FBI Alert of Business Email Compromises
A method of conducting fraudulent transactions is emerging, where criminals gain control of a banker's or business owner's email account, assume the identity of the individual and convince other employees to initiate transactions.
These schemes may look legitimate and are increasingly difficult to detect. This webinar explores the process of business email compromise and corporate account takeover.
Cybercriminals continue to advance their techniques to compromise financial institutions and their customers. Sometimes their innovative ideas leverage advanced types of malicious software and other times engage simple schemes. The FBI has recently published information on an emerging method of conducting fraudulent transactions, where criminals gain control of a banker’s or business owner’s email account. This could be access to their Gmail or Microsoft 365 and even internally hosted systems. The goal is to assume the identity of an individual, through an email account, and convince other employees of an institution that a new transaction needs to be initiated. Usually a situation is created, regarding a new business venture, acquisition, purchase of equipment, or a current situation learned from the compromised email; and then used by the cybercriminal against other employees.
When these schemes affect a business customer account, it makes them increasingly more difficult to detect. Assume that the email account of the CEO at a small business is compromised, then used to request a wire from the controller to a new business partner. When the wire request is submitted to the bank, you might see it as suspicious, but when doing the callback to the controller, they will approve it as they genuinely believe it to be a legitimate wire requested by the CEO.
During our discussion we will explore the process of Business Email Compromise (BEC), example fraud scenarios, and general information on Corporate Account Takeover. Areas of focus will include:
- FBI and IC3 Alert Notice
- Suggested controls changes to address issues
- Money mule process
- Remote access Trojans
- Application of FFIEC Internet Banking Guidance
- Introduction to CBSB Guidance
- Commercial account risk assessment
- Educational approach to BEC
- Effects of BEC on financial institutions
This course is ideal for information security officers, security officers, and risk managers who are working to improve compliance and risk management strategies at the bank. Customer service, loan officers, wire and ACH personnel, and employees will also gain a great understanding of critical issues affecting your business customers and the bank.
Chad Knutson, CISSP, CISA, CRISC, is the co-founder of Secure Banking Solutions (SBS) where he serves as a senior information security consultant and VP of research and development. He is currently the vice president of the SBS Institute. SBS works with more than 500 banks around the country on information security services.
Institute of Certified Bankers: Visit http://www.icbmembers.org/login.aspx for instructions regarding self-reporting. Estimated credits: 2 hours/session
Member price: $275.00 | Non member price $550.00
Member price: $295.00 | Non member price $560.00
Online: Visit the CBA Webinar Catalog
Mail: Click here and mail completed form with check payable to ConferenceEdge to: (Mail at least 10 days prior to event)
1516 Xavier St., Ste 500, Denver, CO 80204
Phone: Call ConferenceEdge at (877) 988-7526 (credit card payments only)
- Preferred Payment Method: Online
- Please register online or by phone when paying with a credit card
- Payment Must Accompany Registration – Invoices are Not Provided
Register online up to day of event. Earlier registration allows time to check your computer for an optimal experience.