The FBI released this Fraud Alert back in April and the situation has only degraded since then. It has long been the case that viruses and trojans penetrate even advanced defenses with ease. When an accountant at a small businesses logs into the online banking system the username and password are compromised. Frequently even challenge questions ("What is your mother's maiden name?") can be recorded. The attacker then uses this information to move as much as $100k to an overseas account.
Unlike with credit cards the business bears 100% of the liability. Banks have been sued repeatedly with businesses charging inadequate security. Usually the businesses have lost.
What can you do?
- Purchase a Cyber Crime insurance policy that specifically covers this attack
- Access your banking website from a computer off the network (GCS can help with this setup)
- Implement Positive Pay so that only pre-approved transactions can be processed (call your bank about this)
No comments, yet. You could be first!