Victory State Bank – Tips for Protecting Your Computer Against

Victory State Bank – Tips for Protecting Your Computer Against
Victory State Bank – Tips for Protecting Your Computer Against
Identity Theft and Unauthorized Access
Fraud Advisory for Businesses: Corporate Account Take Over
This excerpt is from a product that was created as part of a joint effort between the United
States Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center
(IC3) and the Financial Services Information Sharing and Analysis Center (FS‐ISAC).
Problem:
Cyber criminals are targeting the financial accounts of owners and employees of small and
medium sized businesses, resulting in significant business disruption and substantial monetary
losses due to fraudulent transfers from these accounts. Often these funds may not be
recovered.
The cyber criminal's goal is to get the employee to open the infected attachments or click on the
link contained in the email and visit the nefarious website where hidden malware is often
downloaded to the employee's computer. This malware allows the fraudster to “see” and track
employee's activities across the business’ internal network and on the Internet. This tracking
may include visits to your financial institution and use of your online banking credentials used to
access accounts (account information, log in, and passwords). Using this information, the
fraudster can conduct unauthorized transactions that appear to be a legitimate transaction
conducted by the company or employee.
How to Protect, Detect, and Respond
Protect
1. Educate everyone on this type of fraud scheme
•
•
•
Don’t respond to or open attachments or click on links in unsolicited e-mails. If a
message appears to be from your financial institution and requests account information,
do not use any of the links provided. Contact the financial institution using the
information provided upon account opening to determine if any action is needed.
Financial institutions do not send customers e-mails asking for passwords, credit card
numbers, or other sensitive information. Similarly, if you receive an email from an
apparent legitimate source (such as the IRS, Better Business Bureau, Federal courts,
UPS, etc.) contact the sender directly through other means to verify the authenticity. Be
very wary of unsolicited or undesired email messages (also known as “spam”) and the
links contained in them.
Be wary of pop-up messages claiming your machine is infected and offering software to
scan and fix the problem, as it could actually be malicious software that allows the
fraudster to remotely access and control your computer.
Teach and require best practices for IT security. See #2, “Enhance the security of your
computer and networks”.
1
Victory State Bank – Tips for Protecting Your Computer Against
Identity Theft and Unauthorized Access
2. Enhance the security of your computer and networks to protect against this fraud
•
•
•
•
•
•
•
•
•
•
•
•
•
Minimize the number of, and restrict the functions for, computer workstations and
laptops that are used for online banking and payments. A workstation used for online
banking should not be used for general web browsing, e-mailing, and social networking.
Conduct online banking and payments activity from at least one dedicated computer that
is not used for other online activity.
Do not leave computers with administrative privileges and/or computers with monetary
functions unattended. Log/turn off and lock up computers when not in use.
Use/install and maintain spam filters.
Install and maintain real-time anti-virus and anti-spyware desktop firewall and malware
detection and removal software. Use these tools regularly to scan your computer. Allow
for automatic updates and scheduled scans.
Install routers and firewalls to prevent unauthorized access to your computer or network.
Change the default passwords on all network devices.
Install security updates to operating systems and all applications, as they become
available. These updates may appear as weekly, monthly, or even daily for zero-day
attacks.
Block pop-ups.
As recommended by Microsoft for users more concerned about security, many variants
of malware can be defeated by using simple configuration settings like enabling
Microsoft Windows XP, Vista, and 7 Data Execution Prevention (DEP) and disabling
auto run commands. You may also consider disabling JavaScript in Adobe Reader. If
these settings do not interfere with your normal business functions, it is recommended
that these and other product settings be considered to protect against current and new
malware for which security patches may not be available.
Keep operating systems, browsers, and all other software and hardware up-to-date.
Make regular backup copies of system files and work files.
Encrypt sensitive folders with the operating system’s native encryption capabilities.
Preferably, use a whole disk encryption solution.
Do not use public Internet access points (e.g., Internet cafes, public wi-fi hotspots
(airports), etc.) to access accounts or personal information. If using such an access
point, employ a Virtual Private Network (VPN).
Keep abreast of the continuous cyber threats that occur. See the Additional Resources
section for recommendations on sites to bookmark.
3. Understand your responsibilities and liabilities
•
Familiarize yourself with your institution’s account agreement. Also be aware of your
liability for fraud under the agreement and the Uniform Commercial Code (UCC), as
adopted in the jurisdiction, as well as for your responsibilities set forth by the Payment
Card Industry Data Security Standard (PCI DSS), should you accept credit cards. For
2
Victory State Bank – Tips for Protecting Your Computer Against
Identity Theft and Unauthorized Access
more information, see
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml
Detect
4. Monitor and reconcile accounts at least once a day
•
•
Reviewing accounts regularly enhances the ability to quickly detect unauthorized activity
and allows the business and the financial institution to take action to prevent or minimize
losses.
