Latest Fraud Alerts

Recently a new customer service feature was launched to assist in our debit card fraud monitoring program by utilizing SMS and email notification for fraud alerts. If a transaction needs to be verified by our customer it can now be completed through a two-way SMS message or brought to the customer’s attention via email.

SMS Fraud Alerts

Enroll in SMS fraud alerts. This can be completed for new cardholders at card opening and existing cardholders that update their cellular phone number. An enrollment text message will be sent the next day asking them to reply “YES” to enroll. Once enrolled in SMS alerts customers can respond to a text message confirming fraudulent transactions or legitimate transactions.

See below sample text for enrollment:

Email Notification

Emails notifying customers of potentially fraudulent card transactions will be sent out to customers with an email address on file. Emails are solely to notify customers and cannot be responded to. Please contact customer service at 1-800-NBT-BANK to confirm transactions.

See sample email below:

What happened: NBT Bank Information Security has been made aware of increased phishing and business email compromise attempts that could affect consumer and business accounts. During tax season, cybercriminals make an attempt to get sensitive W-2 information that a company stores. In certain cases, the email is spoofed to appear as though it's coming from an executive or someone within the company.

Once the fraudster has compromised the W-2 information, they might make an attempt to request funds via a wire transfer or ACH.

The Financial Services Information Sharing and Analysis Center, or FS-ISAC, has reported a significant increase in phishing attempts for W-2 information from approximately 100 in 2016 to over 900 in 2017. Below are some red flags to look out for to make sure you don't become a victim.

Red Flags:

• The email is coming from an external domain (@gmail.com, @yahoo.com, etc.) but the person is attempting to make it look like they work for the company.
• The request for information or funds is coming from someone that does not usually make these requests.
• The person is asking that the funds be sent to a new location.
• The sender makes the request seem urgent and it needs to be sent as soon as possible.

For more information on Taxpayer Identity Theft, visit the IRS website. Check back to the Fraud Information Center on nbtbank.com for up to date information on the latest trends and cyber threats.

If you have shared information after receiving a suspicious email, please call 1-800-NBT-BANK immediately.

A massive data breach at one of the largest credit reporting agencies in the country could affect the personal information of up to 143 million consumers, almost half of the US population.

The breach exposes information including social security numbers, birthdays, addresses, and in some cases, driver’s license numbers. In addition, approximately 209,000 credit card numbers were exposed. Currently, it is believed the compromise lasted from mid-May through the end of July.

To Protect Yourself from Potential Fraud:

• Review your account activity regularly and contact us if you see anything unusual.
• Make sure you review your credit report annually to identify any unauthorized activity.
• Make sure that NBT Bank has your most up to date contact information in the event we need to contact you about any unusual activity.
• Watch out for scams related to the breach. Attackers are likely to take advantage of the situation and craft sophisticated phishing e-mails.
• Check the Report Fraud section on the NBT website for additional steps if you are a victim of identity theft.

It is important to remember NBT Bank has fraud monitoring in place that watches customer accounts for unusual activity. NBT will contact you in the event that we see any suspicious activity.

NBT Bank will continue to monitor the situation and provide further information as needed. For more information on the breach or to see if your information was affected, follow the link below:

https://www.equifaxsecurity2017.com/

Please contact our Call Center at 1-800-NBT-BANK (1-800-628-2265) if you see any unusual activity on your account.

Businesses are Now Being Targeted in New Ways

NBT Bank has recently noticed an increase in a type of wire fraud referred to as Business Email Compromise, and the way in which fraudsters are targeting businesses continues to change.

Business Email Compromise (BEC) scams happen when an email account is compromised or spoofed, and an employee is convinced to wire money to a fraudster. In a new variation of BEC, the fraudster is able to fool an employee into submitting a wire transfer by posing as a supplier, vendor, or business partner, and the email request may look like it is coming directly from your supplier, or may be part of an email chain you have had with your legitimate supplier in the past. When submitted, the transaction appears to be completely legitimate to the company’s financial institution, and confirmation calls or other methods of verification may not be effective if verification is being made to the employee who submitted the request, as this employee believes they have been communicating with an established supplier or sales representative.

How to protect yourself:

• Check to see if the request is consistent with how earlier wire payments have been made. Is your supplier asking you to wire funds to a new bank account or different location?
• Look carefully for small changes in email addresses that mimic legitimate email addresses. Do not rely on the display name shown, and always look for differences between the domain (@yahoo vs. @gmail) or sender name (ABCSupplies@ vs. ABCSupply@).
• Use an alternate method of communication to verify the identity of the person requesting the funds transfer. If the request is an email, then call and speak to the person using a known phone number to get a verbal confirmation for the request.
• Implement dual control approvals with your bank for wire transfer requests. If an employee submits a request for a wire transfer, have a different employee who is aware of Business Email Compromise and is willing to ask the right questions provide approval to your financial institution.
• Spread the word. Coach your employees about this type of fraud and the warning signs.

