Important Service Disruption:
When it comes to protecting your business from fraud and cybercrime, it pays to know the latest threats. That’s why NBT Bank is committed to providing you with the most up-to-date information and alerts. Click the headings below to learn more about recent scams and tactics being used by cyber criminals.
Phone scams, Business Email Compromise, and Check Fraud are common ‘vectors of choice’ for fraudsters, and these scams are now being used to take advantage of business customers during the COVID-19 Pandemic. These scams are dubbed coronavirus scams or ‘Small Business Administration (SBA) loan scams.’ These scams target victims, often those who received SBA Payroll Protection Program (PPP) Loans, with scammers seeking to obtain personal identifiable information (often called PII). Once they have your PII, they may attempt to access your bank account or other related cyber threats.
It is important to never give out any personal information about your financial accounts or loans to anyone other than your trusted banker.
Please note that NBT Bank has not contracted with any third parties to reach out to individuals or businesses to collect information regarding stimulus payments, SBA PPP Loan Forgiveness or the SBA’s Economic Injury Disaster Loan Program.
Examples of SBA loan scams may include:
These scenarios may be attempts to obtain your private information or that of your business for nefarious purposes. If you have provided any personal or financial information please contact NBT Bank at 1-800-NBT-BANK or at [email protected].
If you suspect an email is associated with a fraud scam targeting the SBA, report it to the Office of Inspector General’s Hotline at 800-767-0385 or online at https://www.sba.gov/COVIDfraudalert.
Recently there has been an increase in fraudulent attempts where imposters are filing for unemployment benefits using the names and personal information of people who have not filed claims.
All 50 states are reporting an increase in fraudulent unemployment benefit attempts. Threat actors are using stolen credentials to apply for benefits in someone’s name. Victim’s typically have no idea the scam is happening until they receive a notice in the mail from the state unemployment office alerting them of the claim or in some cases a debit card is received in the mail.
Fraudsters are gathering pieces of information on the dark web from numerous data breaches that have occurred over the years. Most states only require a social security number and a date of birth to start an unemployment claim. More than 4,500 data breaches have been made public since 2015. A total of over 816 million individual records have been breached. This information can be sold and used to try and steal identities.
If you are alerted your information was used for a fraudulent claim, follow these simple steps:
a. Note: You may not be able to speak to a live representative due to the influx of calls, but it is still important to notify them via their website or an automated hotline. The full list of agencies in NBT Bank’s footprint are located below.
Join us in celebrating National Cybersecurity Awareness Month and help promote safe online practices! Here at NBT Bank, we prioritize the safety of our customers by constantly enhancing our security measures and educating customers on how to #BeCyberSmart.
This month, we’ve joined the National Cyber Security Alliance (NCSA) and the Cyber Security and Infrastructure Agency (CISA) in their campaign to “Do Your Part.” These three simple tips encompass all necessary actions to fight against cybercrime. The focus to “Do Your Part. #BeCyberSmart” is to be intentional with your online activity.
Each week we'll be diving deeper into these topics:
If you connect it, protect it: The line between our online and offline lives is increasingly becoming blurred. Keep track of the information you’re sharing online and what rights those platforms have to it. Regularly maintain privacy settings and manage your information.
Securing devices at home & work: Now more than ever, we must protect the devices we have connected for personal and professional use. Establish unique passwords and keep them private. Set up multi-factor authentication when available and never write down your login credentials. Ensure that you’re the sole person that can login to your accounts.
The future of connected devices: With technology consistently changing and evolving, future technological improvements will affect the security of our devices. No matter what change is to come, every user needs to be prepared to #BeCyberSmart. Staying informed on the changes will help you to be prepared for any threats that may come to your personal information.
October may be dedicated to raising cyber security awareness, but the effort does not stop there. We encourage you to explore the Fraud Information Center to learn more about how to prevent, protect, and report all suspicious banking activity. This information is updated on a regular basis. Throughout the month you can also join us on Instagram, Facebook, and LinkedIn as we share information about this topic. If you believe you are a victim of fraud, notify us by emailing [email protected].
The Office of Inspector General recognizes that we are facing unprecedented times and is alerting the public about potential fraud schemes related to economic stimulus programs offered by the U.S. Small Business Administration (SBA) in response to the Novel Coronavirus Pandemic (COVID-19). The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), the largest financial assistance bill to date, includes provisions to help small businesses. Fraudsters have already begun targeting small business owners during these economically difficult times. Be on the lookout for grant fraud, loan fraud, and phishing.
Individuals may receive fraudulent attempts through email asking them to click on links or attachments to complete an application for the program. Do not click on any links or attachments from unknown senders or unexpected correspondence.
Some emails may appear to come from a legitimate domain, so it is important to verify the validity of any requests asking for information. It is important to remember that any requests for US Cares Paycheck Protection Program will come directly from your financial institution. Disbursements will also only come from your bank.
See sample phishing email below:
For more information and to report fraud attempts from the SBA please visit their website.
Please contact NBT Bank if you have provided any personal or financial information at 1-800-NBT-BANK or at [email protected].
In this modern age of the “Internet-of-Everything,” the world has never experienced a pandemic like COVID-19. As we are collectively distracted by the global health crisis, cybercriminals are exploiting the situation in many ways. They prey on fear and urgency. They thrive in the chaos created by disruption to our work force. Please use the below information to better educate and protect yourself. NBT Bank is here to help! Please check our website for updates and reach out to us with any fraud/cybersecurity concerns through our email [email protected].
Fear and Urgency – Cybercriminals are preying on your fear and urgent need for news and supplies related to COVID-19. Attacks are frequently initiated through social engineering (phishing/spear phishing) and could lead to credential theft, financial fraud, ransomware and more.
Increased Attack Surface – Government and employers are pushing employees to temporarily work remotely – outside of the fortress walls so to speak – creating opportunities to exploit people and resources like never before.
Fake Domains – A significant spike in newly registered COVID-19-related domains has been observed. These domains are used to lure visitors to malware-infected sites or to further perpetrate social engineering tactics.
Phishing Attacks – A significant spike in COVID-19-themed phishing attacks has been observed and these attacks exploits the fearful mindset of recipients. Supply shortages (e.g. hand sanitizer, masks, etc.) foster a sense of urgency and create opportunities for threat actors to “meet the demand” by selling supplies. In reality, they take your money and don’t deliver.
Use of Familiar Brands/Trademarks - Social engineering tactics focused on gaining trust by leveraging brands such as the US Centers for Disease Control (CD) and the World Health Organization (WHO), as well as country-specific agencies and businesses such as FedEx and major airlines are being used to similarly trick unsuspecting and fearful recipients.
Sophisticated Attackers - Nation-state attackers – Advanced Persistent Threats from China, North Korea, Russia and elsewhere - have been associated with a handful of cases that reference COVID-19. Such attackers have better skills and resources and their goal is often to silently infiltrate an organization, where they meticulously gather information, move laterally through the network in search of privileged accounts and sensitive information prior to executing a variety of attacks.
Malware – The use of fake domains, social engineering and familiar brands is ultimately designed to get something valuable from you. Often, these techniques are also used to deliver malicious software, or malware, that facilitate the theft of information or fraud.
Social distancing recommendations to combat the spread of COVID-19 are sending America’s workforce home in droves. Below is a summary of the potential issues that companies will have to consider:
Sensitive Information – Inside the corporation there are typically more controls in place to protect and monitor sensitive information such as intellectual property and trade secrets. While executives, managers and certain team members may have remote access privileges, it is likely that not everyone does. With the rapid expansion of the remote workforce companies will grapple with how to keep their critical information secure while expanding their footprint beyond the traditional perimeter defenses.
Strain on IT Staff – IT teams are already short staffed and overburdened and now the prospect of having to send the workforce home – with connectivity to the office – may be overwhelming. Mistakes or oversights, particularly with respect to security, will increase.
VPN Security – VPNs are devices or software that encrypts your computer’s connection to the corporate office and they are essential to data security. Unfortunately, the patch window for VPNs (the time between discovery of a vulnerability and the time it is fixed by the company) is historically long, leaving the vulnerability exposed to exploitation. Further, employees typically access other corporate resources, such as email (e.g. Office 365) and other online portals without utilizing a VPN from home and insecure public networks.
Unmanaged Devices – The remote employee may utilize a company-issued computer on a home network with dozens of other Internet-connected devices, including vulnerable Smart TVs. Unless the employee is technically savvy and cyber-aware, the patch window on personal computers is probably longer than desired. These unmanaged systems may be running outdated antivirus or none at all.
Lack of Monitoring – Companies typically have no visibility into an employee’s home network and may have no process in place for monitoring VPN connections or what the employee is doing while connected remotely to the company network. Further, most companies have little to no visibility into what the employee does with sensitive information that has been removed from the company’s internal network.
Insecure Wi-Fi – Home Wi-Fi if is often a “set-and-forget” service. Typically, home wi-fi broadcasts the network name (SSID) with descriptive information about the router and may be secured with a weak or default password – which are available online.
Skeleton Office Crews – Vacant homes with unlocked doors are invitations to burglars. An empty office without monitoring of critical systems and data is no different.
The advice below is not novel in the cybersecurity space, but it deserves renewed focus as we all brace for the impact of increased cyber-attacks related to COVID-19:
Avoid Being A Victim of Social Engineering In the Office Or At Home
NBT Bank is here to help! Please check our website for updates and reach out to us with any fraud/cybersecurity concerns through our email [email protected].
NBT would like to take this time to warn our customers to remain vigilant on an increase in scams related to the Coronavirus Disease (COVID-19). Scams could come in a variety of forms including phishing emails with malicious links or attachments to try and trick victims into revealing sensitive information. This could also come in the form of donations to fake charities. Always exercise your due diligence when opening any email related to COVID-19 and be wary of social media ads, texts or calls.
Some important tips you need to know:
If you have questions about this scam or think you might be a victim, call NBT Bank customer service at 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.
NBT Bank has recently noticed an increase in a type of fraud referred to as “Business Email Compromise or BEC”, and the way in which fraudsters are targeting businesses continues to change. Most often there is an attempt to get funds out the door via wire or ACH although other channels such as check could also be attempted.
Business Email Compromise (BEC) scams happen when an email account is compromised or spoofed, and an employee is convinced to wire money to a fraudster. The fraudster is able to fool an employee into submitting a wire transfer by posing as a supplier, vendor, co-worker, or business partner, and the email request may look like it is coming directly from your supplier, or may be part of an email chain you have had with your legitimate supplier in the past. When submitted, the transaction appears to be completely legitimate to the company's financial institution, and confirmation calls or other methods of verification may not be effective if verification is being made to the employee who submitted the request, as this employee believes they have been communicating with an established supplier or sales representative.
Always verify a request with a phone call to the individual who is sending it to you at a known number. Trust your gut! If something feels off about the communication; email signatures, grammar, spelling errors, request coming from someone who normally wouldn’t request this, etc. Don’t send any money without verifying.
How to protect yourself:
If you have any questions, please contact NBT Bank Cash Management Support at 1-800-NBT-Bank (628-2265), option 8.
The Federal Bureau of Investigation (FBI), Cybersecurity & Infrastructure Security Agency (CISA), and Health and Human Services (HHS) have released information detailing the rise of ransomware attacks. Common ransomware attacks have continuously been updated to become more effective.
These ransomware attacks have increased “the ease, speed, and profitability of victimization.” The FBI has found that ransomware attacks have increased for all industries. However, there is an even more dramatic increase in hospitals and the healthcare provider industry.
It is recommended all businesses have an updated incident response plan in place to help ensure that the proper steps are taken if your company falls victim to a cyber-attack. Additionally, you can maintain an incident response retainer with a reliable cyber security company.
The CISA, FBI and HHS does not recommend paying ransoms. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.
It is important to continue to perform social engineering testing and training. Employees are the weakest link in terms of cyber security. It takes one person to click on a malicious link and download ransomware to your organization. Through continuous social engineering testing and training, the risk of human vulnerability can be reduced.
NBT Bank has recently noticed an increase in a type of fraud referred to as Business Email Compromise (BEC). This occurs when fraudsters fool an employee into submitting a wire transfer by posing as a supplier, vendor, or business partner. In a new variation of BEC, fraudsters are using spear phishing attempts. Spear phishing refers to targeted emails going to a specific department or line of business. For example, the accounting and finance department or payroll.
The email contains a link to what looks like an encrypted file. When clicked, the user is prompted for their username and password on a fake login screen. With this information, fraudsters can sort through their emails for invoices, communications with banks, or other important financial information. They also use this information to make rules in the user’s inbox to automatically forward emails for real time information. Most recently, there has been an increase in attacks toward healthcare, professional services, higher education and real estate closing companies.
If you have any questions, please contact NBT Bank Cash Management Support at 800-NBT-Bank (628-2265), option 8.
Ransomware attacks continue to increase in frequency, and are becoming more sophisticated and targeted, meaning that an email containing an infected attachment can seem like it is coming from a trusted source such as a vendor or company. Malicious emails often no longer contain the typical indicators of phishing attempts, such as poor grammar and spelling, or "from" addresses which you do not recognize. It is extremely important to review all emails for content and purpose, and never open any attachments before verifying that the email is intended for you and is something which you were anticipating for a specific purpose.
What is Ransomware, and how does it happen to you? Ransomware attacks begin when an individual clicks on a malicious link or attachment in an email. Ransomware will then encrypt, or 'lock' all of the files on the user's computer, rendering the files unusable and inaccessible. After the files have been encrypted, the user will be prompted to pay a ransom to unlock their files.
Who is vulnerable? Ransomware attacks can be perpetrated against anyone, and caution must be practiced at all times.
How will you or your business be impacted?
If you fall victim to a Ransomware attack, the impact to individuals and businesses can reach far beyond removing the infection and recovering your files, and could also include:
How to protect yourself: Prevent, Detect, Respond
For More information on Ransomware including an example of what a ransomware email might look like, please review our previous alert on Ransomware. It can be found by typing in the following web address into your browser:
If you have any questions, please contact NBT Bank at 1-800-NBT-Bank (628-2265)