Latest Fraud Alerts

When it comes to protecting your business from fraud and cybercrime, it pays to know the latest threats. That’s why NBT Bank is committed to providing you with the most up-to-date information and alerts. Click the headings below to learn more about recent scams and tactics being used by cyber criminals.

Understanding ATM Attacks

ATM attacks are becoming much more frequent in the United States. They occur when cybercriminals target ATMs by utilizing physical and technology-based means to steal funds from a financial institution and from consumer accounts. Often, these attacks occur around holidays as an attempt to prevent or delay being detected. There are four common types of attacks to be aware of: skimming, shimming, cash-out schemes, and jackpotting.

Types of attacks:

Skimming – devices placed on top of the PIN pad and/or card slot used to capture PIN numbers and other information to create cloned cards.
Shimming – similar to skimming, this involves insertion deep within the ATM to capture chip-enabled card information.
Cash-out schemes – involve using stolen and acquired card numbers to remove funds from multiple accounts.
Jackpotting – is forcing an ATM to dispense all of its cash using physical or logical methods.

What can you do:

Protect your debit and/or credit cards and PINs at all times. Do not share them with others.
Be aware of surroundings when using ATMs and look for any abnormalities on the machine.
Look for any suspicious behavior by others at the ATM. If you notice anything unusual, do not use the ATM and notify your financial institution.
If you receive a suspicious email or text message claiming to come from NBT or a phone call asking for card number, PIN or CVV code, contact the bank using the number on the back of your card.
Use two-factor authentication and other security features offered by NBT Bank to protect your accounts.
Sign up for alerts for certain types of transactions, such as online purchases or transactions over a certain dollar amount.

If you notice any unusual transactions on your account or believe your account information might be compromised, notify NBT Bank immediately by calling 1-800-NBT-BANK (1-800-628-2265). Customer service representatives are available Monday through Friday 7 a.m. to 7 p.m. and Saturday from 9 a.m. to 12 p.m

New Malware Affecting Home & Small Business Routers

Federal officials and cybersecurity experts have been reporting about a newly disclosed malware known as “VPNFilter.” Security researchers are estimating that over 500,000 small business and home office routers could be affected. Among the devices identified are routers from Linksys, MikroTik, NETGEAR, TP-LINK and QNAP. While the list of devices reported is not all inclusive, these are the brands identified at this time.

The malware is destructive and it is important for home users to take precautionary steps. Below are some recommended best practices to help protect you and your home network.

Best Practices:

Modem/Router Reboot: A simple reboot of your modem/router can help prevent your device from becoming infected. This can be accomplished by unplugging the device from the electrical outlet, waiting at least 10 seconds, and then plugging the device back in.
Proper Password(s): Always make sure any device at home that connects to the internet have unique passwords and never the default admin passwords that come with the device.
Patch/Update Firmware: Many routers and modems receive security updates from time to time, but if you are not sure, contact your Internet Service Provider or go to your router’s website for the most up to date firmware or update for your router. Netgear and Linksys have already established how-to guides on their websites.

SMS and Email Fraud Alerts

Recently a new customer service feature was launched to assist in our debit card fraud monitoring program by utilizing SMS and email notification for fraud alerts. If a transaction needs to be verified by our customer it can now be completed through a two-way SMS message or brought to the customer’s attention via email.

SMS Fraud Alerts

When unusual activity on the account attached to your debit card is detected, the SMS Fraud Alert feature will initiate a Text Alert to the mobile phone on record for the account. Respond by text to either approve the transaction, or to indicate that the transaction is fraudulent. You can opt-out of this service by replying STOP to an alert that you received.

Email Notification

Emails notifying customers of potentially fraudulent card transactions will be sent out to customers with an email address on file. Emails are solely to notify customers and cannot be responded to. Please contact customer service at 1-800-NBT-BANK to confirm transactions.

See sample email below:

NBT Bank is committed to providing you with the most advanced fraud protection solutions available in the marketplace. Although preventive measures have been taken to secure your Debit card account, please call us immediately, toll-free at:

1-800-628-2265

You will be prompted to enter your Case ID:
000000

For your protection, we want to verify that the recent transactions on your Debit card account were made with your authorization.

