October 29, 2013 10:41
If your organization uses cloud-based file sharing designed specifically for business use with strong safeguards (e.g. end-to-end encryption), you can skip this article. If your employees are using a consumer focused file-sharing solution, the following four steps might be an interesting little wake-up call.
- Investigate, identify and fix: Murphy's law in security states that if it can be breached, it will be breached, and it will continue to be compromised until it is truly fixed. Worse yet, this process tends to uncover additional security gaps, which will require additional resources. During this step, someone will have to document the incident in great detail: who discovered the breach, when did it happen, how much data was compromised and what type of data was it? This will require several lengthy interviews and weeks of investigation. Got time for that?
- Inform internal authorities: Your organization will need to hold several meetings with the internal stakeholders directly affected by the breach. This includes accounting, HR, IT (i.e. you) and the entire upper management team - not a very valuable use of anyone's time.
- Inform the external authorities: When your data has been stolen or compromised, you will need to also alert various levels of law enforcement (FBI, secret service, etc.) as well as your legal counsel. If your organization has a PR/crisis management team, this is their time to shine.
- Inform the end users: Sorry, but if data was compromised, it is best that the employees hear it from their own organization first instead of reading about it on the Internet. Aside from the written communications, your helpdesk is going to be swamped with questions about the data breach so they need to ramp up for heavy traffic.
Depending on your industry, your data breach checklist (by the way, do you have one?) will vary in terms of exact tasks, but the following is pretty much universal: You have got to find it and you've got to fix it - and you've got to let a number of parties know all the messy details. I would recommend using an external Incident Response company that knows what they are doing. The rules of evidence in cyber crime forensics are easy to break and that gets you further in the soup.
The real point here is that data breaches redirect valuable resources away from production time and easily cost hundreds of thousands of dollars. So if you've tried everything and still can't convince upper management to block all consumer file sharing sites in your firewall rules, maybe this short checklist will do the trick.
With grateful acknowledgement to, and adapted from:
Note: links to third party web sites are provided for your convenience only. Bank of Ann Arbor does not control those sites or their content.
October 29, 2013 9:19
New regulations affecting international money transfers go into effect this month (October 2013). The Consumer Financial Protection Bureau (CFPB) is helping to educate the public on the protections and changes the new regulations will bring. If you send money abroad, you need to read this information. Of course, you can always talk with your friendly Bank of Ann Arbor team member too.
October 16, 2013 1:39
This week, cybercriminals are using a well-known social engineering trick to try to make employees click on fake invoices to distribute a piece of malware. This is especially risky as they are trying to reach employees in the finance department, who either might open the attachment or get it forwarded by a co-worker that is not sure what this is and sends it to Accounting.
The emails are entitled “Invoice #3404196 – Remit File” and they read something like this: “The following is issued on behalf of the Hong Kong Monetary Authority. Attached is the invoice (Invoice_3604196 (dot).zip received from your bank. Please print this label and fill in the requested information."
If anyone in your organization opens the attachment, a malware dropper may get downloaded, which in turn will pull down a large amount of malware that allows the bad guys to take over the whole machine: STOP - LOOK - THINK before you click and be safe out there.
September 10, 2013 3:20
This one is crafty. There is a fake CNN spam being sent with a subject that reads: "The United States began bombing!" in Syria, but clicking on it will likely result in the workstation being infected with malware.
The spam message is allegedly from the real CNN journalist Casey Wian, and some of the emails even have a picture with black smoke over a street scene. The email has a two-sentence lead, and then there is a link for a "Full Story" that triggers a Trojan downloader and other malware, as per Kaspersky Labs. The bad guys are trying to exploit older versions of Adobe Reader and Java.
Please be aware so that you do not fall for a classic social engineering trick like this. If the U.S. actually does start a police action in Syria, there will be many more of these phishing attacks.
August 12, 2013 10:51
There are counterfeit checks in the amount of $822.15 circulating as part of a AWARD CLAIM NOTIFICATION scam. You receive notification that you've won $8,221.50 a drawing or lottery; however, you have to pay $500 in tax. Ah, but lucky you, a check in the amount of $822.15 is sent along to pay the $500 tax. The notification arrives by UPS or Fed Ex to make it appear legitimate. So you send a check for $500 to pay the taxes to get your lump sum payment. Problem is the $822.15 check is a counterfeit and will not be honored. You're out $500 and the scammers now have your account information on your check.
Don't fall victim to this scam. When in doubt, don't send money or provide information to businesses or individuals you have not contacted first. Be smart and safe.
