Cybersecurity – Tips for Staying Safe OnlineEagle Bank|August 18, 2021
Cybersecurity Tips – August 2021
Over the next few months, Eagle Bank will be posting to this website, information to help you safeguard your email from being compromised. Although our initial focus will be on Business emails, individuals can also find these tips helpful. Next month’s posting will focus on Operational Controls and Training.
- What is Business Email Compromise? “Business Email Compromise” (BEC) is a sophisticated scam which targets both businesses and individuals performing wire transfer payments or other means of electronic fund transfers.
- Business Email Compromise “Red Flags –
- An urgent email requesting that a wire transfer be sent immediately.
- The email domain name is very similar to the legitimate domain.
- The content of the email reflects a transaction:
- Instructs direct payment to a known beneficiary; however, the beneficiary’s account information is different from what was previously used.
- Seems legitimate, but contains different language, timing, and amounts than previously verified and authentic transaction instructions
- Originates from an email account closely resembling a known customer’s email account; however, the email address has been slightly altered by add, changing, or deleting one or more characters.
- The email contains incorrect grammar and/or syntax.
- Directs payment to a beneficiary with which the customer has no payment history or documented business relationship, and the payment is in an amount similar to or in excess of payments sent to beneficiaries who the customer has historically paid.
- Requests for additional payments immediately following a successful payment to an account not previously used by the customer to pay its suppliers/vendors.
- Position of the Sender
- An observable change in email traffic deleted or missing emails.
- Technical Solutions to protect your emails –
- Use Multi-factor Authentication.
- Use Behavior analytics.
- Notes normal conduct of users to detect any anomalies or instances where usage may vary to further analyze for a potential issue.
- Use encrypted email.
- Utilize Anti-Phishing solutions:
- Allow trusted entities, applications, & websites to function within your network and block others those you don’t trust.
- Use an email authentication policy and reporting protocol -Domain-based Message Authentication, Reporting & Conformance (DMARC)
- Information sharing – Monitor email settings for unauthorized auto-forwarding rules or filter settings.
- Prohibit automatic forwarding of email to external email addresses.