Latest Fraud Alerts For Businesses

When it comes to protecting your business from fraud and cybercrime, it pays to know the latest threats. That’s why NBT Bank is committed to providing you with the most up-to-date information and alerts. Click the headings below to learn more about recent scams and tactics being used by cyber criminals.

Smishing Messages

NBT Bank has been alerted to SMiShing messages (text messaging phishing) being reported. The text message (example below) states the account has been locked and needs attention. The texts appear to be coming from the numbers listed below:

1-410-100-002

1-410-200-502

1-410-200-503

It asks customers to click on a link to a fraudulent website that is not affiliated with NBT Bank. Please be advised that even if body of the text is different or appears to be coming from a different sender, any similar texts could be a phishing attempt. Do not attempt to call or text this number, provide any information or click on any links.

SMiShing is a version of social engineering where fraudsters attempt to get personal or bank account information from unsuspecting consumers. Once the information has been compromised, they can use it for unauthorized transactions or use the personal information to open accounts, loans, or credit cards.

SMiShing message sample

NBT Bank will not require customers to send personal information in a text message. If you receive a suspicious communication, contact that person at a number you know and trust.

If you have provided any information or have any questions, please call 1-800-NBT-BANK (1-800-628-2265) immediately. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.

Small Business Administration Scams

The Office of Inspector General recognizes that we are facing unprecedented times and is alerting the public about potential fraud schemes related to economic stimulus programs offered by the U.S. Small Business Administration (SBA) in response to the Novel Coronavirus Pandemic (COVID-19). The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), the largest financial assistance bill to date, includes provisions to help small businesses. Fraudsters have already begun targeting small business owners during these economically difficult times. Be on the lookout for grant fraud, loan fraud, and phishing.

Individuals may receive fraudulent attempts through email asking them to click on links or attachments to complete an application for the program. Do not click on any links or attachments from unknown senders or unexpected correspondence.

Some emails may appear to come from a legitimate domain, so it is important to verify the validity of any requests asking for information. It is important to remember that any requests for US Cares Paycheck Protection Program will come directly from your financial institution. Disbursements will also only come from your bank.

Recognizing Phishing Emails

Remain vigilant when opening emails from unknown senders. The email may appear to be from someone you know. Pay attention to grammatical errors.
Never click any links or attachments in emails from someone you don’t know.
Report suspicious emails with unknown attachments or links to your email provider.
Ensure your personal computer systems and anti-virus are always up to date and running on the most current software version.

See sample phishing email below:

Sample Small Business Administration Scam Email

For more information and to report fraud attempts from the SBA please visit their website.

Please contact NBT Bank if you have provided any personal or financial information at 1-800-NBT-BANK or at [email protected].

Smishing Messages

NBT Bank has been alerted to SMiShing messages (text messaging phishing) being reported. At this time the text messages appear to be targeting the 607 and 518 area code, but may move to other area codes as well. The text message (example below) states the account has been locked and needs attention. The texts appear to be coming from the numbers listed below:

1-410-100-002

1-410-100-006

1-410-200-500

It asks customers to call back 1-866-794-5542. Please be advised that even if body of the text is different or appears to be coming from a different sender, any similar texts could be a phishing attempt. Do not attempt to call or text this number or provide any information.

Smishing Sample

NBT Bank will not require customers to send personal information in a text message. If you receive a suspicious communication, contact that person at a number you know and trust.

Cybersecurity Threats and How To Stay Safe During the COVID-19 Pandemic

In this modern age of the “Internet-of-Everything,” the world has never experienced a pandemic like COVID-19. As we are collectively distracted by the global health crisis, cybercriminals are exploiting the situation in many ways. They prey on fear and urgency. They thrive in the chaos created by disruption to our work force. Please use the below information to better educate and protect yourself. NBT Bank is here to help! Please check our website for updates and reach out to us with any fraud/cybersecurity concerns through our email [email protected].

How is COVID-19 increasing Cyber Risk?

Fear and Urgency – Cybercriminals are preying on your fear and urgent need for news and supplies related to COVID-19. Attacks are frequently initiated through social engineering (phishing/spear phishing) and could lead to credential theft, financial fraud, ransomware and more.

