Latest Fraud Alerts For Businesses

When it comes to protecting your business from fraud and cybercrime, it pays to know the latest threats. That’s why NBT Bank is committed to providing you with the most up-to-date information and alerts. Click the headings below to learn more about recent scams and tactics being used by cyber criminals.

SBA Scams targeting business customers

Watch out for Small Business Administration (SBA) Scams!

Phone scams, Business Email Compromise, and Check Fraud are common ‘vectors of choice’ for fraudsters, and these scams are now being used to take advantage of business customers during the COVID-19 Pandemic. These scams are dubbed coronavirus scams or ‘Small Business Administration (SBA) loan scams.’ These scams target victims, often those who received SBA Payroll Protection Program (PPP) Loans, with scammers seeking to obtain personal identifiable information (often called PII). Once they have your PII, they may attempt to access your bank account or other related cyber threats.

It is important to never give out any personal information about your financial accounts or loans to anyone other than your trusted banker.

Please note that NBT Bank has not contracted with any third parties to reach out to individuals or businesses to collect information regarding stimulus payments, SBA PPP Loan Forgiveness or the SBA’s Economic Injury Disaster Loan Program.

Examples of SBA loan scams may include:

Offers to process an SBA loan for you;
Phishing attacks utilizing the SBA logo;
Impersonating callers or spoofed emails posing as a lender or financial institution and request the routing number, account number, or credit card number that you want to use to deposit your stimulus payment;
Emails about SBA loans that do not originate from SBA sites.
- NBT Bank will only send emails from the below email addresses in relation to SBA loans (NBTCares4Biz, NBTPayrollProtection, [email protected], [email protected])

These scenarios may be attempts to obtain your private information or that of your business for nefarious purposes. If you have provided any personal or financial information please contact NBT Bank at 1-800-NBT-BANK or at [email protected].

If you suspect an email is associated with a fraud scam targeting the SBA, report it to the Office of Inspector General’s Hotline at 800-767-0385 or online at https://www.sba.gov/COVIDfraudalert.

Increase in Ransomware Attacks

Security Vulnerability Description:

The Federal Bureau of Investigation (FBI), Cybersecurity & Infrastructure Security Agency (CISA), and Health and Human Services (HHS) have released information detailing the rise of ransomware attacks. Common ransomware attacks have continuously been updated to become more effective.

These ransomware attacks have increased “the ease, speed, and profitability of victimization.” The FBI has found that ransomware attacks have increased for all industries. However, there is an even more dramatic increase in hospitals and the healthcare provider industry.

Risk Mitigation:

Network Best Practices

Patch operating systems, software, and firmware as soon as manufacturers release updates.
Check configurations for every operating system version for HPH organization-owned assets to prevent issues from arising that local users are unable to fix due to having local administration disabled
Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
Use multi-factor authentication where possible.
Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs.
Implement application and remote access to only allow systems to execute programs known ang permitted by the established security policy.
Audit user accounts with administrative privileges and configure access controls with least privilege in mind.
Audit logs to ensure new accounts are legitimate.
Scan for open or listening ports and mediate those that are not needed.
Identify critical assets such as patient database servers, medical records, and telehealth and telework infrastructure; create backups of these systems and house that backups offline from the network.
Implement network segmentation. Sensitive data should not reside on the same server and network segment as the email environment.
Set antivirus and anti-malware solutions to automatically update; conduct regular scams.
Regularly backup all files offline.

Plans and Policies

It is recommended all businesses have an updated incident response plan in place to help ensure that the proper steps are taken if your company falls victim to a cyber-attack. Additionally, you can maintain an incident response retainer with a reliable cyber security company.

Ransomware Best Practices

The CISA, FBI and HHS does not recommend paying ransoms. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.

User Awareness Best Practices

It is important to continue to perform social engineering testing and training. Employees are the weakest link in terms of cyber security. It takes one person to click on a malicious link and download ransomware to your organization. Through continuous social engineering testing and training, the risk of human vulnerability can be reduced.

Cybersecurity Awareness for Businesses

Join us in celebrating National Cybersecurity Awareness Month and help promote safe online practices! Here at NBT Bank, we prioritize the safety of our customers by constantly enhancing our security measures and educating customers on how to #BeCyberSmart.

