Latest Fraud Alerts For Businesses

When it comes to protecting your business from fraud and cybercrime, it pays to know the latest threats. That’s why NBT Bank is committed to providing you with the most up-to-date information and alerts. Click the headings below to learn more about recent scams and tactics being used by cyber criminals.

Cybersecurity Awareness

Here at NBT Bank, we prioritize the safety of our customers by constantly enhancing our security measures and educating customers on how to #BeCyberSmart and remain #CyberAware. There are several steps you can take to make sure your information and your devices are always protected against cybercrime. We’re sharing three simple steps to help you Own IT. Secure IT. Protect IT. These tips encompass all necessary actions to protect your most valuable information. The focus to #BeCyberSmart is to be intentional with your online activity.

Own IT: Keep track of the information you’re sharing online and what rights those platforms have to it. Regularly maintain privacy settings and manage your information.

Secure IT: Establish unique passwords and keep them private. Set up multi-factor authentication when available and never write down your login credentials. Ensure that you’re the sole person that can login to your accounts.

Protect IT: Be cautious when you see an email that looks suspicious. Never click on links or attachments if an email seems unusual or you don’t know who it’s from. If you receive a suspicious email that claims to be from NBT Bank, notify us by emailing ReportFraud@nbtbank.com.

The effort to raise cybersecurity awareness doesn’t stop. We encourage you to explore the Fraud Information Center to learn more about how to prevent, protect, and report all suspicious banking activity. This information is updated on a regular basis.

If you think you might have been the victim of a scam or other form of cybercrime, contact our team right away by calling 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.

Payroll Scam

It’s a normal day in your business’s payroll department when an email comes in posing as an employee. The email asks to have payroll switched to a new account. The payroll is switched with no questions asked and everything seems OK. Fast forward two weeks when the direct deposit hits. The employee calls asking why their payroll deposit was never made. Turns out, they never requested a changed in their direct deposit, and the fraudsters have been paid instead.

To avoid falling victim to this scam like this, look for these red flags:

The email contains a sense of urgency, asking that the request be completed immediately.
The email is coming from an address that isn’t on file for the employee.
There are multiple grammatical errors and spelling mistakes throughout the email.
When speaking with the employee directly, they claim to never have requested this change.

In order to avoid being a victim, set up extra verification steps when employees request a change in their payroll. If your company requires a signed form, compare signatures with what you have on file. If you receive an email that seems suspicious, contact the employee directly via a known phone number.

At NBT Bank, we take steps to monitor and protect all our customer’s account. If you believe you’ve been the victim of this scam, contact your local branch or call 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.

NBT Bank Themed Phishing Emails

NBT Bank continues to receive reports of phishing emails targeting customers and non-customers containing suspicious links. Phishing is a fraud attempt where an individual is asked to click on links or attachments in an email or other type of message to gather personal information or cause damage to a computer or network.

How does it work?

In the latest phishing attempt, fraudsters are sending emails impersonating NBT Bank to advise you about a low balance on your account, updating your account information or there is unusual activity on the account. There is a link at the bottom that directs you to a fake website to input login credentials and personal information. The fraudsters take this information and immediately use it to take over your account and change the username and password so it’s not accessible.

What are the red flags?

The email says it is from NBT Bank, but the email address is not NBT Bank.
The email contains multiple typos and incorrect grammar.
The email asks you to click a link that does not take you to the company’s website.
The email requests personal information like your login credentials or social security number.
The email looks completely different from previous emails you’ve received from NBT Bank.

What can you do to prevent this from happening?

Never share your personal information online with someone you don’t know.
Do not click on any links or attachments in emails that you do not recognize.
Delete any suspicious emails that you received.
Hover your mouse over the link without clicking on it to see where it’s taking you. If it doesn’t match the sender of the email, don’t click!

Pictured is a sample of the fraudulent emails. Please be advised that even if body of the email is different or appears to be coming from a different sender, any similar emails could be a phishing attempt.

Example of Phishing Email

If you believe you have received a phishing email and shared your personal information, please call NBT Bank immediately at 1-800-NBT-BANK.

Business Email Compromise

Business Email Compromise and Spear Phishing: A Sharp Cost

NBT Bank has recently noticed an increase in a type of fraud referred to as Business Email Compromise (BEC). This occurs when fraudsters fool an employee into submitting a wire transfer by posing as a supplier, vendor, or business partner. In a new variation of BEC, fraudsters are using spear phishing attempts. Spear phishing refers to targeted emails going to a specific department or line of business. For example, the accounting and finance department or payroll.

The email contains a link to what looks like an encrypted file. When clicked, the user is prompted for their username and password on a fake login screen. With this information, fraudsters can sort through their emails for invoices, communications with banks, or other important financial information. They also use this information to make rules in the user’s inbox to automatically forward emails for real time information. Most recently, there has been an increase in attacks toward healthcare, professional services, higher education and real estate closing companies.

How to protect yourself:

Don’t click on links in suspicious emails. Clicking a link could compromise your account or your network.
Check to see if the request is consistent with how earlier wire payments have been made. Is your supplier asking you to wire funds to a new bank account or different location?
Look carefully for small changes in email addresses that mimic legitimate email addresses. Do not rely on the display name shown, and always look for differences between the domain (@yahoo vs. @gmail) or sender name (ABCSupplies@ vs. ABCSupply@).
Use an alternate method of communication to verify. If the request is an email, then call and speak to the person using a known phone number to get a verbal confirmation for the request.
Implement dual control approvals with your bank for wire transfer requests. If an employee submits a request for a wire transfer, have a different employee who is aware of BEC and is willing to ask the right questions and provide approval to your financial institution.
Spread the word. Coach your employees about this type of fraud and the warning signs.

If you have any questions, please contact NBT Bank Cash Management Support at 800-NBT-Bank (628-2265), option 8.

Ransomware: Not Going Away, Increasing in Frequency and Sophistication

Ransomware attacks continue to increase in frequency, and are becoming more sophisticated and targeted, meaning that an email containing an infected attachment can seem like it is coming from a trusted source such as a vendor or company. Malicious emails often no longer contain the typical indicators of phishing attempts, such as poor grammar and spelling, or "from" addresses which you do not recognize. It is extremely important to review all emails for content and purpose, and never open any attachments before verifying that the email is intended for you and is something which you were anticipating for a specific purpose.

What is Ransomware, and how does it happen to you? Ransomware attacks begin when an individual clicks on a malicious link or attachment in an email. Ransomware will then encrypt, or 'lock' all of the files on the user's computer, rendering the files unusable and inaccessible. After the files have been encrypted, the user will be prompted to pay a ransom to unlock their files.

Who is vulnerable? Ransomware attacks can be perpetrated against anyone, and caution must be practiced at all times.

How will you or your business be impacted?

If you fall victim to a Ransomware attack, the impact to individuals and businesses can reach far beyond removing the infection and recovering your files, and could also include:

Temporary or permanent loss of sensitive or proprietary information. Your personal or business files could be temporarily inaccessible or lost forever.
Disruption to regular operations. In the time it takes to respond to the attack, your computer files and the files on your network will be inaccessible, leaving your business inoperable or significantly impaired.
Financial loss. In order to fully respond to and recover from this threat, you may be required to invest significant resources in repairing and restoring your device or network, whether it be through the use of an internal or external IT Professional, or in extreme cases where a lack of preparation has left you with no other option to recover your files, paying the ransom.
Harm to an organization's reputation. Your business may suffer reputational harm when current customers or prospective clients learn that your business operations and their personal information have been affected by a Ransomware attack. Being prepared to appropriately prevent, detect, and respond to these events can help ensure a timely resumption of services and the protection of private customer information.

How to protect yourself: Prevent, Detect, Respond

Keep your anti-virus software active and up to date. Your anti-virus software is only as good as your last update.
Back up your files. Though creating a backup of your system will not prevent the execution of Ransomware, this preventative measure will allow for the recovery of data in an efficient and effective manner, without having to pay a ransom.
Be wary of suspicious or unsolicited emails, especially those which contain attachments or links.
Pay attention to anomalies when using your device, whether your computer seems to be running differently than usual, or if your computer is on a network of computers and seems to be communicating in a way in which it does not typically.
Educate yourself on Ransomware by reading this and similar alerts, such as the one released by the United States Department of Homeland Security (DHS) and the Canadian Cyber Incident Response Center (CCIRC), which can be found by typing the following link into your web browser: https://www.us-cert.gov/ncas/alerts/.
Paying the ransom is not recommended, and there is no guarantee the files will be decrypted upon paying the ransom. It is always recommended that victims work with an IT professional first before negotiating with the attackers.

For More information on Ransomware including an example of what a ransomware email might look like, please review our previous alert on Ransomware. It can be found by typing in the following web address into your browser:

https://www.nbtbank.com/Business/Customer-Support/Fraud-Information-Center/LatestFraudAlert/Ransomware

If you have any questions, please contact NBT Bank at 1-800-NBT-Bank (628-2265)