Increased Attack Surface – Government and employers are pushing employees to temporarily work remotely – outside of the fortress walls so to speak – creating opportunities to exploit people and resources like never before.

A summary of the latest COVID-19 related threat intelligence.

Fake Domains – A significant spike in newly registered COVID-19-related domains has been observed. These domains are used to lure visitors to malware-infected sites or to further perpetrate social engineering tactics.

Phishing Attacks – A significant spike in COVID-19-themed phishing attacks has been observed and these attacks exploits the fearful mindset of recipients. Supply shortages (e.g. hand sanitizer, masks, etc.) foster a sense of urgency and create opportunities for threat actors to “meet the demand” by selling supplies. In reality, they take your money and don’t deliver.

Use of Familiar Brands/Trademarks - Social engineering tactics focused on gaining trust by leveraging brands such as the US Centers for Disease Control (CD) and the World Health Organization (WHO), as well as country-specific agencies and businesses such as FedEx and major airlines are being used to similarly trick unsuspecting and fearful recipients.

Sophisticated Attackers - Nation-state attackers – Advanced Persistent Threats from China, North Korea, Russia and elsewhere - have been associated with a handful of cases that reference COVID-19. Such attackers have better skills and resources and their goal is often to silently infiltrate an organization, where they meticulously gather information, move laterally through the network in search of privileged accounts and sensitive information prior to executing a variety of attacks.

Malware – The use of fake domains, social engineering and familiar brands is ultimately designed to get something valuable from you. Often, these techniques are also used to deliver malicious software, or malware, that facilitate the theft of information or fraud.

Challenges for companies as workforce goes home.

Social distancing recommendations to combat the spread of COVID-19 are sending America’s workforce home in droves. Below is a summary of the potential issues that companies will have to consider:

Sensitive Information – Inside the corporation there are typically more controls in place to protect and monitor sensitive information such as intellectual property and trade secrets. While executives, managers and certain team members may have remote access privileges, it is likely that not everyone does. With the rapid expansion of the remote workforce companies will grapple with how to keep their critical information secure while expanding their footprint beyond the traditional perimeter defenses.

Strain on IT Staff – IT teams are already short staffed and overburdened and now the prospect of having to send the workforce home – with connectivity to the office – may be overwhelming. Mistakes or oversights, particularly with respect to security, will increase.

VPN Security – VPNs are devices or software that encrypts your computer’s connection to the corporate office and they are essential to data security. Unfortunately, the patch window for VPNs (the time between discovery of a vulnerability and the time it is fixed by the company) is historically long, leaving the vulnerability exposed to exploitation. Further, employees typically access other corporate resources, such as email (e.g. Office 365) and other online portals without utilizing a VPN from home and insecure public networks.

Unmanaged Devices – The remote employee may utilize a company-issued computer on a home network with dozens of other Internet-connected devices, including vulnerable Smart TVs. Unless the employee is technically savvy and cyber-aware, the patch window on personal computers is probably longer than desired. These unmanaged systems may be running outdated antivirus or none at all.

Lack of Monitoring – Companies typically have no visibility into an employee’s home network and may have no process in place for monitoring VPN connections or what the employee is doing while connected remotely to the company network. Further, most companies have little to no visibility into what the employee does with sensitive information that has been removed from the company’s internal network.

Insecure Wi-Fi – Home Wi-Fi if is often a “set-and-forget” service. Typically, home wi-fi broadcasts the network name (SSID) with descriptive information about the router and may be secured with a weak or default password – which are available online.

Skeleton Office Crews – Vacant homes with unlocked doors are invitations to burglars. An empty office without monitoring of critical systems and data is no different.

Tips to protect your company.

The advice below is not novel in the cybersecurity space, but it deserves renewed focus as we all brace for the impact of increased cyber-attacks related to COVID-19:

Avoid Being A Victim of Social Engineering In the Office Or At Home

ALWAYS check the email ‘From’ field to validate the sender. This ‘From’ address may be spoofed.
ALWAYS check for so-called ‘double-extended' scam attachments. A text file named ‘safe.txt’ is safe, but a file called ‘safe.txt.exe’ is not.
ALWAYS report all suspicious emails to your Information Technology help desk.
ALWAYS note that verify the domain name of the websites you visit or that are revealed in embedded links.
NEVER open any email attachments that end with: .exe, .scr, .bat, .com or other executable files you do not recognize.
NEVER “unsubscribe” - it is easier to delete the e-mail than to deal with the security risks.
NEVER click embedded links in messages without hovering your mouse over them first to check the URL and verify the domain is safe/secure.
NEVER respond or reply to spam in any way. Use the delete button.

