Following a number of information security breaches at major companies including Target, Sony, Home Depot, and others, President Obama declared in his 2015 State of the Union address that the U.S. must increase its efforts to combat cyber-criminals. "No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids," he said. Cyber-fraud remains a serious problem.
Cyber-fraud is an evolving crime, with perpetrators continually devising new and more sophisticated tactics to exploit digital technology for financial and other gains, while attempting to evade law enforcement. Individuals, businesses, and government officials share the responsibility to safeguard personal, financial, and other sensitive data against fraud.
New scams are invented regularly. Among the most current and pervasive trends in cyber-fraud are:
Card not present fraud occurs, as the name suggests, in situations where the credit or debit card is not present—typically, in fraudulent online, phone, and mail transactions. Law enforcement and financial industry officials are bracing for a massive spike in card-not-present fraud after the adoption in October 2015 of EMV credit card technology by U.S. retailers. Chip-enabled credit cards will make it far more difficult for fraudsters to clone and use cards for in-person transactions. Therefore authorities expect credit card fraud activity to shift heavily to the online retail sector. For 2016, officials estimate that financial losses due to card-not-present fraud will be $4 billion in the U.S.; by 2018, that number is expect to rise to $6.5 billion.
CORPORATE ACCOUNT TAKEOVER
Corporate account takeover, is a sophisticated crime that targets businesses in order to conduct transactions fraudulently through the use of stolen banking credentials. Typically, the criminals steal banking system credentials through targeted financial malware enabled inadvertently by the corporation which then steals credentials, or through “social engineering”—using tricks to manipulate the business into revealing user credentials. The criminal uses these credentials to access and “take over” the account, adding and changing account information and initiating fraudulent transactions and payments, often to foreign banks and fraudulent recipients – destinations which make recovery of the funds difficult and transactions impossible to reverse.
Business Email Compromise
Business Email Compromise (BEC) is a sophisticated targeting of businesses with email requests to process financial transactions or provide sensitive data, usually with well-crafted emails that appear to be legitimate. Recipients of these phishing emails often comply with the fraudulent request— believing the request to have come from a legitimate source - when in fact the request came from a fraudster. This type of phishing commonly leverages a fake email account or signature block from an organization’s senior leadership – prompting the recipient to ‘comply’ with the request to transfer money. Learn more about wire transfer fraud.
Phishing is an attempt to collect sensitive information such as user name, password, or credit card information by pretending to be a trustworthy entity. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website that is almost identical to a legitimate one. Phishing emails may also contain links to websites that are infected with malware.
To protect against phishing attacks:
- Before you click on a link contained in an email, hover over the "from" email address with your mouse; if the URL is different than that in the "From" address, you’ve received a phishing email and should delete it immediately without responding.
- Remember: City National Bank will never request your username or password via email; if anyone requests your username or password via email, you are probably the victim of a phishing attempt.
- Do not respond to personal information requests unless you initiated the request.
- Do not email financial information to anyone, even those you know.
- Be aware of pop-ups, which may contain malware.
- Do not click on links in emails unless you know the sender and can confirm the message is authentic.
Vishing, or voice phishing, is the criminal practice of using the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward.
To protect against vishing attacks:
- Do not respond to suspicious calls or voicemails.
- Never provide your user name or password over the phone.
- Remember: City National Bank will always ask you to authenticate yourself by entering your credentials on your keypad, not by speaking to an agent over the telephone.
SMShing is a form of fraud using text messages to trick victims into visiting a fraudulent website, calling back a fraudulent phone number, or downloading malicious content via phone or web browser.
To protect against SMShing attacks:
- Never send your personal information in response to an SMS.
- Remember: City National Bank will never request your username or password via SMS.
- If you are uncertain as to the authenticity of an SMS claiming to come from City National Bank, contact us.