Skip Navigation
Lock symbol

Cyber Security

Internet Fraud & Cyber Threat
Regardless of the ever changing threat environment that Banking is subject to, fraud remains a major threat, one that Legacy Bank takes seriously. On an almost daily basis, users of the Internet are warned about the latest hacking or infectious spyware incident perpetrated by criminals who are seeking to profit illegally by obtaining your financial information and/or identity. By arming yourself with the knowledge to protect your identity and ensure your Internet security, we can fight back against this crime. Remember, it is always best to be on the defense when it comes to protecting your financial security.
Wire Fraud is Growing Alarmingly
Wire Transfer Imposter Fraud is one of the costliest cybercrimes against corporations and small businesses. While this threat is real and growing, there are steps you can take to protect your business from these types of activities.
New Approaches to Wire Fraud
It has been called Imposter Fraud, Business Email Compromise, and CEO Fraud. It is a disturbing trend in fraud that has grown at epidemic rates since it was first identified by the FBI in 2013. Imposter Fraud scams use email and social engineering to pose as a senior manager in order to trick employees into sending "urgent" and "confidential" wire transfers directly to the fraudsters' accounts. This type of fraud can manifest itself in a variety of methods.
Email Account Takeover/Business Email Compromise (BEC)
The thief uses phishing or other means to install malware on an executive’s computer and gains access to the executive’s email account. Once they have this access, thieves will take time to understand the organization’s relationships and the ebb and flow of routine wire transfer requests. They search the email account for words like “invoice,” “deposit,” or “president” to learn about the processes at the business for wire transfers, money movement, and vendor relationships. Once they have learned the organization’s standard practices, they use the compromised email account to create a money transfer request. The fraudsters continually monitor the email account and reroute emails questioning the wire transfer. The real executive is unaware of the request email and any email responses from employees.
Look-Alike Domain
In this case, the fraudster will use publicly available information to learn about the organization’s executives and activities. They will typically send emails to executives in an effort to receive out-of-office replies. They attempt to understand when an executive will be unavailable or traveling. They create a domain that looks similar to the victim company domain. These are a few examples of the false domain names they typically create: they replace the letter l with the number 1 (example.com becomes examp1e.com); they drop the last letter of a domain (example. com becomes example.co); or they may add an extra letter to a domain name that is difficult to spot (progress.com becomes progresss.com). The thief uses the look-alike email address and, based on information they have gathered on the business, makes money movement requests of company employees.
Forged Vendor Invoice
Fraudsters may also target an organization’s vendor relationships. To forge a vendor invoice request, the fraudster may compromise an email address from the vendor, or from an individual within the organization’s finance department. The thief will attempt to obtain sample invoices and gain insight into the relationship between the vendor and the organization, including typical invoice and payment patterns. With that information in hand, the fraudster will either use a compromised email account or look-alike domain email account to submit an invoice with altered payment information. The invoice payment is routed to the fraudster’s account rather than the vendor.
Confidential and Urgent - Phishing
Thieves may also craft an elaborate story when sending a compromised or look-alike email. Often the story involves events that must be kept confidential such as an upcoming acquisition or large purchase. The requests are extremely urgent in nature requiring the target employee to act immediately. The combination of extreme urgency and high confidentiality persuades the employee to act quickly and secretively, sometimes conflicting with or bypassing company safeguards and practices. Do not respond to unsolicited emails asking for account or credit card information, usernames or passwords, Social Security Number date of birth or any other personal and financial information. (Legacy Bank will NEVER ask for personal information in this manner.)
Best Practices to Reduce the Risk of Imposter Fraud
Dual Control
Establish dual control for all money movement activities. Ensure that every funds transfer requires a transaction creator and separate approvers. Utilize online banking security features to set additional approval levels based on the dollar amount of the transaction. Set up online alerts to notify approvers when a money transfer request is awaiting approval. Utilize the approval feature within your bank’s mobile application to ensure that senior management can approve transactions on-the-go.
Confirm All Requests
Instruct employees to always confirm requests for money movement. To confirm requests, employees should use a channel different from the channel used to make the request. For example, an email request should be followed up with a telephone call to the requestor.
Control Publicly Available Information
Exercise restraint when publishing information regarding employee activities. Fraudsters will use this information to determine ideal time frames for committing fraud.
Monitor account activity
Regularly review your online activity for debits, credits, check orders, wires, ACH transactions and new payees and accounts that you don’t recognize. If you see unauthorized activity contact Legacy Bank immediately (877.210.3277) so we can disable online banking and stop any additional unauthorized activity.
