Read the Full Blog Post:
CONTENTS: 1) Cyber risks increase over the holiday season; 2) BECs and recommendations for victims.
Gone Phishing for the Holidays:
Cyber attacks have increased exponentially over the past several years. These attacks are facilitated through two primary means, phishing and unpatched systems. During the holiday seasons especially, cyber attacks typically surge due to an increase of people looking for online discounts…making phishing an easy option to compromise systems. From 2020 to 2021, IC3.gov seen an increase of phishing attacks rise from 241,342 complaints to over 323,972. Phishing facilitates: Business Email Compromise (BEC), Identity Theft, Ransomware, Network Compromise, and Data Theft. (https://www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf)
Recommendations to prevent falling victim to phishing scams:
Focus on awareness training for employees.
Do not simply trust the name on an email: question the intent of the email content
If you receive a suspicious email with a link from an unknown contact, confirm the email is legitimate by calling or emailing the contact, do not reply directly to a suspicious email
If you receive an unsolicited email with a link or attachment for a holiday discount from a big-box store, do not click on the link, rather go directly to the known domain name of the big-box store.
BEC losses increase from $1.8 Billion to $2.4 Billion:
BEC schemes have evolved. They provide an avenue for cyber criminals to craft emails or scams to take advantage of the moment. Think COVID-19 and PPP fraud most recently, to the more common domain spoofing and CEO fraud. Many of the phishing-prevention recommendations above apply here, but what do you do if you become a victim of BEC? #1 Contact your bank to recall funds, then file a complaint with www.ic3.gov.
In 2018, the FBI established the Internet Crimes Complaint Center (IC3) created the Recovery Asset Team (RAT). The purpose of RAT was to streamline communication with financial institutions and assist FBI field offices with freezing funds for victims who made transfers to domestic accounts under fraudulent pretenses. While the amount of the transfer may not rise to the level requiring an FBI investigation, the RAT unit can assist with recovering at least part of the funds.
What happens when I file a complaint?
Contact your bank first. Notify them of the fraudulent transfer and attempt to recall the funds.
File a complaint with www.ic3.gov, to include the originating and recipient bank account information. The RAT team will also make efforts to contact the recipient bank and request they freeze funds to begin the process.
The complaint is then forwarded to the local field office to assist with recovery.
If money has already been withdrawn from the recipient account, you will likely need to complete a hold harmless letter to the recipient bank before they will return the remainder. A hold harmless letter releases the recipient bank of any liability for lost/stolen funds.
What about international transfers?
IC3 can also assist with facilitating communications between the victim and the foreign beneficiary bank to initiate what’s called the Financial Fraud Kill Chain process.
From the Virginia Cyber Security Partnership and rvaTech, have a safe an happy holiday and a healthy and prosperous New Year!