Important Service Disruption:
When it comes to protecting your business from fraud and cybercrime, it pays to know the latest threats. That’s why NBT Bank is committed to providing you with the most up-to-date information and alerts. Click the headings below to learn more about recent scams and tactics being used by cyber criminals.
In this modern age of the “Internet-of-Everything,” the world has never experienced a pandemic like COVID-19. As we are collectively distracted by the global health crisis, cybercriminals are exploiting the situation in many ways. They prey on fear and urgency. They thrive in the chaos created by disruption to our work force. Please use the below information to better educate and protect yourself. NBT Bank is here to help! Please check our website for updates and reach out to us with any fraud/cybersecurity concerns through our email [email protected].
Fear and Urgency – Cybercriminals are preying on your fear and urgent need for news and supplies related to COVID-19. Attacks are frequently initiated through social engineering (phishing/spear phishing) and could lead to credential theft, financial fraud, ransomware and more.
Increased Attack Surface – Government and employers are pushing employees to temporarily work remotely – outside of the fortress walls so to speak – creating opportunities to exploit people and resources like never before.
Fake Domains – A significant spike in newly registered COVID-19-related domains has been observed. These domains are used to lure visitors to malware-infected sites or to further perpetrate social engineering tactics.
Phishing Attacks – A significant spike in COVID-19-themed phishing attacks has been observed and these attacks exploits the fearful mindset of recipients. Supply shortages (e.g. hand sanitizer, masks, etc.) foster a sense of urgency and create opportunities for threat actors to “meet the demand” by selling supplies. In reality, they take your money and don’t deliver.
Use of Familiar Brands/Trademarks - Social engineering tactics focused on gaining trust by leveraging brands such as the US Centers for Disease Control (CD) and the World Health Organization (WHO), as well as country-specific agencies and businesses such as FedEx and major airlines are being used to similarly trick unsuspecting and fearful recipients.
Sophisticated Attackers - Nation-state attackers – Advanced Persistent Threats from China, North Korea, Russia and elsewhere - have been associated with a handful of cases that reference COVID-19. Such attackers have better skills and resources and their goal is often to silently infiltrate an organization, where they meticulously gather information, move laterally through the network in search of privileged accounts and sensitive information prior to executing a variety of attacks.
Malware – The use of fake domains, social engineering and familiar brands is ultimately designed to get something valuable from you. Often, these techniques are also used to deliver malicious software, or malware, that facilitate the theft of information or fraud.
Social distancing recommendations to combat the spread of COVID-19 are sending America’s workforce home in droves. Below is a summary of the potential issues that companies will have to consider:
Sensitive Information – Inside the corporation there are typically more controls in place to protect and monitor sensitive information such as intellectual property and trade secrets. While executives, managers and certain team members may have remote access privileges, it is likely that not everyone does. With the rapid expansion of the remote workforce companies will grapple with how to keep their critical information secure while expanding their footprint beyond the traditional perimeter defenses.
Strain on IT Staff – IT teams are already short staffed and overburdened and now the prospect of having to send the workforce home – with connectivity to the office – may be overwhelming. Mistakes or oversights, particularly with respect to security, will increase.
VPN Security – VPNs are devices or software that encrypts your computer’s connection to the corporate office and they are essential to data security. Unfortunately, the patch window for VPNs (the time between discovery of a vulnerability and the time it is fixed by the company) is historically long, leaving the vulnerability exposed to exploitation. Further, employees typically access other corporate resources, such as email (e.g. Office 365) and other online portals without utilizing a VPN from home and insecure public networks.
Unmanaged Devices – The remote employee may utilize a company-issued computer on a home network with dozens of other Internet-connected devices, including vulnerable Smart TVs. Unless the employee is technically savvy and cyber-aware, the patch window on personal computers is probably longer than desired. These unmanaged systems may be running outdated antivirus or none at all.
Lack of Monitoring – Companies typically have no visibility into an employee’s home network and may have no process in place for monitoring VPN connections or what the employee is doing while connected remotely to the company network. Further, most companies have little to no visibility into what the employee does with sensitive information that has been removed from the company’s internal network.
Insecure Wi-Fi – Home Wi-Fi if is often a “set-and-forget” service. Typically, home wi-fi broadcasts the network name (SSID) with descriptive information about the router and may be secured with a weak or default password – which are available online.
Skeleton Office Crews – Vacant homes with unlocked doors are invitations to burglars. An empty office without monitoring of critical systems and data is no different.
The advice below is not novel in the cybersecurity space, but it deserves renewed focus as we all brace for the impact of increased cyber-attacks related to COVID-19:
Avoid Being A Victim of Social Engineering In the Office Or At Home
NBT Bank is here to help! Please check our website for updates and reach out to us with any fraud/cybersecurity concerns through our email [email protected].
NBT would like to take this time to warn our customers to remain vigilant on an increase in scams related to the Coronavirus Disease (COVID-19). Scams could come in a variety of forms including phishing emails with malicious links or attachments to try and trick victims into revealing sensitive information. This could also come in the form of donations to fake charities. Always exercise your due diligence when opening any email related to COVID-19 and be wary of social media ads, texts or calls.