Discuss the options offered by your financial institution to help detect or prevent out-ofpattern activity (including both routine and red flag reporting for transaction activity).
5. Note any changes in the performance of your computer such as:
•
•
•
•
•
•
•
•
A dramatic loss of speed.
Changes in the way things appear.
Computer locks up so the user is unable to perform any functions.
Unexpected rebooting or restarting of your computer.
An unexpected request for a one time password (or token) in the middle of an online
session.
Unusual pop-up messages.
New or unexpected toolbars and/or icons.
Inability to shut down or restart.
6. Pay attention to warnings
•
Your anti-virus software should alert you to potential viruses. If you receive a warning
message, contact your IT professional immediately.
7. Be on the alert for rogue emails
•
•
If someone says they received an email from you that you did not send, you probably
have malware on your computer.
You can also check your email “outbox” to look for email that you did not send.
8. Run regular virus and malware scans of your computer’s hard drive
•
This can usually be set to run automatically during non-peak hours.
Respond
9. If you detect suspicious activity, immediately cease all online activity and remove any
computer systems that may be compromised from the network.
3
Victory State Bank – Tips for Protecting Your Computer Against
Identity Theft and Unauthorized Access
•
Disconnect the Ethernet cable and/or any other network connections (including wireless
connections) to isolate the system from the network and prevent any unauthorized
access.
10. Make sure your employees know how and to whom to report suspicious activity to
within your company and at your financial institution
11. Immediately contact your financial institution so that the following actions may be
taken:
•
•
•
•
•
Disable online access to accounts.
Change online banking passwords.
Open new account(s) as appropriate.
Request that the financial institution’s agent review all recent transactions and electronic
authorizations on the account. If suspicious active transactions are identified, cancel
them immediately.
Ensure that no one has added any new payees, requested an address or phone number
change, created any new user accounts, changed access to any existing user accounts,
changed existing wire/ACH template profiles, changed PIN numbers or ordered new
cards, checks or other account documents be sent to another address.
12. Maintain a written chronology of what happened, what was lost, and the steps taken
to report the incident to the various agencies, financial institutions, and firms impacted
•
Be sure to record the date, time, contact telephone number, person spoken to,
instructions, and any relevant report or reference number.
13. File a police report and provide the facts and circumstances surrounding the loss
•
•
•
•
Obtain a police report number with the date, time, department, location and officer’s
name taking the report or involved in the subsequent investigation. Having a police
report on file will often help facilitate the filing of claims with insurance companies,
financial institutions, and other establishments that may be the recipient of fraudulent
activity.
The police report may result in a law enforcement investigation into the loss with the goal
of identifying, arresting and prosecuting the offender, and possibly recovering losses.
Depending on the incident and the circumstance surrounding the loss, investigating
officials may request specific data be recorded and some or all of the system’s data may
need to be preserved as potential evidence.
In addition, you may choose to file a complaint online at www.ic3.gov. For substantial
losses, contact your local FBI field office (http://www.fbi.gov/contact-us/field/field-offices)
your local United States Secret Service field office
(http://www.secretservice.gov/field_offices.shtml) or the Secret Service’s local Electronic
Crimes Task Force (http://www.secretservice.gov/ectf.shtml).
4
Victory State Bank – Tips for Protecting Your Computer Against
Identity Theft and Unauthorized Access
14. Have a contingency plan to recover systems suspected of compromise
•
The contingency plan should cover resolutions for a system infected by malware, data
corruption, and catastrophic system/hardware failure. A recommended malware removal
option is to reformat the hard drive, then reinstall the operating system and other
software on the infected computer(s). There is no preservation of data using this method
– all your data will be permanently erased. Do not take this step until you determine if a
forensic analysis of the computer is needed. For additional recommendations on steps to
take following a compromise, see the section “What if I am Compromised” on page 6 of
the US CERT document, Malware Threats and Mitigation Strategies available at
http://www.us-cert.gov/reading_room/malware-threats-mitigation.pdf.
15. Consider whether other company or personal data may have been compromised
16. Report exposures to PCI DSS.
•
If your business accepts credit cards, you are subject to compliance with the Payment
Card Industry Data Security Standard (PCI DSS) and you may be required to report and
investigate the incident, limit the exposure of the cardholder data, and report the incident
to your card company. For more information, see
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.
5
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement