1.11.18- SPOKES Notes
SPOKES Notes written by Paul Arnold
Four new members were inducted into the club:
Terry (TJ) Cappon – Account Executive, Lighthouse Insurance Group, James Gill – President/CEO, Gerald R. Ford International Airport, Jennifer Deamud – COO/Associate State Director, Michigan Small Business Development Center, and Latchezara (Zara) Smith – Strategic Programs Manager, Michigan Small Business Development Center.
Rotarian Paul Farr introduced Sean Welsh, President of PNC bank. Sean explained that since the bank processes millions of transactions every day and that accuracy must be down to the penny, security of the data is of prime importance. He introduced James Goble, the banks, Cyber Detection Manager. James explained that Cyber fraud is personal and cited a couple of expensive cases. Even very smart people can fall victim. The amount of money stolen by E-mail fraud schemes will grow from $3 Billion in 2015 to $6 Billion in 2021.
James explained that fraudsters look for the highest return for the lowest risk and the easiest route now is exploiting human error in e-mail transactions. Robbing a bank at gunpoint is high risk/low return. Injecting malware into the banks server takes a lot of overhead and expertise. The most common type of e-mail scam is when the fraudster poses as a legitimate employee or vendor and has the payer direct payments into a fake account. Often, it is made to appear as though a high ranking officer of the company is making the request. The request is usually urgent, needing a wire transfer and involving a large sum. The fraudster may do a bit of research to find the names of legitimate people and the request will seem perfectly reasonable. Lawyers, title companies, real estate firms, hospitals, universities, and government entities are often impersonated using spoofed e-mail headers. The money is often transfers through 7-8 different accounts to make it hard to trace.
Key indicators of fraud are:
1. Change in payment instructions
2. “Critical” payment
4. Asking for secrecy in the transaction 5. Asking to communicate by e-mail only 6. Looking for immediate confirmation 7. Refund of an overpayment (before the check has cleared)
The solution to this kind of fraud is to pay attention, learn to recognize phishing attempts, dual approval of payments, and to verify by phone any change in payment instructions. It is also important to support technological initiatives in your company to prevent fraud, keep payment processes closely guarded and to generally be vigilant.
Q & A
A Life-Lock type program may be helpful but most of the big money is targeting companies.
It depends on the company if individuals within the company are held personally liable if fraud is committed on their watch.
There are State actors involved in this activity—notably Russia and Nigeria.
Password keeper programs may or may not be helpful. James prefers to use a notebook on his desk.
Law Enforcement, particularly the FBI with international transaction, can be useful in tracking fraudulent activity.
Consumer protection are in place for most personal on-line banking but there is not much protection for companies Since a bank’s reputation is at stake, they will do everything possible to weed out internal fraud and system weaknesses Putting a thumb drive into a banks computer raises all kinds of red flags