Detect man-in-the-middle or
man-in-the-browser attacks
When you are in Online Banking if your screen freezes or an unexpected pop up box appears asking you for other types of personal information or prompts you to authenticate with a secure code when you are not conducting a transaction, please call us at 877.210.3277 and speak to Treasury Management Services so we can assist you in determining if what you are experiencing indicates that your machine may have been compromised. A man-in-the-middle attack is like eavesdropping. Data is sent from your computer to a website, and an attacker can get in-between these transmissions. They then set up tools programmed to “listen in” on transmissions, intercept data that is specifically targeted as valuable, and capture the data. Sometimes this data can be modified in the process of transmission to try to trick the end user to divulge sensitive information, such as log-in credentials. Once the user has fallen for the bait, the data is collected from the target, and the original data is then forwarded to the intended destination unaltered. Man-in-the-browser is a form of Internet threats related to man-in-the-middle, it infects a web browser by taking advantage of vulnerabilities to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application. These attacks may be countered by using out-of-band transaction verification.
Educate Employees
Ensure employees are aware that this type of fraud is a real threat. Educate employees on the proper process for initiating money transfers, and enforce this process with all requests. Coach executives to encourage verification of all wire transfer requests. Encourage executives to introduce themselves to the Accounts Payable team and let them know it is acceptable to question any payment request.
Investigate Bank Inquiries
Often this type of fraud will trigger alarms at your bank. When the bank contacts the business to confirm the authenticity of the wire, the company employees will confirm the wire as legitimate since it originated from an executive’s request. Thus, the wire transfer is processed even though the bank questioned its authenticity. Instruct employees to take additional steps to ensure a wire is accurate and legitimate if they are contacted by the bank regarding a wire’s validity.
DDOS (Distributed Denial of Service) Attacks
These attacks consist of flooding a website with millions of requests for information at once to create a “traffic jam” that temporarily disrupts legitimate users from accessing a website. In recent years, many businesses have faced online DDOS Attacks meant to delay or prevent customers from accessing their website resources. These attacks do not compromise the website security or banking systems, merely slow down or make the site inaccessible. Legacy Bank has processes in place to identify and block these types of attacks, but initially customers may experience slower-than-normal connections to Online Banking. If you are ever unable to connect to legacybankca.com or Online Banking during an attack, you may contact us for assistance at 877.210.3277.
Internet Fraud & Cyber Threat
Regardless of the ever changing threat environment that Banking is subject to, fraud remains a major threat, one that Legacy Bank takes seriously. On an almost daily basis, users of the Internet are warned about the latest hacking or infectious spyware incident perpetrated by criminals who are seeking to profit illegally by obtaining your financial information and/or identity. By arming yourself with the knowledge to protect your identity and ensure your Internet security, we can fight back against this crime. Remember, it is always best to be on the defense when it comes to protecting your financial security.
Wire Fraud is Growing Alarmingly
Wire Transfer Imposter Fraud is one of the costliest cybercrimes against corporations and small businesses. While this threat is real and growing, there are steps you can take to protect your business from these types of activities.
New Approaches to Wire Fraud
It has been called Imposter Fraud, Business Email Compromise, and CEO Fraud. It is a disturbing trend in fraud that has grown at epidemic rates since it was first identified by the FBI in 2013. Imposter Fraud scams use email and social engineering to pose as a senior manager in order to trick employees into sending "urgent" and "confidential" wire transfers directly to the fraudsters' accounts. This type of fraud can manifest itself in a variety of methods.
Email Account Takeover/Business Email Compromise (BEC)
The thief uses phishing or other means to install malware on an executive’s computer and gains access to the executive’s email account. Once they have this access, thieves will take time to understand the organization’s relationships and the ebb and flow of routine wire transfer requests. They search the email account for words like “invoice,” “deposit,” or “president” to learn about the processes at the business for wire transfers, money movement, and vendor relationships. Once they have learned the organization’s standard practices, they use the compromised email account to create a money transfer request. The fraudsters continually monitor the email account and reroute emails questioning the wire transfer. The real executive is unaware of the request email and any email responses from employees.
Look-Alike Domain
In this case, the fraudster will use publicly available information to learn about the organization’s executives and activities. They will typically send emails to executives in an effort to receive out-of-office replies. They attempt to understand when an executive will be unavailable or traveling. They create a domain that looks similar to the victim company domain. These are a few examples of the false domain names they typically create: they replace the letter l with the number 1 (example.com becomes examp1e.com); they drop the last letter of a domain (example. com becomes example.co); or they may add an extra letter to a domain name that is difficult to spot (progress.com becomes progresss.com). The thief uses the look-alike email address and, based on information they have gathered on the business, makes money movement requests of company employees.
