To your advantage

EFP Rotenberg is an independent member of BDO Seidman Alliance, connecting us to 37 BDO offices and more than 300 independent Alliance firm locations nationwide. BDO United States is a member firm of BDO International which maintains more than 1,000 offices in over 100 countries. Read more about our professional affiliations.

Cyber Crimewave

BY GINA BLISS, CPA, CFE

Do you remember that movie “Catch Me If You Can”? I loved that movie, probably because I’m a fraud geek. It was based on the true story of Frank W. Abagnale who was a very successful con artist before the age of 21. He was the charming bad guy. The good guy was an FBI agent who pursued Abagnale for years. He was less likeable. I found myself rooting for Abagnale, a brilliant forger and master of check fraud.

None of Abagnale’s check fraud methods would work as well today, partly because Abagnale worked for the FBI later in life, after he was caught and did some jail time. He helped the FBI and the banking industry make changes to prevent check fraud.

Today’s fraudsters have moved on to cybercrime. Fraudsters adapt to new technology faster than consumers. Online banking fraud continues to increase as more individuals and businesses do their banking online. No one wants to stand in line at the bank anymore.

Last year cybercriminals from Eastern Europe were stealing from school districts. Recently I’ve noticed stories of small businesses that have their bank accounts cleaned out online. Most of these cases were also attributed to online crime groups in Eastern Europe. These sophisticated hackers can drain an account in one day in a series of small transactions designed to skirt any bank warning system that would flag unusual transactions.

Small businesses are attractive targets. They often use smaller regional banks. Both the business and the bank have fewer resources to stop cyber attacks than larger entities would have. Consumers have some legal protection from identity fraud that businesses don’t have. It’s a big risk for small businesses.

How does cyber bank fraud occur? It’s essentially a hit and run. It’s not identity theft where a criminal assumes an identity to take over a credit history and run up debt. Instead money is taken from one victim, and then another and another. The cyber criminal is continually moving on to the next victim. The criminal is physically located anywhere on the globe and could be in a country that won’t cooperate with U.S. authorities.

The two most common methods of cyberfraud are keylogging and phishing. Both are done by putting viruses on the victim’s computer. The goal of both methods is to capture login credentials for the victim’s bank account.

Keylogging records actual keystrokes and mouse clicks to get the user password, account number, social security number and anything else that’s typed. Phishing is where fraudsters request personal information from victims online. The request looks like an official email from a legitimate organization. Malware is installed on the computer that allows fraudsters to access banking logins and passwords.

Here is a list of the simplest steps to take to protect your bank accounts:

· Install and update antivirus software.

· Beware of accessing account information from an unsecured network.

· Watch for changes to login pages where you enter credentials. Your bank will let you know in advance if there will be changes. If concerned, call the bank first.

· Change your passwords often, at least every six months.

· Don’t use the same ID and PIN/Password for all your online accounts.

· Do not keep your login information in place where others can access it. It is best not to write it down at all.

· Never click on a link from a business requesting your personal information. No reputable business will ever email such a request.

· Look at the internet address behind the link. If you hover the curser over the link it will often have nothing to do with the business it claims to be.

For small businesses:

· Ask for dual controls on your account so that two people are involved with every transaction.

· Establish a daily limit for transactions out of the account.

· Use confirming calls or texts so the transaction is not strictly online.

· Restrict the addition of new payees.

· Check bank balances at the end of every day instead of the beginning so you can contact your bank the same day if there’s a problem. Transfers in the ACH system often occur the following morning and you may be able to halt a fraudulent transaction.

The best protection I’ve heard for these frauds is to only access your bank account with a computer that is not used for anything else. It’s not connected to the local network or used for email or Web browsing.

Fraud has evolved and the fight against it evolves too. The FBI now has a Cyber Investigations unit. Be sure to contact them if you’re a victim. The best way to reach them is online.

Gina Bliss, CPA, CFE, is a senior manager at EFP Rotenberg, LLP, Certified Public Accountants and Business Consultants, who specializes in internal audit, fraud audit, and forensic accounting. She may be reached at (585)295-0536 or by e-mail at gblissefprotenberg [dot] com

Career opportunities

Fluent, flexible and friendly

what counts

Trends

What to know, what to do

International business

Professional affiliations

To your advantage

Not just partners.

Working partners

Ready to get started?

Public Company Practice

Health Care Consulting

Tax Practice

Business Valuation

Specialty Auditing, Fraud & Forensics

Expertise for businesses

Helping not-for-profits do well as they do good

Experience in your industry

For attorneys and bankers, a professional partner

Get smart with What Counts Today e-newsletter

What’s new at EFP Rotenberg

Cyber Crimewave