BankNews.com

Company Name

Search Results: Contacts

Email Compromise: Is Your Institution Vulnerable? Do You Know How to Report It?

Answer:
Advisories to provide institutions with guidance on potential threats that may affect the U.S. financial banking system.

By Robin Guthridge, CAMS, CRCM

On September 2016, the Financial Crimes Enforcement Network (FinCEN) updated its Suspicious Activity Report (SAR) Key Advisory Terms to add a new key term. FinCEN periodically issues these advisories to provide institutions with guidance on potential threats that may affect the U.S. financial banking system. The advisories also provide guidance to financial institutions on preparing SARs related to the covered activity. This article will discuss the details of the September 2016 advisory, including SAR preparation tips. The most recent advisory term addition, email compromise, was the result of a recent spate of compromised personal and business email accounts. According to the FBI, there have been approximately 22,000 reported cases involving $3.1 billion since 2013. These scams hit not only businesses and individuals, but also financial institutions directly. The scams present themselves as follows: business email compromise (BEC) fraud, which means the cyber criminal targets a financial institution’s commercial customers, and email account compromise (EAC), which involves a victim’s personal accounts.

(more…)

Email Compromise: Is Your Institution Vulnerable? Do You Know How to Report It?

Answer:

Advisories to provide institutions with guidance on potential threats that may affect the U.S. financial banking system.

By Robin Guthridge, CAMS, CRCM

On September 2016, the Financial Crimes Enforcement Network (FinCEN) updated its Suspicious Activity Report (SAR) Key Advisory Terms to add a new key term. FinCEN periodically issues these advisories to provide institutions with guidance on potential threats that may affect the U.S. financial banking system. The advisories also provide guidance to financial institutions on preparing SARs related to the covered activity. This article will discuss the details of the September 2016 advisory, including SAR preparation tips. The most recent advisory term addition, email compromise, was the result of a recent spate of compromised personal and business email accounts. According to the FBI, there have been approximately 22,000 reported cases involving $3.1 billion since 2013. These scams hit not only businesses and individuals, but also financial institutions directly. The scams present themselves as follows: Business email compromise (BEC) fraud, which means the cyber criminal targets a financial institution’s commercial customers, and email account compromise (EAC), which involves a victim’s personal accounts.

According to FinCEN, the email compromise schemes involve three phases. In phase one, the cyber criminal unlawfully accesses a victim’s email account through manipulating the victim to give up confidential identifying information or via computer intrusion. The criminal uses this information to gain access to the victim’s financial institution, account details, and personal and professional contacts. In the second phase, the criminal uses the stolen information to email fraudulent wire transfer instructions to the victim’s financial institution by pretending to be the victim or a trusted employee of the victim. This ruse works because the criminal actually uses the victim’s email account to give the appearance that the victim is the originator of the wire. For the final phase, based on the information provided by the victim or their employee, the financial institution is tricked into conducting wire transfers that appear legitimate but are in fact unauthorized.

Each key term is directly related to a FinCEN advisory detailing the background and use of the key term. FinCEN Advisory FIN-2016-A003 lists three illustrative BEC and three illustrative EAC scenarios. In the first BEC scenario, the cyber criminal impersonates a financial institution’s commercial customer. The criminal hacks into and uses the email account of an employee of Company A to send fraudulent wire transfer instructions to Company A’s financial institution. Based on this request, Company A’s financial institution issues a wire transfer and sends funds to an account the criminal controls. In this scenario, the criminal impersonating the financial institution’s customer prompted the financial institution to execute an unauthorized wire transfer.

In the second BEC scenario, the cyber criminal impersonates a company executive. The criminal hacks into and uses the email account of an executive of Company B to send wire transfer instructions to an employee of Company B who is responsible for processing and issuing payments. The employee, believing the executive’s emailed instructions are legitimate, orders Company B’s financial institution to execute the wire transfer. In this scenario, the criminal impersonating a company executive misled a company employee into unintentionally authorizing a fraudulent wire transfer to a criminal-controlled account. This scenario has happened to several financial institutions when the president was out on vacation or at a conference and the assistant to the president received a wire request from the president’s email account requesting funds to be transferred to a named beneficiary on behalf of the institution.

In the final BEC scenario, a criminal impersonates one of Company C’s suppliers by emailing and informing Company C that future invoice payments should be sent to a new account number and location. Based on this fraudulent emailed information, Company C updates its supplier’s payment information on record and submits the new wire transfer instructions to its financial institution, which in turn directs payments to an account controlled by the criminal. In this scenario, the criminal impersonating a supplier provided fraudulent payment information to mislead a company employee into unintentionally directing wire transfers to a criminal-controlled account.

FinCEN also provides three EAC scenarios in its guidance. The first scenario includes lending and brokerage services. The cyber criminal hacks into and uses the email account of a financial services professional (such as a broker or accountant) to email fraudulent instructions, allegedly on behalf of a client, to the client’s institution or brokerage to wire transfer the client’s funds to an account controlled by the criminal.

The second EAC scenario involves real estate services. The criminal compromises the email account of a realtor or an individual purchasing or selling real estate for the purposes of altering payment instructions and diverting funds of a real estate transaction (such as sale proceeds, loan disbursements, or fees). Alternatively, a criminal hacks into and uses a realtor’s email address to contact an escrow company, instructing it to redirect commission proceeds to an account controlled by the criminal.