Prepare for reduced personnel in the office.

If you do not have a Business Continuity Plan, make one and ensure everyone understands their role.
Test remote access to ensure it works in the event your building closes or is completely vacated/li>
Review the safeguards in place to ensure the security of your sensitive data.
If possible, monitor access to the network, VPN usage and to systems that store your critical data.
To the extent possible, restrict remote access connections to the resources needed and avoid network-wide access.
Have a backup plan in the event your IT team gets sick or incapacitated (ensure that more than one person has the ability to perform all IT functions).
Ensure that systems used to process payroll and accounts receivables are secure and accessible to the right people remotely.

Bolster your home office defenses.

RESET your modem or router password to a custom, strong password.
BE AWARE that the default password or password-bypass PIN code might be affixed to the back or bottom of your router.
USE a password manager (e.g. LastPass, Password1, Dashlane) to securely create and store your passwords.
HIDE or CHANGE your Wi-Fi network name (SSID) to something non-descriptive. While you’re at it change the name of your iPhone to something non-descriptive so you are not broadcasting your name and device type to everyone in the coffee shop or airport.
ENABLE WPA2 encryption on your Wi-Fi network.
ENABLE a Guest network at home so you can keep your home network isolated.
PATCH your home devices regularly by setting the operating system and applications to automatic updates.
USE multi-factor authentication to access all online portals and corporate resources.
USE next generation anti-virus software that is smart enough to detect/block advanced attacks, ransomware and polymorphic malware.
USE a VPN whenever you are connecting to work resources or personal financial websites.
USE a VPN whenever you are in the coffee shop (public Wi-Fi), including on your Smart phone.
SEPARATE your IoT devices (such as Smart TVs, appliances, etc.) onto a different network if your router allows it - or buy one that does.
ENABLE Windows Defender on computers running the Windows 10 operating system.
INSTALL a firewall appliance between your home network and your modem/router.
USE an app (e.g. Fing) on your Smart phone to quickly scan and identify all of the devices on your home network. Track down anything suspicious.

NBT Bank is here to help! Please check our website for updates and reach out to us with any fraud/cybersecurity concerns through our email [email protected].

Defending Against COVID-19 Fraud Scams

How to defend yourself and stay safe amid COVID-19 Scams

NBT would like to take this time to warn our customers to remain vigilant on an increase in scams related to the Coronavirus Disease (COVID-19). Scams could come in a variety of forms including phishing emails with malicious links or attachments to try and trick victims into revealing sensitive information. This could also come in the form of donations to fake charities. Always exercise your due diligence when opening any email related to COVID-19 and be wary of social media ads, texts or calls.

Some important tips you need to know:

Avoid clicking on links in unsolicited emails and be wary of attachments. Email scammers often try to elicit a sense of fear or urgency in victims.
Use trusted sources- such as legitimate government websites for the most up-to-date fact based information about COVID-19.
Do not reveal personal information or financial information in an email, and do not respond to solicitations for this information.
Always verify a charity before making donations by contacting the charity directly or verify the charities existence. Do not donate if the solicitor is using high-pressure tactics or insists on a cash donation.

If you have questions about this scam or think you might be a victim, call NBT Bank customer service at 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.

NBT Bank Themed Phishing Emails

NBT Bank continues to receive reports of phishing emails targeting customers and non-customers containing suspicious links. Phishing is a fraud attempt where an individual is asked to click on links or attachments in an email, or other type of message, to gather personal information or cause damage to a computer or network.

How does it work?

In the latest phishing attempt, fraudsters are sending emails impersonating NBT Bank asking recipients to confirm a transaction. There is a link at the bottom that directs you to a fake website to input login credentials and personal information. The fraudsters take this information and immediately use it to take over your online banking account and change the username and password so it’s not accessible.