This month, we’ve joined the National Cyber Security Alliance (NCSA) and the Cyber Security and Infrastructure Agency (CISA) in their campaign to “Do Your Part.” These three simple tips encompass all necessary actions to fight against cybercrime. The focus to “Do Your Part. #BeCyberSmart” is to be intentional with your online activity.

Each week we'll be diving deeper into these topics:

If you connect it, protect it: The line between our online and offline lives is increasingly becoming blurred. Keep track of the information you’re sharing online and what rights those platforms have to it. Regularly maintain privacy settings and manage your information.

Securing devices at home & work: Now more than ever, we must protect the devices we have connected for personal and professional use. Establish unique passwords and keep them private. Set up multi-factor authentication when available and never write down your login credentials. Ensure that you’re the sole person that can login to your accounts.

The future of connected devices: With technology consistently changing and evolving, future technological improvements will affect the security of our devices. No matter what change is to come, every user needs to be prepared to #BeCyberSmart. Staying informed on the changes will help you to be prepared for any threats that may come to your personal information.

October may be dedicated to raising cyber security awareness, but the effort does not stop there. We encourage you to explore the Fraud Information Center to learn more about how to prevent, protect, and report all suspicious banking activity. This information is updated on a regular basis. Throughout the month you can also join us on Instagram, Facebook, and LinkedIn as we share information about this topic. If you believe you are a victim of fraud, notify us by emailing [email protected].

Small Business Administration Scams

The Office of Inspector General recognizes that we are facing unprecedented times and is alerting the public about potential fraud schemes related to economic stimulus programs offered by the U.S. Small Business Administration (SBA) in response to the Novel Coronavirus Pandemic (COVID-19). The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), the largest financial assistance bill to date, includes provisions to help small businesses. Fraudsters have already begun targeting small business owners during these economically difficult times. Be on the lookout for grant fraud, loan fraud, and phishing.

Individuals may receive fraudulent attempts through email asking them to click on links or attachments to complete an application for the program. Do not click on any links or attachments from unknown senders or unexpected correspondence.

Some emails may appear to come from a legitimate domain, so it is important to verify the validity of any requests asking for information. It is important to remember that any requests for US Cares Paycheck Protection Program will come directly from your financial institution. Disbursements will also only come from your bank.

Recognizing Phishing Emails

Remain vigilant when opening emails from unknown senders. The email may appear to be from someone you know. Pay attention to grammatical errors.
Never click any links or attachments in emails from someone you don’t know.
Report suspicious emails with unknown attachments or links to your email provider.
Ensure your personal computer systems and anti-virus are always up to date and running on the most current software version.

See sample phishing email below:

Sample Small Business Administration Scam Email

For more information and to report fraud attempts from the SBA please visit their website.

Please contact NBT Bank if you have provided any personal or financial information at 1-800-NBT-BANK or at [email protected].

Cybersecurity Threats and How To Stay Safe During the COVID-19 Pandemic

In this modern age of the “Internet-of-Everything,” the world has never experienced a pandemic like COVID-19. As we are collectively distracted by the global health crisis, cybercriminals are exploiting the situation in many ways. They prey on fear and urgency. They thrive in the chaos created by disruption to our work force. Please use the below information to better educate and protect yourself. NBT Bank is here to help! Please check our website for updates and reach out to us with any fraud/cybersecurity concerns through our email [email protected].

How is COVID-19 increasing Cyber Risk?

Fear and Urgency – Cybercriminals are preying on your fear and urgent need for news and supplies related to COVID-19. Attacks are frequently initiated through social engineering (phishing/spear phishing) and could lead to credential theft, financial fraud, ransomware and more.

Increased Attack Surface – Government and employers are pushing employees to temporarily work remotely – outside of the fortress walls so to speak – creating opportunities to exploit people and resources like never before.

A summary of the latest COVID-19 related threat intelligence.

Fake Domains – A significant spike in newly registered COVID-19-related domains has been observed. These domains are used to lure visitors to malware-infected sites or to further perpetrate social engineering tactics.