The third EAC scenario involves legal services. The criminal compromises an attorney’s email account to access client information and related transactions. The criminal then emails fraudulent transaction payment instructions to the attorney’s financial institution. Alternatively, the criminal may compromise a client’s email account to request wire transfers from trust and escrow accounts that the client’s attorney manages.

The FinCEN advisory provides a list of red flags and guidance on how to authenticate a potentially fraudulent email address. The danger of this type of cyber attack is that these transactions are often irrevocable, which renders financial institutions and their customers unable to cancel payment or recall the funds. Therefore, it is important for financial institutions to have procedures in place to identify potentially fraudulent transaction payment instructions before payments are issued.

About the only good news is that working with the FBI and the United States Secret Service, FinCEN has helped recover hundreds of millions of dollars. Their best success occurred when victims reported unauthorized wire transfers to law enforcement within 24 hours.

Related FinCEN guidance on SAR preparation states that a SAR must be filed for email compromises if the transaction is attempted or completed and if the total amount of loss or potential loss meets the SAR filing thresholds. The thresholds are $5,000 if a subject is identified or $25,000 if no subject is identified. Keep in mind, if the funds transfer request lists a beneficiary, then there is a potential subject for purposes of meeting the $5,000 threshold. In addition, it is important that the SAR be completed using the term “email compromise” and that the related BEC or EAC acronyms be listed in SAR field 31(z), “Other,” and in the beginning of the narrative. For example, “We are filing this SAR because of email compromise against a business customer (BEC).” The narrative should also provide as much information as possible on IP addresses of the email address, including related timestamps.

Financial institutions should take advantage of this helpful resource from FinCEN and use the six scenarios as training tools both internally for employees and externally for business accounts. Furthermore, by making sure the SAR preparers and reviewers are up to date on the key terms and use those key terms consistently in the body of the SAR and the narrative, it will allow law enforcement to track this activity and determine whether there are potential trends when matches in IP addresses or beneficiaries are identified.

 

Robin Guthridge has a strong background in Bank Secrecy Act (BSA) compliance, leadership, and sales management. In addition to performing BSA, deposit, and loan compliance examinations for various institutions, she has developed, implemented, and presented annual BSA workshops for Wipfli LLP’s clients and prospects and for various state banking associations. Robin uses her firsthand experience in the financial services industry to provide meaningful insight and helpful recommendations in the areas of BSA and deposit compliance. Robin may be contacted at rguthridge@wipfli.com. Learn more about Wipfli by visiting our website, wipfli.com/fi

IBAT Presents 2017 Excellence in Leadership Award

June 29 — The Independent Bankers Association of Texas honored Debbie S. Scanlon, CPA, partner at BKD, LLP, with its 2017 Excellence in Leadership Award. Scanlon is a member of the BKD National Financial Services Group and leads the Houston financial services practice. She was presented this prestigious award during the 32nd Annual IBAT Leadership Conference at Horseshoe Bay Resort in Horseshoe Bay, June 22-24, 2017.

(more…)

Beige Book Indicates Continued Economic Expansion

June 5 —  Economies continued to expand throughout most of the Federal Reserve System at a modest or moderate pace from early April through late May, according to reports from the 12 district banks for the latest Beige Book. 

(more…)

Economy Expansion Continues in All 12 Districts

April 20 – The pace of expansion in the U.S. economy was equally split between “modest” and “moderate” in reports from the Federal Reserve’s 12 district banks for the April Beige Book. Economic activity increased in each of the districts between mid-February and the end of March and the pickup was evident to varying degrees across economic sectors.

(more…)

FRB to Broaden Scope of Post-Employment Restrictions

November 18 – The Federal Reserve Board announced it is broadening the scope of post-employment restrictions that apply to Federal Reserve bank senior examiners and officers. (more…)

Metro City Bank Breaks Ground in Doraville, Ga.

August 17 – Metro City Bank recently broke ground on a new, larger branch in Doraville, Ga.

(more…)

Cybersecurity Threats: Your New No. 1 Risk

By Robert Mendez

As a board member or a member of the bank’s executive team, understanding the levels of risk you’re accepting for your bank, your customers and for yourself is essential. CEOs and executives of non-banking firms, such as Target, have lost their jobs because they didn’t understand the cybersecurity risks their businesses were accepting. Bankers have additional concerns about financial risks and the penalties regulators may assess if cybersecurity risks are not being effectively managed by the board.

(more…)

ABA: Banks Thwarted 85 Percent of Fraud Attempts in 2014

February 1 – The nation’s banks stopped more than $8 out of every $10 of attempted deposit account fraud in 2014, according to the 2015 American Bankers Association Deposit Account Fraud Survey Report. While attempted fraud against bank deposit accounts reached $13 billion, banks’ prevention measures stopped $11 billion in fraudulent transactions. Fraud against bank deposit accounts cost the industry $1.9 billion in losses an increase from $1.7 billion in 2012. (more…)

Signature Bank President and CEO Joseph J. DePaolo Named Recipient of Alfred B. DelBello Visionary Award

November 30 – Signature Bank, a New York-based full-service commercial bank, has announced that President and Chief Executive Officer Joseph J. DePaolo was named the recipient of the Alfred B. DelBello Visionary Award by the Westchester County Association, the leading business membership organization in Westchester County, focused on economic vitality and development in Westchester and the surrounding region.

(more…)

Software: Kryptronic eCommerce, Copyright 1999-2017 Kryptronic, Inc. Exec Time: 0.164131 Seconds Memory Usage: 3.781219 Megabytes
Kryptronic Internet Software Solutions