What are the red flags?

The email says it is from NBT Bank, but the email address is not NBT Bank.
The email contains multiple typos and incorrect grammar.
The email asks you to click a link that does not take you to the company’s website.
The email requests personal information like your login credentials or social security number.
The email looks completely different from previous emails you’ve received from NBT Bank.

What can you do to prevent this from happening?

Never share your personal information online with someone you don’t know.
Do not click on any links or attachments in emails that you do not recognize.
Delete any suspicious emails that you received.
Hover your mouse over the link without clicking on it to see where it’s taking you. If it doesn’t match the sender of the email, don’t click!

Pictured is a sample of the fraudulent email. Please be advised that even if body of the email is different or appears to be coming from a different sender, any similar emails could be a phishing attempt.

Example of Phishing Email

If you believe you have received a phishing email and shared your personal information, please call NBT Bank immediately at 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.

Cybersecurity Awareness

Here at NBT Bank, we prioritize the safety of our customers by constantly enhancing our security measures and educating customers on how to #BeCyberSmart and remain #CyberAware. There are several steps you can take to make sure your information and your devices are always protected against cybercrime. We’re sharing three simple steps to help you Own IT. Secure IT. Protect IT. These tips encompass all necessary actions to protect your most valuable information. The focus to #BeCyberSmart is to be intentional with your online activity.

Own IT: Keep track of the information you’re sharing online and what rights those platforms have to it. Regularly maintain privacy settings and manage your information.

Secure IT: Establish unique passwords and keep them private. Set up multi-factor authentication when available and never write down your login credentials. Ensure that you’re the sole person that can login to your accounts.

Protect IT: Be cautious when you see an email that looks suspicious. Never click on links or attachments if an email seems unusual or you don’t know who it’s from. If you receive a suspicious email that claims to be from NBT Bank, notify us by emailing [email protected].

The effort to raise cybersecurity awareness doesn’t stop. We encourage you to explore the Fraud Information Center to learn more about how to prevent, protect, and report all suspicious banking activity. This information is updated on a regular basis.

If you think you might have been the victim of a scam or other form of cybercrime, contact our team right away by calling 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.

Payroll Scam

It’s a normal day in your business’s payroll department when an email comes in posing as an employee. The email asks to have payroll switched to a new account. The payroll is switched with no questions asked and everything seems OK. Fast forward two weeks when the direct deposit hits. The employee calls asking why their payroll deposit was never made. Turns out, they never requested a changed in their direct deposit, and the fraudsters have been paid instead.

To avoid falling victim to this scam like this, look for these red flags:

The email contains a sense of urgency, asking that the request be completed immediately.
The email is coming from an address that isn’t on file for the employee.
There are multiple grammatical errors and spelling mistakes throughout the email.
When speaking with the employee directly, they claim to never have requested this change.

In order to avoid being a victim, set up extra verification steps when employees request a change in their payroll. If your company requires a signed form, compare signatures with what you have on file. If you receive an email that seems suspicious, contact the employee directly via a known phone number.

At NBT Bank, we take steps to monitor and protect all our customer’s account. If you believe you’ve been the victim of this scam, contact your local branch or call 1-800-NBT-BANK. Customer service representatives are available Monday through Friday from 7:00 a.m. to 7:00 p.m. and Saturday from 9:00 a.m. to 12:00 p.m.

Business Email Compromise

Business Email Compromise and Spear Phishing: A Sharp Cost

NBT Bank has recently noticed an increase in a type of fraud referred to as Business Email Compromise (BEC). This occurs when fraudsters fool an employee into submitting a wire transfer by posing as a supplier, vendor, or business partner. In a new variation of BEC, fraudsters are using spear phishing attempts. Spear phishing refers to targeted emails going to a specific department or line of business. For example, the accounting and finance department or payroll.

The email contains a link to what looks like an encrypted file. When clicked, the user is prompted for their username and password on a fake login screen. With this information, fraudsters can sort through their emails for invoices, communications with banks, or other important financial information. They also use this information to make rules in the user’s inbox to automatically forward emails for real time information. Most recently, there has been an increase in attacks toward healthcare, professional services, higher education and real estate closing companies.

