when a payment over a certain dollar threshold has been submitted.
Review Online Banking Activity Reports – The ARB Commercial Banking Platform has the ability to generate activity reports for all users of the system. There are filters that can be set up to review payment logs, template changes, user entitlements, and other activity that could be an indicator of compromise if it is unexpected.
Lock Down Payment Templates – Limit the ability for employees to modify payment templates. Create a process that verifies the instructions out of band using known trustworthy contact information like a published number on a legitimate website. Ensure any changes to existing templates or new template creation go through a similar callback process before being used to transmit funds.
Normalize Callback Procedures – Introduce the idea of callback to a known trustworthy phone number to verify changes or requests. Ensure your employees know that any inbound communication, whether through phone, text, email, etc., should never be trusted. Always look up the legitimate contact information and verify requests before taking action.
Switch to Soft or Physical Token Authentication – As mentioned above, VoIP phones and texts can be hijacked. For stronger authentication, set up a physical token or soft token app to authenticate to transactional websites like Digital Banking.
Protect Online Accounts with Strong MFA – Protect email accounts and other high risk accounts with MFA and avoid using email as a destination for the MFA token. Consider using soft or physical tokens instead of voice or text messages also.
Avoid Clicking Links and Opening Attachments – Legitimate email accounts are regularly compromised through phishing and then used to deliver malware to trusted recipients. Take the time to call the sender with a previously known phone number to verify before taking action. You never know, you may be the one to alert them that their email is compromised!
Cybersecurity Awareness Month is a chance to pause, reflect, and reset. The threats are real and constantly evolving, but so are the tools and tactics we can use to defend against them. By staying informed and making small adjustments to our existing processes, we can strengthen our defenses and reduce risk. If you're looking to build a broader resilience strategy, Business Strategies for National Preparedness Month offers practical tips for planning ahead. Let’s use this time to take a closer look at what’s working, what needs improvement, and how we can stay one step ahead.
Previous: AI Scams and How to Recognize Them