Phishing Attacks – A significant spike in COVID-19-themed phishing attacks has been observed and these attacks exploits the fearful mindset of recipients. Supply shortages (e.g. hand sanitizer, masks, etc.) foster a sense of urgency and create opportunities for threat actors to “meet the demand” by selling supplies. In reality, they take your money and don’t deliver.

Use of Familiar Brands/Trademarks - Social engineering tactics focused on gaining trust by leveraging brands such as the US Centers for Disease Control (CD) and the World Health Organization (WHO), as well as country-specific agencies and businesses such as FedEx and major airlines are being used to similarly trick unsuspecting and fearful recipients.

Sophisticated Attackers - Nation-state attackers – Advanced Persistent Threats from China, North Korea, Russia and elsewhere - have been associated with a handful of cases that reference COVID-19. Such attackers have better skills and resources and their goal is often to silently infiltrate an organization, where they meticulously gather information, move laterally through the network in search of privileged accounts and sensitive information prior to executing a variety of attacks.

Malware – The use of fake domains, social engineering and familiar brands is ultimately designed to get something valuable from you. Often, these techniques are also used to deliver malicious software, or malware, that facilitate the theft of information or fraud.

Challenges for companies as workforce goes home.

Social distancing recommendations to combat the spread of COVID-19 are sending America’s workforce home in droves. Below is a summary of the potential issues that companies will have to consider:

Sensitive Information – Inside the corporation there are typically more controls in place to protect and monitor sensitive information such as intellectual property and trade secrets. While executives, managers and certain team members may have remote access privileges, it is likely that not everyone does. With the rapid expansion of the remote workforce companies will grapple with how to keep their critical information secure while expanding their footprint beyond the traditional perimeter defenses.

Strain on IT Staff – IT teams are already short staffed and overburdened and now the prospect of having to send the workforce home – with connectivity to the office – may be overwhelming. Mistakes or oversights, particularly with respect to security, will increase.

VPN Security – VPNs are devices or software that encrypts your computer’s connection to the corporate office and they are essential to data security. Unfortunately, the patch window for VPNs (the time between discovery of a vulnerability and the time it is fixed by the company) is historically long, leaving the vulnerability exposed to exploitation. Further, employees typically access other corporate resources, such as email (e.g. Office 365) and other online portals without utilizing a VPN from home and insecure public networks.

Unmanaged Devices – The remote employee may utilize a company-issued computer on a home network with dozens of other Internet-connected devices, including vulnerable Smart TVs. Unless the employee is technically savvy and cyber-aware, the patch window on personal computers is probably longer than desired. These unmanaged systems may be running outdated antivirus or none at all.

Lack of Monitoring – Companies typically have no visibility into an employee’s home network and may have no process in place for monitoring VPN connections or what the employee is doing while connected remotely to the company network. Further, most companies have little to no visibility into what the employee does with sensitive information that has been removed from the company’s internal network.

Insecure Wi-Fi – Home Wi-Fi if is often a “set-and-forget” service. Typically, home wi-fi broadcasts the network name (SSID) with descriptive information about the router and may be secured with a weak or default password – which are available online.

Skeleton Office Crews – Vacant homes with unlocked doors are invitations to burglars. An empty office without monitoring of critical systems and data is no different.

Tips to protect your company.

The advice below is not novel in the cybersecurity space, but it deserves renewed focus as we all brace for the impact of increased cyber-attacks related to COVID-19:

Avoid Being A Victim of Social Engineering In the Office Or At Home

ALWAYS check the email ‘From’ field to validate the sender. This ‘From’ address may be spoofed.
ALWAYS check for so-called ‘double-extended' scam attachments. A text file named ‘safe.txt’ is safe, but a file called ‘safe.txt.exe’ is not.
ALWAYS report all suspicious emails to your Information Technology help desk.
ALWAYS note that verify the domain name of the websites you visit or that are revealed in embedded links.
NEVER open any email attachments that end with: .exe, .scr, .bat, .com or other executable files you do not recognize.
NEVER “unsubscribe” - it is easier to delete the e-mail than to deal with the security risks.
NEVER click embedded links in messages without hovering your mouse over them first to check the URL and verify the domain is safe/secure.
NEVER respond or reply to spam in any way. Use the delete button.