You can reach us 24 hours per day, 7 days per week.

Transaction Information

Date: 9/20/2012
Amount: $XXX.XX
Merchant Name: ABC MERCHANT
Merchant Location: ANY TOWN, ANY STATE

Sincerely,
Your Financial Institution Fraud Prevention Center

Case ID:
000000

Cardholder Name: JOHN DOE
Debit Card Ending in XXXX

**** THIS IS AN AUTOMATED EMAIL. DO NOT REPLY TO THIS EMAIL. ****

Equifax Data Breach: 143 Million Consumers Affected

A massive data breach at one of the largest credit reporting agencies in the country could affect the personal information of up to 143 million consumers, almost half of the US population.

The breach exposes information including social security numbers, birthdays, addresses, and in some cases, driver’s license numbers. In addition, approximately 209,000 credit card numbers were exposed. Currently, it is believed the compromise lasted from mid-May through the end of July.

To Protect Yourself from Potential Fraud:

Review your account activity regularly and contact us if you see anything unusual.
Make sure you review your credit report annually to identify any unauthorized activity.
Make sure that NBT Bank has your most up to date contact information in the event we need to contact you about any unusual activity.
Watch out for scams related to the breach. Attackers are likely to take advantage of the situation and craft sophisticated phishing e-mails.
Check the Report Fraud section on the NBT website for additional steps if you are a victim of identity theft.

It is important to remember NBT Bank has fraud monitoring in place that watches customer accounts for unusual activity. NBT will contact you in the event that we see any suspicious activity.

NBT Bank will continue to monitor the situation and provide further information as needed. For more information on the breach or to see if your information was affected, follow the link below:

https://www.equifaxsecurity2017.com/

Please contact our Call Center at 1-800-NBT-BANK (1-800-628-2265) if you see any unusual activity on your account.

Business Email Compromises are on the Rise

Businesses are Now Being Targeted in New Ways

NBT Bank has recently noticed an increase in a type of wire fraud referred to as Business Email Compromise, and the way in which fraudsters are targeting businesses continues to change.

Business Email Compromise (BEC) scams happen when an email account is compromised or spoofed, and an employee is convinced to wire money to a fraudster. In a new variation of BEC, the fraudster is able to fool an employee into submitting a wire transfer by posing as a supplier, vendor, or business partner, and the email request may look like it is coming directly from your supplier, or may be part of an email chain you have had with your legitimate supplier in the past. When submitted, the transaction appears to be completely legitimate to the company’s financial institution, and confirmation calls or other methods of verification may not be effective if verification is being made to the employee who submitted the request, as this employee believes they have been communicating with an established supplier or sales representative.

How to protect yourself:

Check to see if the request is consistent with how earlier wire payments have been made. Is your supplier asking you to wire funds to a new bank account or different location?
Look carefully for small changes in email addresses that mimic legitimate email addresses. Do not rely on the display name shown, and always look for differences between the domain (@yahoo vs. @gmail) or sender name (ABCSupplies@ vs. ABCSupply@).
Use an alternate method of communication to verify the identity of the person requesting the funds transfer. If the request is an email, then call and speak to the person using a known phone number to get a verbal confirmation for the request.
Implement dual control approvals with your bank for wire transfer requests. If an employee submits a request for a wire transfer, have a different employee who is aware of Business Email Compromise and is willing to ask the right questions provide approval to your financial institution.
Spread the word. Coach your employees about this type of fraud and the warning signs.

To read the full alert on Business Email Compromise, copy and paste the following link into your web browser:
https://www.nbtbank.com/Business/Customer-Support/Fraud-Information-Center/LatestFraudAlert/Business-Email-Compromise

If you have any questions, please contact NBT Bank Cash Management Support at 800-NBT-Bank (628-2265), option 8.

Ransomware: Not Going Away, Increasing in Frequency and Sophistication

Ransomware attacks continue to increase in frequency, and are becoming more sophisticated and targeted, meaning that an email containing an infected attachment can seem like it is coming from a trusted source such as a vendor or company. Malicious emails often no longer contain the typical indicators of phishing attempts, such as poor grammar and spelling, or "from" addresses which you do not recognize. It is extremely important to review all emails for content and purpose, and never open any attachments before verifying that the email is intended for you and is something which you were anticipating for a specific purpose.

