Your cybersecurity plan is only as strong as your weakest link



Posted2/13/2019 1:00 AM

"I'll appreciate it if you make this an overnight delivery and email me the tracking #."

This was the closing line of an email that one of our bankers recently received from our customer's accounting firm requesting a check for more than $30,000. The email appeared to be from the founder of the firm with whom this banker had had a recent communication. The email signature contained the name of the founder, her contact information, and the company logo and URL.


Or, did it?

The tone of urgency in the email raised a red flag for our banker and she examined it a little more closely. The language seemed strange, the email address was ever so slightly misspelled, and the phone number was off by a digit. She brought it to my attention and we alerted our IT department.

Upon deciphering the incoming IP address, we found our customer's email had been hacked and the request was indeed fraudulent. The email request had not come from the purported accounting firm in the far west suburbs of Chicago, but from Johannesburg, South Africa.

According to the American Bankers Association, banks stopped nearly $17 billion in attempted deposit account fraud in 2016. And -- unfortunately -- small, family-owned and privately held businesses like this accounting firm are often the target of these scams.

Business Email Compromise (BEC) is a multibillion dollar industry. Fraudsters will spoof or hack the email address of C-suite executives, as that level holds more authority for money movement. Fraudsters leverage that authority with strong-arm tactics by saying the request is "urgent" or "confidential," thus applying pressure on employees to honor the request.

by signing up you agree to our terms of service

If a company's network is infiltrated through BEC or phishing attempts, payment instructions to clients could be fraudulently changed. Oftentimes, this is only discovered when it's too late and the vendor calls looking for their payment. A vendor sending a change in payment instructions may appear innocuous, as the sending party's email looks correct and even the company's logo is affixed. But if they have been hacked, your payment may be headed right for the fraudster's pocket!

At Signature Bank, we consistently reiterate the importance of talking to customers about the threat of fraud to help prevent schemes like BEC and phishing. While many of our customers have great system controls in place, vulnerabilities may still exist within the network of vendors and employees who could fall prey to one of these scams. And the larger a company's employee base, the larger the phishing threat. Once a fraudster gains access through a successful phishing attack, they may lie in wait and plan for the right moment to originate a BEC.

A few tips to identify and avoid scams:

• Educate your employees about the threat of fraud.

• Create strong internal procedures for the movement of funds.

•Employ a dual layer of authentication for requests that originated via email.

• Don't set your "out of office email" response.


• Be suspicious. If the request doesn't seem right, check it out further.

While we all rely more and more on technology, the human touch is still important when it comes to thwarting fraud. Though it may add a little time to the process, we find that our customers appreciate a phone call to verify a signature, a change in payment, or confirmation of an outgoing wire. Strengthening your internal systems and controls will help prevent hackers from finding cracks in the armor where they can breach your organization.

As for our fraud scenario above, our banker received a follow-up email later in the day asking if the request had been honored. Needless to say, it had not, and our customer was very grateful that they were spared a $30,000 loss.

• Lisa Wente is senior vice president of Deposit & Risk Operations at Signature Bank.

Go to comments: 0 posted
Article Comments
Guidelines: Keep it civil and on topic; no profanity, vulgarity, slurs or personal attacks. People who harass others or joke about tragedies will be blocked. If a comment violates these standards or our terms of service, click the "flag" link in the lower-right corner of the comment box. To find our more, read our FAQ.