To read the full alert on Business Email Compromise, copy and paste the following link into your web browser:
https://www.nbtbank.com/Business/Customer-Support/Fraud-Information-Center/LatestFraudAlert/Business-Email-Compromise

If you have any questions, please contact NBT Bank Cash Management Support at 800-NBT-Bank (628-2265), option 8.

Ransomware attacks continue to increase in frequency, and are becoming more sophisticated and targeted, meaning that an email containing an infected attachment can seem like it is coming from a trusted source such as a vendor or company. Malicious emails often no longer contain the typical indicators of phishing attempts, such as poor grammar and spelling, or "from" addresses which you do not recognize. It is extremely important to review all emails for content and purpose, and never open any attachments before verifying that the email is intended for you and is something which you were anticipating for a specific purpose.

What is Ransomware, and how does it happen to you? Ransomware attacks begin when an individual clicks on a malicious link or attachment in an email. Ransomware will then encrypt, or 'lock' all of the files on the user's computer, rendering the files unusable and inaccessible. After the files have been encrypted, the user will be prompted to pay a ransom to unlock their files.

Who is vulnerable? Ransomware attacks can be perpetrated against anyone, and caution must be practiced at all times.

How will you or your business be impacted?

If you fall victim to a Ransomware attack, the impact to individuals and businesses can reach far beyond removing the infection and recovering your files, and could also include:

• Temporary or permanent loss of sensitive or proprietary information. Your personal or business files could be temporarily inaccessible or lost forever.
• Disruption to regular operations. In the time it takes to respond to the attack, your computer files and the files on your network will be inaccessible, leaving your business inoperable or significantly impaired.
• Financial loss. In order to fully respond to and recover from this threat, you may be required to invest significant resources in repairing and restoring your device or network, whether it be through the use of an internal or external IT Professional, or in extreme cases where a lack of preparation has left you with no other option to recover your files, paying the ransom.
• Harm to an organization's reputation. Your business may suffer reputational harm when current customers or prospective clients learn that your business operations and their personal information have been affected by a Ransomware attack. Being prepared to appropriately prevent, detect, and respond to these events can help ensure a timely resumption of services and the protection of private customer information.

How to protect yourself: Prevent, Detect, Respond

• Keep your anti-virus software active and up to date. Your anti-virus software is only as good as your last update.
• Back up your files. Though creating a backup of your system will not prevent the execution of Ransomware, this preventative measure will allow for the recovery of data in an efficient and effective manner, without having to pay a ransom.
• Be wary of suspicious or unsolicited emails, especially those which contain attachments or links.
• Pay attention to anomalies when using your device, whether your computer seems to be running differently than usual, or if your computer is on a network of computers and seems to be communicating in a way in which it does not typically.
• Educate yourself on Ransomware by reading this and similar alerts, such as the one released by the United States Department of Homeland Security (DHS) and the Canadian Cyber Incident Response Center (CCIRC), which can be found by typing the following link into your web browser: https://www.us-cert.gov/ncas/alerts/.
• Paying the ransom is not recommended, and there is no guarantee the files will be decrypted upon paying the ransom. It is always recommended that victims work with an IT professional first before negotiating with the attackers.

For More information on Ransomware including an example of what a ransomware email might look like, please review our previous alert on Ransomware. It can be found by typing in the following web address into your browser:

https://www.nbtbank.com/Business/Customer-Support/Fraud-Information-Center/LatestFraudAlert/Ransomware

If you have any questions, please contact NBT Bank at 1-800-NBT-Bank (628-2265)

We have been alerted of a new twist on an old scheme using the cover of tax season. Criminals are now focusing on payroll departments and requesting a list of employee information via email, including SSN, Date of Birth, Home Address, and Salary. Criminals are then using this information to file fraudulent tax returns for refunds. In this scam, the email appears to be coming from the company CEO, and might even contain the actual name of the CEO or a similar email address. CEO tax phishing scams can be easily completed by the employee receiving the fraudulent email, and companies may not have controls in place for fulfilling W-2 requests. Here are some of the details that might be included in the fraudulent emails:

• Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
• Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
• I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

Be wary if your CEO appears to be emailing you one of the above scenarios. Do not provide any personal, financial or confidential information through an email that appears to be suspicious. If the CEO has never asked for this information in this manner before it should be considered suspicious. Create verification controls for all requests via email regarding personal or financial information, such as dual control between Human Resources and Accounting employees, or out-of-email authentication of the CEO or executive via callback.