What is Ransomware, and how does it happen to you? Ransomware attacks begin when an individual clicks on a malicious link or attachment in an email. Ransomware will then encrypt, or 'lock' all of the files on the user's computer, rendering the files unusable and inaccessible. After the files have been encrypted, the user will be prompted to pay a ransom to unlock their files.

Who is vulnerable? Ransomware attacks can be perpetrated against anyone, and caution must be practiced at all times.

How will you or your business be impacted?

If you fall victim to a Ransomware attack, the impact to individuals and businesses can reach far beyond removing the infection and recovering your files, and could also include:

Temporary or permanent loss of sensitive or proprietary information. Your personal or business files could be temporarily inaccessible or lost forever.
Disruption to regular operations. In the time it takes to respond to the attack, your computer files and the files on your network will be inaccessible, leaving your business inoperable or significantly impaired.
Financial loss. In order to fully respond to and recover from this threat, you may be required to invest significant resources in repairing and restoring your device or network, whether it be through the use of an internal or external IT Professional, or in extreme cases where a lack of preparation has left you with no other option to recover your files, paying the ransom.
Harm to an organization's reputation. Your business may suffer reputational harm when current customers or prospective clients learn that your business operations and their personal information have been affected by a Ransomware attack. Being prepared to appropriately prevent, detect, and respond to these events can help ensure a timely resumption of services and the protection of private customer information.

How to protect yourself: Prevent, Detect, Respond

Keep your anti-virus software active and up to date. Your anti-virus software is only as good as your last update.
Back up your files. Though creating a backup of your system will not prevent the execution of Ransomware, this preventative measure will allow for the recovery of data in an efficient and effective manner, without having to pay a ransom.
Be wary of suspicious or unsolicited emails, especially those which contain attachments or links.
Pay attention to anomalies when using your device, whether your computer seems to be running differently than usual, or if your computer is on a network of computers and seems to be communicating in a way in which it does not typically.
Educate yourself on Ransomware by reading this and similar alerts, such as the one released by the United States Department of Homeland Security (DHS) and the Canadian Cyber Incident Response Center (CCIRC), which can be found by typing the following link into your web browser: https://www.us-cert.gov/ncas/alerts/.
Paying the ransom is not recommended, and there is no guarantee the files will be decrypted upon paying the ransom. It is always recommended that victims work with an IT professional first before negotiating with the attackers.

For More information on Ransomware including an example of what a ransomware email might look like, please review our previous alert on Ransomware. It can be found by typing in the following web address into your browser:

https://www.nbtbank.com/Business/Customer-Support/Fraud-Information-Center/LatestFraudAlert/Ransomware

If you have any questions, please contact NBT Bank at 1-800-NBT-Bank (628-2265)

IRS Warns against CEO Phishing Scam

We have been alerted of a new twist on an old scheme using the cover of tax season. Criminals are now focusing on payroll departments and requesting a list of employee information via email, including SSN, Date of Birth, Home Address, and Salary. Criminals are then using this information to file fraudulent tax returns for refunds. In this scam, the email appears to be coming from the company CEO, and might even contain the actual name of the CEO or a similar email address. CEO tax phishing scams can be easily completed by the employee receiving the fraudulent email, and companies may not have controls in place for fulfilling W-2 requests. Here are some of the details that might be included in the fraudulent emails:

Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

Be wary if your CEO appears to be emailing you one of the above scenarios. Do not provide any personal, financial or confidential information through an email that appears to be suspicious. If the CEO has never asked for this information in this manner before it should be considered suspicious. Create verification controls for all requests via email regarding personal or financial information, such as dual control between Human Resources and Accounting employees, or out-of-email authentication of the CEO or executive via callback.

Nine Points of Protection.

Learn More

Latest Cyber Threats.

Learn More

Business Fraud Awareness, Prevention and Reporting Resources..

Find out about resources available for businesses to prevent fraud, cybercrime and report incidents.

Learn More