8 Tips to Defend Against Online Financial Fraud Threats

Criminals in 2012 are increasingly targeting the accounts of business owners and executives as a way to facilitate financial fraud and CIOs can help protect their organizations against these attacks.

RSA, the security division of EMC, says one in every 300 emails circulating the web in 2011 contained some elements pointing to phishing, and those phishing efforts were primarily focused on perpetrating financial fraud.

"Compared with the total numbers of phishing attacks recorded in 2010, phishing numbers have increased considerably through the past year," RSA says in its fraud report, The Year in Phishing: January 2012. "The cumulative number of phishing attacks recorded through 2011 was 279,580-a 37 percent increase from 2010."

RSA predicts phishing attacks would continue to spread in 2012.

In December, the Federal Bureau of Investigation (FBI) warned that it had seen a rising trend in which cybercriminals compromised email accounts to request and authorize overseas wire transfers. It also reported criminals were using variations of legitimate email accounts to trick banks into thinking a wire transfer had been legitimately initiated.

"The FBI has observed a trend in which cybercriminals are compromising the email accounts of U.S. individuals and businesses and using variations of legitimate email addresses associated with the victim accounts to request and authorize overseas transactions," the Internet Crime Complaint Center (IC3), a joint effort by the FBI and the National White Collar Crime Center (NW3C), said in an alert issued on January 20. "The wire transfers are being sent to the bank accounts of individuals typically located domestically or in Australia and the funds are being sent directly to Malaysia. Investigations indicate that some of the money mules in the U.S. and Australia are victims of a romance scam and are asked to further transfer the funds to Malaysia. As of December 2011, the attempted fraud amounts total approximately $23 million; the actual victim losses are approximately $6 million."

The public sector is the biggest target of phishing attacks, but criminals are also targeting small and medium enterprises (SMEs), according to RSA. Jorge Rey, director, Information Security & Compliance with Kaufman, Rossin & Co., P.A., concurs with that assessment. Rey notes that SMEs are often vulnerable to such attacks because they tend to focus less on security and have fewer security resources than larger enterprises.

"In the past six months, I've had several clients call me and tell me that it occurred," Rey says. "We also consult with banks and hear about it. It's not something that is happening to our clients on a daily basis, but on a larger scale I would have to believe it happens on a daily basis."

Rey says he has seen a customer lose as much as $400,000 from its accounts due to such activity.

Eight Steps You Can Take

Business owners and CIOs can take steps to defend themselves from these crimes. Rey recommends organizations take the following steps:

-- Talk to your financial institution. "The first thing you want to do is understand what your liability is as a business owner," Rey says. "If something happens who is responsible for what? That way you know how to manage your liability." You should also ask your bank to describe its solutions for preventing fraudulent wire transfers.