Fighting Fraud: How to Spot and Beat a Cyberattack
Take our quiz below and learn how to protect yourself from cyberfraud
Cybercrime has become a serious, costly business, with firms around the world at risk of losing billions of dollars from something as simple as a fraudulent email or an illegitimate request for information. The losses and potential losses as a result of business email compromise or email account fraud top $12 billion according to the FBI 1 , so recognizing scams and knowing what to do when they occur can save you, the company you work for and your clients real time and money. At J.P. Morgan, we invest around $10 billion of our annual firmwide technology budget on cybersecurity to keep our data and clients safe. Test your knowledge with our quiz below and learn how to spot and prevent the most common forms of cyberfraud.
Watch Your Emails
Danielle works at Peterson Publishing and receives an email from her company’s paper supplier, Great Paper Co. The email asks that Peterson Publishing change the account they send Great Paper’s payments to, as they have moved their accounts to another bank. The email appears to be coming from her normal contact at Great Paper Co.
What should Danielle do?
The email is coming from the normal contact at Great Paper Co., Danielle should update the payment account as requested
Danielle should call the contact at the verified number her company has on file to be sure the supplier requested the change
Danielle was at risk of becoming a victim of business email compromise (BEC). Fraudsters have multiple methods to perform BEC and either take over an email account or make an email appear to be coming from a supplier’s email account. Because it is a change to the payment account, Danielle should call the contact at the verified number her company has on file to be sure they requested the change.
Keep Your Data Safe
Jorge is late in providing some client information to an outside vendor that is needed for a proposal they are preparing. Since he is not sure which person on the team needs the information, he brings up the email from the vendor, chooses the reply-all option in his email system and attaches a spreadsheet with sensitive account details of his company’s clients.
What should Jorge do before sending the email?
Jorge should double-check the recipients included on the email and the information included in the file. He should also consider sending it as an encrypted email
The email came from the team requesting the information, since he is already late in replying, Jorge should send the email right away
Data loss prevention or being mindful of what data we share and who we share it with is an important line of defense in the fight against cyberfraud. As sensitive client information is being shared that could result in a data breach if sent to the wrong person, Jorge should double-check if it is necessary to send all the data contained in the attached file. He should also verify if all the recipients included on the email have a need to see the information, removing any names he is unsure of. Finally, Jorge should also consider sending an encrypted email or password protecting the attached file before sending it.
Beware of Scams
Isabelle receives a call from a number that matches her bank. The caller states they are calling about suspected fraudulent charges on her debit card and provides details of the transactions. The caller also provides the last four digits of her debit card and her home address to verify they are from the bank. Isabelle confirms the charges are fraudulent and the caller says they will send a replacement card right away. The caller requests her mother’s maiden name and debit card PIN in order to send a replacement card with the same PIN in the mail the next day.
What should Isabelle do?
Isabelle should ask for the caller’s name and call them back at the number on the back of her debit card
Isabelle should provide the requested information so she can receive her new card right away
Social engineering is a broad term that refers to scams used by criminals to trick, deceive and manipulate victims into giving out confidential information and funds. It is very easy for fraudsters to spoof phone numbers of financial institutions and obtain basic information like a victim’s home address or purchase a stolen debit card number. Isabelle should always verify an unknown caller’s identity and never give out sensitive information until she can verify the caller. When possible, she should call the contact number provided by the bank to ensure she is speaking with the employees of the bank.
Think Before You Click
Tom receives an email at his work email account from a school he attended that he mentions in his LinkedIn profile. The email contains a link to confirm his attendance at a reunion several months away and states that he needs to confirm by tomorrow or he will not be able to attend.
What should Tom do?
Tom really wants to attend the reunion and see his old classmates, he should click the link and confirm his attendance
Tom should review the link to make sure it is a link to his alma mater by hovering over it before clicking it
Another common fraudster tactic is the use of malware - malicious software, programs or files that are harmful to a computer user. Cybercriminals can easily obtain information from profiles on social media sites and use that information to craft phishing emails that they know will appeal to the receiver. Tom should always be suspicious of any links in external emails and verify a link is going to a proper site by hovering over it before clicking straight through. Tom should also be suspicious of any unexpected email attachments that might contain malware. Visiting malicious websites or opening suspicious attachments may infect his PC and possibly his company’s network with malware.
Read about how technology has provided tremendous opportunities for treasury professionals harnessing it to achieve core objectives.Read more about Why Cybersecurity Needs to Be Embedded in Treasury Culture
J.P. Morgan this month became the first U.S. bank to create and successfully test a digital coin representing a fiat currency.Read more about J.P. Morgan Creates Digital Coin for Payments
1. Federal Bureau of Investigation public service announcement, July 2018
The information provided here is intended to help clients protect themselves from cyberfraud. It does not provide a comprehensive list of all types of cyberfraud activities or identify all types of cybersecurity best practices. The client company or organization is responsible for determining how to best protect against cyberfraud activities and for selecting the cybersecurity best practices that are most appropriate to its needs.
JPMorgan Chase Bank, N.A. Member FDIC.
© 2019 JPMorgan Chase & Co. All Rights Reserved.