July 16, 2013 2:03
There is a new racket going on working its way around with two very different variations to be aware of.
First, there is a growing number of websites that scrape existing, real mugshots out of public databases and contact these people. People who have been arrested in the past are blackmailed to pay, sometimes hundreds of dollars, to remove their mugs from general search engines because they feel embarrassed or threatened that their friends and/or employers will find out. Sites like this are being sued for extortion in a lawsuit testing the bounds of the First Amendment, but in the meantime there are victims that scammers are making thousands of dollars off of.
The second scam is even more evil, and it's a heads-up of social engineering scams people can expect in their inbox. In this attack, people that weren't arrested in the first place are being targeted with an email that claims their mugshot is easy to find on the Internet and if they want to see this embarrassing picture, "Click Here Now". The link leads them to a legit site that has been compromised and infects their PC with a drive-by attack, laying down a trojan virus on the person's hard disk making the PC a zombie. This is a textbook example of social engineering using the "prevent a negative consequence" trick.
Bank of Ann Arbor's security team reminds you to please "Think Before You Click" and delete emails that mention mugshots of anyone; themselves, friends, family or co-workers.
May 9, 2013 2:54
This article from NetworkWorld.com highlights 9 classic but clever ways we should all be alert to. We urge you to remind friends, family members and coworkers to not fall for these scams.
Note: links to third party sites are provided for your convenience only. Bank of Ann Arbor does not control their content.
February 27, 2013 9:38
This week, it's IT administrators that are specifically targeted with a phishing attack. The bad guys know very well that the most powerful weapons are administrator's credentials, as those really are the keys to the kingdom. So, what they are using is the instantly famous report that Mandiant wrote about the Chinese military hacking into 141 mostly U.S. businesses. An infected PDF version of the original report, titled "APT1: Exposing One of China's Cyber Espionage Units, is now being used as spear phishing bait to get IT people to open it up using two fake names: Mandiant.pdf and Mandiant_APT2_Report.pdf The infected document leverages a just-patched hole in Adobe Reader and was first spotted in Asia. Keep your eyes peeled for it hitting your own inbox. In the meantime, the actual report is fascinating reading, and you can find it here at the Mandiant website: http://intelreport.mandiant.com/.
Source: Cyberheist News, www.knowbe4.com
Note: links to third party sites are provided for your convenience. Bank of Ann Arbor does not control their content.
February 9, 2013 1:08
Bank of Ann Arbor is aware of a text message phishing scam that may lead you to believe your Debit/ATM card has been deactivated. Please know that we do not send unsolicited text message alerts. The most recent phishing scam is tricky in that it requests you to call a phone number to activate your card and the phone number noted has a 734 exchange leading you to believe it is local. If you believe you are a victim of this scam, in that you have called the number and entered your card information please call 1-800-528-2273 and request that your card be cancelled.
February 7, 2013 10:32
Be wary of those who come bearing gifts. The most recent credit card scam works like this:
A phone call from someone who says that he is from some outfit called: "Express Couriers" asking if someone was going to be home because there is a package, and the caller says that the delivery would arrive at your home in roughly an hour. And sure enough, about an hour later, a delivery man turns up with a beautiful basket of flowers and wine. What a surprise for you (especially if there is no special occasion or holiday), and no-one certainly expects anything like that! Intrigued you ask who the sender is. The deliveryman's reply was, he is only delivering the gift package, but allegedly a card is being sent separately; (the card never arrives). There is also an official looking ‘consignment’ note with the gift. He now goes on to explain that because the gift contains alcohol, there is a $3.50 ‘delivery charge’ as proof that he had actually delivered the package to an adult, and not just left it on the doorstep to just be stolen or taken by anyone. Sounds logical doesn’t it? You offer to pay cash but he tells you that the company requires the payment to be by credit or debit card only, so that no ‘cash’ is exchanged and everything is properly accounted for. You take out your (or your husbands) credit/debit card and the "delivery man" asks you to swipe the card on the small mobile card machine which has a small screen and keypad where you now enter the card's PIN and security number. A receipt is printed out and given to you.
Next week you will find that money has been charged/withdrawn from your credit/debit account at various ATM machines all over the country. It appears that the "mobile credit card machine" which the deliveryman carried now has all the info necessary to create a "dummy" card with all your card details, after you have swiped the card and entered the requested PIN and security number.
Please be aware of this most recent scam and share this information with your family, friends, and neighbors. Any suspect description or suspect vehicle information should be reported to your local police agency.