Secure DNA provides information technology security and compliance services. www.secure-dna.com
How can I protect myself from Automated Clearing House fraud?
The ACH network is used by financial institutions to process direct deposits, checks, bill payments and cash transfers. Unfortunately, it’s also a popular target for hackers since all they need are someone’s account details to commit fraud.
ACH fraud often begins with a phishing email that tricks victims into opening infected attachments or links to infected websites, in turn installing malware on their computer or divulging account information. In late 2009, the FBI warned that it had seen a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium businesses, municipal governments and school districts.
“Once the recipient opens the attachment or visits the website, malware is installed on their computer,” the FBI said. “The malware contains a key logger which will harvest each recipient’s business or corporate bank account login information. Shortly thereafter, the perpetrator either creates another user account with the stolen login information or directly initiates funds transfers by masquerading as the legitimate user.”
Although this warning is four years old, these attacks are alive and well. According to Javelin Strategy & Research’s 2013 Identity Fraud report, the most financially damaging type of account-takeover fraud in 2012 was ACH fraud, with the highest mean fraud figure at $5,138 per incident.
As recently as March 4, 2013, while scanning incoming emails for one of our clients, Secure DNA identified an email that appeared to originate from the “Federal Reserve Bank@sys.frb.org.” The email contained the Federal Reserve Bank logo and a subject line of “FedMail (R): FedACH Notification – End of Day – 03/4/13.” Our system quickly identified the source address was spoofed, and that financial-fraud malware known as Zbot Trojan was imbedded within an attachment.
To protect yourself from hackers, follow these easy tips:
- Keep your systems and antivirus software up to date.
- Don’t click on links in emails purporting to be from your financial institution; if in doubt, call your financial institution or visit its website.
- Never respond to emails requesting personal or business financial information.
- Do not use public computers or public wireless networks for online transactions or banking activities.
- Reconcile your accounts for unauthorized transactions.
- Set up ACH debit blocking and dollar-limit controls if your financial institutions allow them.
- Use two-factor authentication for accessing financial accounts if available.
- Consider using a separate computer for the sole purpose of conducting financial transactions.