Some important tips you need to know:
If you have questions about this scam or think you might be a victim, call NBT Bank customer service at 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.
NBT Bank continues to receive reports of phishing emails targeting customers and non-customers containing suspicious links. Phishing is a fraud attempt where an individual is asked to click on links or attachments in an email, or other type of message, to gather personal information or cause damage to a computer or network.
In the latest phishing attempt, fraudsters are sending emails impersonating NBT Bank asking recipients to confirm a transaction. There is a link at the bottom that directs you to a fake website to input login credentials and personal information. The fraudsters take this information and immediately use it to take over your online banking account and change the username and password so it’s not accessible.
Pictured is a sample of the fraudulent email. Please be advised that even if body of the email is different or appears to be coming from a different sender, any similar emails could be a phishing attempt.
If you believe you have received a phishing email and shared your personal information, please call NBT Bank immediately at 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.
Here at NBT Bank, we prioritize the safety of our customers by constantly enhancing our security measures and educating customers on how to #BeCyberSmart and remain #CyberAware. There are several steps you can take to make sure your information and your devices are always protected against cybercrime. We’re sharing three simple steps to help you Own IT. Secure IT. Protect IT. These tips encompass all necessary actions to protect your most valuable information. The focus to #BeCyberSmart is to be intentional with your online activity.
Own IT: Keep track of the information you’re sharing online and what rights those platforms have to it. Regularly maintain privacy settings and manage your information.
Secure IT: Establish unique passwords and keep them private. Set up multi-factor authentication when available and never write down your login credentials. Ensure that you’re the sole person that can login to your accounts.
Protect IT: Be cautious when you see an email that looks suspicious. Never click on links or attachments if an email seems unusual or you don’t know who it’s from. If you receive a suspicious email that claims to be from NBT Bank, notify us by emailing [email protected].
The effort to raise cybersecurity awareness doesn’t stop. We encourage you to explore the Fraud Information Center to learn more about how to prevent, protect, and report all suspicious banking activity. This information is updated on a regular basis.
If you think you might have been the victim of a scam or other form of cybercrime, contact our team right away by calling 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.
It’s a normal day in your business’s payroll department when an email comes in posing as an employee. The email asks to have payroll switched to a new account. The payroll is switched with no questions asked and everything seems OK. Fast forward two weeks when the direct deposit hits. The employee calls asking why their payroll deposit was never made. Turns out, they never requested a changed in their direct deposit, and the fraudsters have been paid instead.
To avoid falling victim to this scam like this, look for these red flags:
In order to avoid being a victim, set up extra verification steps when employees request a change in their payroll. If your company requires a signed form, compare signatures with what you have on file. If you receive an email that seems suspicious, contact the employee directly via a known phone number.
At NBT Bank, we take steps to monitor and protect all our customer’s account. If you believe you’ve been the victim of this scam, contact your local branch or call 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.
NBT Bank has recently noticed an increase in a type of fraud referred to as Business Email Compromise (BEC). This occurs when fraudsters fool an employee into submitting a wire transfer by posing as a supplier, vendor, or business partner. In a new variation of BEC, fraudsters are using spear phishing attempts. Spear phishing refers to targeted emails going to a specific department or line of business. For example, the accounting and finance department or payroll.
The email contains a link to what looks like an encrypted file. When clicked, the user is prompted for their username and password on a fake login screen. With this information, fraudsters can sort through their emails for invoices, communications with banks, or other important financial information. They also use this information to make rules in the user’s inbox to automatically forward emails for real time information. Most recently, there has been an increase in attacks toward healthcare, professional services, higher education and real estate closing companies.
If you have any questions, please contact NBT Bank Cash Management Support at 800-NBT-Bank (628-2265), option 8.
Ransomware attacks continue to increase in frequency, and are becoming more sophisticated and targeted, meaning that an email containing an infected attachment can seem like it is coming from a trusted source such as a vendor or company. Malicious emails often no longer contain the typical indicators of phishing attempts, such as poor grammar and spelling, or "from" addresses which you do not recognize. It is extremely important to review all emails for content and purpose, and never open any attachments before verifying that the email is intended for you and is something which you were anticipating for a specific purpose.
What is Ransomware, and how does it happen to you? Ransomware attacks begin when an individual clicks on a malicious link or attachment in an email. Ransomware will then encrypt, or 'lock' all of the files on the user's computer, rendering the files unusable and inaccessible. After the files have been encrypted, the user will be prompted to pay a ransom to unlock their files.
Who is vulnerable? Ransomware attacks can be perpetrated against anyone, and caution must be practiced at all times.
How will you or your business be impacted?
If you fall victim to a Ransomware attack, the impact to individuals and businesses can reach far beyond removing the infection and recovering your files, and could also include:
How to protect yourself: Prevent, Detect, Respond
For More information on Ransomware including an example of what a ransomware email might look like, please review our previous alert on Ransomware. It can be found by typing in the following web address into your browser:
If you have any questions, please contact NBT Bank at 1-800-NBT-Bank (628-2265)