Forged Vendor Invoice
Fraudsters may also target an organization’s vendor relationships. To forge a vendor invoice request, the fraudster may compromise an email address from the vendor, or from an individual within the organization’s finance department. The thief will attempt to obtain sample invoices and gain insight into the relationship between the vendor and the organization, including typical invoice and payment patterns. With that information in hand, the fraudster will either use a compromised email account or look-alike domain email account to submit an invoice with altered payment information. The invoice payment is routed to the fraudster’s account rather than the vendor.
Confidential and Urgent - Phishing
Thieves may also craft an elaborate story when sending a compromised or look-alike email. Often the story involves events that must be kept confidential such as an upcoming acquisition or large purchase. The requests are extremely urgent in nature requiring the target employee to act immediately. The combination of extreme urgency and high confidentiality persuades the employee to act quickly and secretively, sometimes conflicting with or bypassing company safeguards and practices. Do not respond to unsolicited emails asking for account or credit card information, usernames or passwords, Social Security Number date of birth or any other personal and financial information. (Legacy Bank will NEVER ask for personal information in this manner.)
Best Practices to Reduce the Risk of Imposter Fraud
Dual Control
Establish dual control for all money movement activities. Ensure that every funds transfer requires a transaction creator and separate approvers. Utilize online banking security features to set additional approval levels based on the dollar amount of the transaction. Set up online alerts to notify approvers when a money transfer request is awaiting approval. Utilize the approval feature within your bank’s mobile application to ensure that senior management can approve transactions on-the-go.
Confirm All Requests
Instruct employees to always confirm requests for money movement. To confirm requests, employees should use a channel different from the channel used to make the request. For example, an email request should be followed up with a telephone call to the requestor.
Control Publicly Available Information
Exercise restraint when publishing information regarding employee activities. Fraudsters will use this information to determine ideal time frames for committing fraud.
Monitor account activity
Regularly review your online activity for debits, credits, check orders, wires, ACH transactions and new payees and accounts that you don’t recognize. If you see unauthorized activity contact Legacy Bank immediately (877.210.3277) so we can disable online banking and stop any additional unauthorized activity.
Detect man-in-the-middle or
man-in-the-browser attacks
When you are in Online Banking if your screen freezes or an unexpected pop up box appears asking you for other types of personal information or prompts you to authenticate with a secure code when you are not conducting a transaction, please call us at 877.210.3277 and speak to Treasury Management Services so we can assist you in determining if what you are experiencing indicates that your machine may have been compromised. A man-in-the-middle attack is like eavesdropping. Data is sent from your computer to a website, and an attacker can get in-between these transmissions. They then set up tools programmed to “listen in” on transmissions, intercept data that is specifically targeted as valuable, and capture the data. Sometimes this data can be modified in the process of transmission to try to trick the end user to divulge sensitive information, such as log-in credentials. Once the user has fallen for the bait, the data is collected from the target, and the original data is then forwarded to the intended destination unaltered. Man-in-the-browser is a form of Internet threats related to man-in-the-middle, it infects a web browser by taking advantage of vulnerabilities to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application. These attacks may be countered by using out-of-band transaction verification.
Educate Employees
Ensure employees are aware that this type of fraud is a real threat. Educate employees on the proper process for initiating money transfers, and enforce this process with all requests. Coach executives to encourage verification of all wire transfer requests. Encourage executives to introduce themselves to the Accounts Payable team and let them know it is acceptable to question any payment request.
Investigate Bank Inquiries
Often this type of fraud will trigger alarms at your bank. When the bank contacts the business to confirm the authenticity of the wire, the company employees will confirm the wire as legitimate since it originated from an executive’s request. Thus, the wire transfer is processed even though the bank questioned its authenticity. Instruct employees to take additional steps to ensure a wire is accurate and legitimate if they are contacted by the bank regarding a wire’s validity.
DDOS (Distributed Denial of Service) Attacks
These attacks consist of flooding a website with millions of requests for information at once to create a “traffic jam” that temporarily disrupts legitimate users from accessing a website. In recent years, many businesses have faced online DDOS Attacks meant to delay or prevent customers from accessing their website resources. These attacks do not compromise the website security or banking systems, merely slow down or make the site inaccessible. Legacy Bank has processes in place to identify and block these types of attacks, but initially customers may experience slower-than-normal connections to Online Banking. If you are ever unable to connect to legacybankca.com or Online Banking during an attack, you may contact us for assistance at 877.210.3277.
Back to Top