How to protect yourself:

Don’t click on links in suspicious emails. Clicking a link could compromise your account or your network.
Check to see if the request is consistent with how earlier wire payments have been made. Is your supplier asking you to wire funds to a new bank account or different location?
Look carefully for small changes in email addresses that mimic legitimate email addresses. Do not rely on the display name shown, and always look for differences between the domain (@yahoo vs. @gmail) or sender name ([email protected] vs. [email protected]).
Use an alternate method of communication to verify. If the request is an email, then call and speak to the person using a known phone number to get a verbal confirmation for the request.
Implement dual control approvals with your bank for wire transfer requests. If an employee submits a request for a wire transfer, have a different employee who is aware of BEC and is willing to ask the right questions and provide approval to your financial institution.
Spread the word. Coach your employees about this type of fraud and the warning signs.

If you have any questions, please contact NBT Bank Cash Management Support at 800-NBT-Bank (628-2265), option 8.

Ransomware: Not Going Away, Increasing in Frequency and Sophistication

Ransomware attacks continue to increase in frequency, and are becoming more sophisticated and targeted, meaning that an email containing an infected attachment can seem like it is coming from a trusted source such as a vendor or company. Malicious emails often no longer contain the typical indicators of phishing attempts, such as poor grammar and spelling, or "from" addresses which you do not recognize. It is extremely important to review all emails for content and purpose, and never open any attachments before verifying that the email is intended for you and is something which you were anticipating for a specific purpose.

What is Ransomware, and how does it happen to you? Ransomware attacks begin when an individual clicks on a malicious link or attachment in an email. Ransomware will then encrypt, or 'lock' all of the files on the user's computer, rendering the files unusable and inaccessible. After the files have been encrypted, the user will be prompted to pay a ransom to unlock their files.

Who is vulnerable? Ransomware attacks can be perpetrated against anyone, and caution must be practiced at all times.

How will you or your business be impacted?

If you fall victim to a Ransomware attack, the impact to individuals and businesses can reach far beyond removing the infection and recovering your files, and could also include:

Temporary or permanent loss of sensitive or proprietary information. Your personal or business files could be temporarily inaccessible or lost forever.
Disruption to regular operations. In the time it takes to respond to the attack, your computer files and the files on your network will be inaccessible, leaving your business inoperable or significantly impaired.
Financial loss. In order to fully respond to and recover from this threat, you may be required to invest significant resources in repairing and restoring your device or network, whether it be through the use of an internal or external IT Professional, or in extreme cases where a lack of preparation has left you with no other option to recover your files, paying the ransom.
Harm to an organization's reputation. Your business may suffer reputational harm when current customers or prospective clients learn that your business operations and their personal information have been affected by a Ransomware attack. Being prepared to appropriately prevent, detect, and respond to these events can help ensure a timely resumption of services and the protection of private customer information.

How to protect yourself: Prevent, Detect, Respond

Keep your anti-virus software active and up to date. Your anti-virus software is only as good as your last update.
Back up your files. Though creating a backup of your system will not prevent the execution of Ransomware, this preventative measure will allow for the recovery of data in an efficient and effective manner, without having to pay a ransom.
Be wary of suspicious or unsolicited emails, especially those which contain attachments or links.
Pay attention to anomalies when using your device, whether your computer seems to be running differently than usual, or if your computer is on a network of computers and seems to be communicating in a way in which it does not typically.
Educate yourself on Ransomware by reading this and similar alerts, such as the one released by the United States Department of Homeland Security (DHS) and the Canadian Cyber Incident Response Center (CCIRC), which can be found by typing the following link into your web browser: https://www.us-cert.gov/ncas/alerts/.
Paying the ransom is not recommended, and there is no guarantee the files will be decrypted upon paying the ransom. It is always recommended that victims work with an IT professional first before negotiating with the attackers.

For More information on Ransomware including an example of what a ransomware email might look like, please review our previous alert on Ransomware. It can be found by typing in the following web address into your browser:

https://www.nbtbank.com/Business/Customer-Support/Fraud-Information-Center/LatestFraudAlert/Ransomware

If you have any questions, please contact NBT Bank at 1-800-NBT-Bank (628-2265)