How Your Business Can Be Hacked into Bankruptcy
NEW YORK (MainStreet) Recent cyber heists of consumer credit information, while costly to banks and retailers, are usually more inconvenience than catastrophe for cardholders. With prompt notification to the issuer, consumers are protected from significant losses from fraudulent transactions. However, small businesses have little protection from seeing their livelihoods fleeced by fraud.
Take the example of a California escrow firm. In late 2012, three bogus international wire transfers exceeding $1.5 million drained the account of Efficient Services Escrow in Huntington Beach. The wires, bound for Russia and China without authorization from Efficient Services, crippled the firm's cash flow. With only three days allowed by the state to recover the stolen funds, and with the bank that processed the transfers denying responsibility in the matter, the firm was shut down and the entire staff of nine employees laid off.
Brian Krebs, the security industry journalist who first reported on the Target data hack, says small businesses are most at-risk in transacting their bank business online.
"If a banking Trojan infection results in cyber thieves emptying the bank accounts of a small business, that organization is essentially at the mercy of their financial institution, which very often in these situations disavows any responsibility for the breach, and may in fact stonewall the victim company as a result," Krebs writes on his blog. "That can leave victim organizations in a quandary: they can swallow their pride and chalk it up to a learning experience, or opt to sue the bank to recover their losses."
The FBI says most account takeover fraud schemes involve small-to-medium sized businesses with accounts at local community banks and credit unions. Many of these financial institutions use third-party service providers for online banking services, including wire transfers.
Unauthorized wire transfers tend to average $900,000 -- but have ranged from $50,000 to $985,000. In 2011, the FBI reported about $20 million had been bilked from small and medium sized business through fraudulent wire transfers.
A new twist to the wire scam involves telephone calls from individuals claiming to be with a wire transfer company's technical support team.
"One complainant reported that the wire transfer company's name was displayed on their caller ID," an FBI Internet Crime Complaint Center report says. "The callers instructed the victims to go to a particular website to run an application which allows the caller to remotely access the victim's computer. Once remote access was established, the victims were instructed to open their wire transfer program and log-in to their accounts, so the callers could update the system."
Victims were then told to turn off their computer monitors in order to "avoid interference with the update." Unauthorized wire transfers were then processed.
--Written by Hal M. Bundrick