We are continually monitoring online threats and reviewing our security procedures to protect all Client information. Although the Internet is one of the most powerful communication tools available, criminals may use the Internet to defraud unsuspecting people. Scams to retrieve a Client’s personal information can occur through many different channels, such as a phone call, email message or social engineering technique.
One of the most common methods used today to retrieve a Client’s personal information is called “phishing.” This is when fraudulent websites or emails are created in an attempt to steal personal information.
Clients are advised to never give out confidential information or passwords by replying to an email or by going to a website through a link included in an email. Even if you click on the link in an email but don’t actually provide confidential information, you could be exposing yourself to viruses, malware or other harmful pieces of software. Remember, One World Bank does not request confidential, personal or secure login information via email.
Spammers have gotten creative by making spam email messages appear as though it came from a reputable company or government agency, thus creating a sense of urgency to respond. This is a technique frequently used to lure unsuspecting people to provide confidential information that may be used for identity theft.
Be cautious of anyone calling you to ask for bank account or personal information over the phone.
Clients are urged to protect their computer system through the use of anti-virus, anti-spyware and firewall hardware and/or software. If anti-virus software is used, it’s very important to keep the virus definitions up-to-date so that the most recent threats may be detected.
If you use an Operating System such as Microsoft® Windows 8, Windows 8.1 or Later, stay abreast of the many security updates Microsoft® releases. It is important that your computer is updated and contains the appropriate patches. You may choose to setup an automatic update at a certain time each day or week.
Review your account statements when they arrive and report discrepancies to One World Bank.
If you do not recognize the sender of an email message, delete the email without opening it.
Keep your passwords confidential. Change passwords regularly using a complex combination of letters, numbers and special characters. Avoid using obvious passwords that may be easily guessed or hacked.
Never dispose of a hard drive without thoroughly cleaning it to remove all personal information.
When using an ATM or card machine at a gas pump, carefully inspect the device to ensure that no abnormal attachments have been added. If it doesn’t look right, don’t use it.
Corporate Account Takeover is a type of business identity theft where cyber thieves gain control of a business’ bank account by stealing employee passwords and other valid credentials. Thieves can then initiate fraudulent wire and ACH transactions to accounts controlled by the thieves.
Businesses across the United States have suffered large financial losses from electronic crimes through the banking system. These thefts have ranged from a few thousand to several million dollars. They have occurred in banks of all sizes and locations. And, they may not be covered by the bank’s insurance. Along with the financial impact, there is also a very high level of reputation risk for financial institutions.
Recognizing the importance of having banker developed practices specifically to assist the banking industry, the Conference of State Bank Supervisors (CSBS) and the Financial Services – Information Sharing and Analysis Center (FS-ISAC) have joined with the United States Secret Service (US Secret Service) and Texas Department of Banking to make practices for mitigating the risks of Corporate Account Take over available to financial institutions nationwide.
The best way to protect against corporate account takeover is a strong partnership with your financial institution. Work with your bank to understand security measures needed within the business and to establish safeguards on the accounts that can help the bank identify and prevent unauthorized access to your funds.
Each business should evaluate its Corporate Account Takeover risk profile and develop a security plan that includes sound business practices.
Protect your cyber environment just as you would your cash. Use appropriate tools to prevent and deter unauthorized access to your network and make sure you keep them up to date. Encrypt sensitive data and use complex passwords and change them regularly.
Dedicate one computer exclusively for online banking. This computer should not be connected to the business network, have email capability, or connect to the Internet for any purpose other than online banking.
Talk to your banker about programs that protect you from unauthorized transactions. Services offer as call backs, device authentication, multi-person approval processes and batch limits to help protect you from fraud.
Watch for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. And keep records of what happened.
The account agreement with your bank will detail what commercially reasonable security measures are required in your business.
You need to understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.
Educate all employees about cybercrimes so they understand that an infected computer can lead to an account takeover. An employee whose computer becomes infected can infect the entire network. For example, if an employee takes a laptop home and accidentally downloads malware, criminals could gain access to the business’s entire network when the employee connects again at work. All employees, even those with no financial responsibilities, should be educated about these threats.
Stay informed about defenses to Corporate Account Takeover. Since cyber threats change rapidly, it’s imperative that you stay informed about evolving threats and adjust your security measures accordingly.
You and your employees are the first line of defense against corporate account takeover.
A strong security program along with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
If you believe you are a victim of fraud or need to report a suspicious email that uses One World Bank’s name, please forward it to us immediately at: [email protected] If you receive a suspicious phone call that uses One World Bank’s name, please contact the bank at (972) 243-7775.