Prepare for reduced personnel in the office.

If you do not have a Business Continuity Plan, make one and ensure everyone understands their role.
Test remote access to ensure it works in the event your building closes or is completely vacated/li>
Review the safeguards in place to ensure the security of your sensitive data.
If possible, monitor access to the network, VPN usage and to systems that store your critical data.
To the extent possible, restrict remote access connections to the resources needed and avoid network-wide access.
Have a backup plan in the event your IT team gets sick or incapacitated (ensure that more than one person has the ability to perform all IT functions).
Ensure that systems used to process payroll and accounts receivables are secure and accessible to the right people remotely.

Bolster your home office defenses.

RESET your modem or router password to a custom, strong password.
BE AWARE that the default password or password-bypass PIN code might be affixed to the back or bottom of your router.
USE a password manager (e.g. LastPass, Password1, Dashlane) to securely create and store your passwords.
HIDE or CHANGE your Wi-Fi network name (SSID) to something non-descriptive. While you’re at it change the name of your iPhone to something non-descriptive so you are not broadcasting your name and device type to everyone in the coffee shop or airport.
ENABLE WPA2 encryption on your Wi-Fi network.
ENABLE a Guest network at home so you can keep your home network isolated.
PATCH your home devices regularly by setting the operating system and applications to automatic updates.
USE multi-factor authentication to access all online portals and corporate resources.
USE next generation anti-virus software that is smart enough to detect/block advanced attacks, ransomware and polymorphic malware.
USE a VPN whenever you are connecting to work resources or personal financial websites.
USE a VPN whenever you are in the coffee shop (public Wi-Fi), including on your Smart phone.
SEPARATE your IoT devices (such as Smart TVs, appliances, etc.) onto a different network if your router allows it - or buy one that does.
ENABLE Windows Defender on computers running the Windows 10 operating system.
INSTALL a firewall appliance between your home network and your modem/router.
USE an app (e.g. Fing) on your Smart phone to quickly scan and identify all of the devices on your home network. Track down anything suspicious.

NBT Bank is here to help! Please check our website for updates and reach out to us with any fraud/cybersecurity concerns through our email [email protected].

Defending Your Business Against COVID-19 Fraud Scams

How to defend yourself and stay safe amid COVID-19 Scams

NBT would like to take this time to warn our customers to remain vigilant on an increase in scams related to the Coronavirus Disease (COVID-19). Scams could come in a variety of forms including phishing emails with malicious links or attachments to try and trick victims into revealing sensitive information. This could also come in the form of donations to fake charities. Always exercise your due diligence when opening any email related to COVID-19 and be wary of social media ads, texts or calls.

Some important tips you need to know:

Avoid clicking on links in unsolicited emails and be wary of attachments. Email scammers often try to elicit a sense of fear or urgency in victims.
Use trusted sources- such as legitimate government websites for the most up-to-date fact based information about COVID-19.
Do not reveal personal information or financial information in an email, and do not respond to solicitations for this information.
Always verify a charity before making donations by contacting the charity directly or verify the charities existence. Do not donate if the solicitor is using high-pressure tactics or insists on a cash donation.

If you have questions about this scam or think you might be a victim, call NBT Bank customer service at 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.

Business Email Compromise

Business Email Compromise and Spear Phishing: A Sharp Cost

NBT Bank has recently noticed an increase in a type of fraud referred to as Business Email Compromise (BEC). This occurs when fraudsters fool an employee into submitting a wire transfer by posing as a supplier, vendor, or business partner. In a new variation of BEC, fraudsters are using spear phishing attempts. Spear phishing refers to targeted emails going to a specific department or line of business. For example, the accounting and finance department or payroll.

The email contains a link to what looks like an encrypted file. When clicked, the user is prompted for their username and password on a fake login screen. With this information, fraudsters can sort through their emails for invoices, communications with banks, or other important financial information. They also use this information to make rules in the user’s inbox to automatically forward emails for real time information. Most recently, there has been an increase in attacks toward healthcare, professional services, higher education and real estate closing companies.

