Safeguarding your business. A cybercrime and fraud protection video series with Ken Gavrity.
Join our Executive Vice President of Commercial Payments as he discusses the rise of digital fraud, emerging cybercrime trends, the red flags to watch out for, and how to help protect your business from cyberattacks, scams, and fraud.
These days, it’s more important than ever to protect your business from cybercrime and fraud.
Arming yourself with the latest information is crucial to safeguarding your business.
And we’re here to help you do just that.
As part of our commitment to client security, we’re bringing you a series of short videos.
Each will cover a leading trend in cybercrime … along with tips to help you prevent attacks on your business.
As you know, a great deal of business and financial activity has moved online.
And this trend was accelerated by the COVID19 outbreak.
Today, more people than ever work remotely, which has driven the Bring Your Own Device trend.
The increased use of personal laptops and phones to access company networks is making it more difficult for businesses to maintain a firm grip on security.
These modern-day conveniences are bringing about newer and greater challenges related to cybersecurity.
In the first quarter of 2022 alone, reported phishing incidents surged by 15%, exceeding one million attacks worldwide for the first time.
Our video series will cover the most predominant security threats …
from business email compromise to mobile device phishing and text spoofing.
For now, we’ll start with two fundamental best practices that will help you minimize the threat of cyberattacks on your business.
First, you should alert and educate your staff about the increased risk of fraud and corporate account takeovers.
According to the 2020 Global Identity and Fraud Report by Experian, 57% of enterprises report higher fraud losses due to account takeover.
Let your employees know that fraudsters will often use a web address or phone number that is deceptively close to one your employees know and trust.
Remind them to always review this information closely to make sure it’s legitimate before logging in or returning a call.
Next, put extra security measures in place, such as multifactor authentication tools.
This added layer of security helps ward off fraudsters and verify the identity of your authorized users.
With cybercrime on the rise, maintaining your company's security online is more important than ever.
We all have a role to play in fraud prevention.
KeyBank is here to help you understand the trends, so we can work together to keep your business safe.
Hi. I'm Ken Gavrity, and I run the Payments business for KeyBank.
In today’s environment, we’re constantly hearing about businesses under attack from cybercriminals.
At KeyBank, the security of our client accounts is one of our biggest priorities.
As cybercrime continues to evolve, we want to keep you informed of the emerging trends and what you can do to protect your business.
Consumers and businesses alike are receiving calls, texts and emails from fraudsters presenting themselves as their financial institution.
These criminals often claim to be investigating fraudulent activity on a client’s account.
A common tactic is to say they need to authenticate you as a client. They then ask for your login IDs, passwords and one-time security codes.
This is happening across the industry. And we have received reports of KeyBank clients being included.
Here is an example of an actual fraudulent text message one of our clients received.
Note the suspicious URL – a major red flag.
One client clicked on a fraudulent link such as this and was then tricked into sharing their username and password.
This resulted in a loss of over $100,000.
Watch out for schemes like this. Remember, don’t give out your passwords or credentials without validating who you are speaking to, especially when being contacted unexpectedly.
Here’s another real-world example from one of our clients.
It’s a fraudulent text message designed to look like it’s from KeyBank.
Fraudulent messages such as this often state that there’s an issue with a recent transaction and to contact them immediately.
In one case, the client user did contact the fraudster who then created a sense of urgency to obtain their login credentials.
Once received, the fraudster wired funds to themselves.
If you are contacted unexpectedly by someone claiming to be from KeyBank and requesting your confidential information, be suspicious and play it safe.
End the call and contact your payments advisor or relationship manager immediately to ensure your security.
If you use KeyNavigator, be sure to ONLY access your account through key.com.
And make sure your dashboard URL starts with keynavigator.key.com.
Never access KeyNavigator by using bookmarks, a search engine like Google or Bing or a search within a browser like Chrome or Internet Explorer. This could lead you to an imposter KeyNavigator site, resulting in credential hacking.
Key maintains close relationships with several national security firms. These experts keep us up to date on emerging threats and best practices for combating them.
And we want to share this information with our clients like you. Here are a few:
Number one. Identify weaknesses. Learn where you're most vulnerable and secure the easiest access points to help prevent breaches.
Two. Stay up to date. Using old systems or failing to adopt the latest security updates leaves you vulnerable. The cost of updating is typically miniscule in comparison to the price of a security breach.
And three. Remember that “security never sleeps.” Continuously review and test your security processes and procedures, measure progress, and adjust protocols and educate your employees.
Hearing from our KeyBank business and commercial banking clients is critical to helping us identify and combat threats.
Let your KeyBank payment advisor or relationship manager know if you encounter anything suspicious or if you think your accounts have been compromised.
Let’s keep each other informed and fight fraud – together.
As more employees work remotely and use their personal devices to conduct business, every individual becomes a potential avenue for cybercrime.
This is why business email compromise has become one of the most common and financially damaging forms of cybercrime.
In 2021, nearly 20,000 business email compromise incidents were reported, with losses of $2.4 billion.
Business email compromise is a more precise form of phishing, known as spear phishing.
And unlike phishing, spear phishing is narrowly targeted and highly personalized.
This makes it more deceptive for the recipient, and more effective for the hacker.
Business email compromise takes spear phishing a step further by pairing it with an imposter email address that very closely resembles that of a legitimate organization the recipient knows and trusts.
In some cases, fraudsters even hack into email accounts within the recipients' own company to send emails that request payments, security credentials or confidential information.
It’s alarming to learn that 76% of U.S. organizations were targeted through business email compromise in 2020.
Here are a few tips on what you and your employees can do to avoid these deceptive and dangerous attacks.
First, be suspicious of urgent emails asking you to change your payment information or method.
Anytime you are asked to add or change payment instructions, verify the change directly with your vendor. Be sure to contact them through a known phone number or email address – not the ones provided in the email.
Whenever an email is received – particularly one requesting payment changes or sensitive information – look closely at the “From:” field and check the email address against the sender’s actual address to make sure it matches.
And check it twice. The perpetrator may change only one or two letters to trick the recipient.
Other signs of an illegitimate email include messages that are poorly written, slight misspellings or suspicious attachments or links.
Consider conducting a phishing simulation to help your staff identify red flags.
And educate them about malicious apps and other consequences of clicking on phishing links.
Remember, for cybercriminals to succeed, the recipient must take some kind of action ‒ like clicking on the link or opening an attachment.
So always pause and think before clicking. Fraudsters purposely create a sense of urgency to rush people into taking action.
Work with your company’s IT resources to keep your software updated and make sure your systems are backed up.
Develop request authentication and wire transfer policies.
Install anti-malware and endpoint security solutions.
And incorporate multi-step authentication, firewalls and email filters.
Please share this video with your employees and clients so they become aware of threats and what to look for before sharing financial information or sending payments.
For more information on how to protect your business and clients from cybercrime, visit us online.