How to protect yourself:

Don’t click on links in suspicious emails. Clicking a link could compromise your account or your network.
Check to see if the request is consistent with how earlier wire payments have been made. Is your supplier asking you to wire funds to a new bank account or different location?
Look carefully for small changes in email addresses that mimic legitimate email addresses. Do not rely on the display name shown, and always look for differences between the domain (@yahoo vs. @gmail) or sender name ([email protected] vs. [email protected]).
Use an alternate method of communication to verify. If the request is an email, then call and speak to the person using a known phone number to get a verbal confirmation for the request.
Implement dual control approvals with your bank for wire transfer requests. If an employee submits a request for a wire transfer, have a different employee who is aware of BEC and is willing to ask the right questions and provide approval to your financial institution.
Spread the word. Coach your employees about this type of fraud and the warning signs.

If you have any questions, please contact NBT Bank Cash Management Support at 800-NBT-Bank (628-2265), option 8.

Ransomware: Not Going Away, Increasing in Frequency and Sophistication

Ransomware attacks continue to increase in frequency, and are becoming more sophisticated and targeted, meaning that an email containing an infected attachment can seem like it is coming from a trusted source such as a vendor or company. Malicious emails often no longer contain the typical indicators of phishing attempts, such as poor grammar and spelling, or "from" addresses which you do not recognize. It is extremely important to review all emails for content and purpose, and never open any attachments before verifying that the email is intended for you and is something which you were anticipating for a specific purpose.

What is Ransomware, and how does it happen to you? Ransomware attacks begin when an individual clicks on a malicious link or attachment in an email. Ransomware will then encrypt, or 'lock' all of the files on the user's computer, rendering the files unusable and inaccessible. After the files have been encrypted, the user will be prompted to pay a ransom to unlock their files.

Who is vulnerable? Ransomware attacks can be perpetrated against anyone, and caution must be practiced at all times.

How will you or your business be impacted?

If you fall victim to a Ransomware attack, the impact to individuals and businesses can reach far beyond removing the infection and recovering your files, and could also include:

Temporary or permanent loss of sensitive or proprietary information. Your personal or business files could be temporarily inaccessible or lost forever.
Disruption to regular operations. In the time it takes to respond to the attack, your computer files and the files on your network will be inaccessible, leaving your business inoperable or significantly impaired.
Financial loss. In order to fully respond to and recover from this threat, you may be required to invest significant resources in repairing and restoring your device or network, whether it be through the use of an internal or external IT Professional, or in extreme cases where a lack of preparation has left you with no other option to recover your files, paying the ransom.
Harm to an organization's reputation. Your business may suffer reputational harm when current customers or prospective clients learn that your business operations and their personal information have been affected by a Ransomware attack. Being prepared to appropriately prevent, detect, and respond to these events can help ensure a timely resumption of services and the protection of private customer information.

How to protect yourself: Prevent, Detect, Respond

Keep your anti-virus software active and up to date. Your anti-virus software is only as good as your last update.
Back up your files. Though creating a backup of your system will not prevent the execution of Ransomware, this preventative measure will allow for the recovery of data in an efficient and effective manner, without having to pay a ransom.
Be wary of suspicious or unsolicited emails, especially those which contain attachments or links.
Pay attention to anomalies when using your device, whether your computer seems to be running differently than usual, or if your computer is on a network of computers and seems to be communicating in a way in which it does not typically.
Educate yourself on Ransomware by reading this and similar alerts, such as the one released by the United States Department of Homeland Security (DHS) and the Canadian Cyber Incident Response Center (CCIRC), which can be found by typing the following link into your web browser: https://www.us-cert.gov/ncas/alerts/.
Paying the ransom is not recommended, and there is no guarantee the files will be decrypted upon paying the ransom. It is always recommended that victims work with an IT professional first before negotiating with the attackers.

For More information on Ransomware including an example of what a ransomware email might look like, please review our previous alert on Ransomware. It can be found by typing in the following web address into your browser:

https://www.nbtbank.com/Business/Customer-Support/Fraud-Information-Center/LatestFraudAlert/Ransomware

If you have any questions, please contact NBT Bank at 1-800-NBT-Bank (628-2265)