In recent events across the country, there are many financial institutions experiencing DDoS (Distributed Denial of Service) attacks, which are caused when an excessive amount of traffic hits a server and the server cannot maintain stability with the traffic flow. The servers will then error out and the services will be dropped. Typically, a customer would try to log onto the website but the website would either timeout, or the website wouldn’t load at all. The attacks would normally occur during normal business hours affecting customers from being able to access the online services. All occurrences of interruptions were caused by unknown external sources.
Attackers will also infect a customer’s computer with a virus, and then will attempt to transfer money from their account. Once these transfers are initiated, they will then attempt to create a DDoS against the financial institution, or even the customer. The goal for the attacks is to give the wire transfer time to process and be sent out before it is caught and stopped. The DDoS attack will usually be aimed at disrupting online services, such as online banking, email, and phone systems.
To help mitigate and reduce these types of occurrences from happening again, it is our practice to provide information on steps that you can take to guard against malicious activity and DDoS attacks. These steps include:
- Employ multiple and layered security tools.
- Install and use anti-virus software, and update it as recommended by its supplier.
- Keep operating systems up to date on all recommended patches.
- Limit Internet access for business computers to websites approved for business use and block all other websites.
- Learn and educate your employees on anti-phishing measures.
- Validate your business practices associated with wire transfers, including dual approvers for all wire or ACH transfers.
- The key to dual approvers is ensuring they access and approve from different machines.
- Take advantage of “Online Security Tips & Alerts” posted on our website.
We understand that the unpredictable nature of these external acts creates a high level of concern about the availability of services and the inconvenience for your banking needs. Information below will provide you with helpful hints on how to avoid becoming an online fraud victim.
What is a DDoS attack?
DDoS stands for Distributed Denial of Service. A DDoS attack is an attack that is aimed to make a server or service unavailable. This could include a website, online banking, bill pay, WireXchange, or anything connected to the internet. In order for an attack to occur, it requires a large magnitude of computers, or network traffic to reach out to that server or service at once. Once all those computers are talking to that server or service, the system cannot handle all the traffic at once. This causes it to become unresponsive and sometimes will make the service shutdown. In order for an attack like this to occur, attackers will infect as many computers as they can with malware or viruses. They will then create groups of computers known as botnets. Each botnet typically contains thousands of computers that they can call upon when needed. Attackers will create thousands of botnets to carry out the attacks, which could be hundreds of thousands of computers. The attackers will then cause these botnets to talk all at once to the financial institution creating a DDoS attack. This will cause the system to become unstable and unresponsive, and services will be disruptive.
What Is Phishing?
Phishing is an ongoing online scam that aims to steal passwords, banking information, Social Security numbers, credit/debit card numbers, and other sensitive information. Phishing uses a tactic that uses fake emails, fraudulent internet websites, and pop-ups that will mimic legitimate websites in order to obtain customer information. They can then commit online frauds such as ACH’s and Wire Transfers to obtain money/funds.
How It Works
A customer will get an email that will look like it came from a trusted source, such as their personal bank, eBay, Amazon, Paypal, etc. The email is duplicated to look exactly like a legitimate email would normally look like. They will copy all the logos, trademarks, pictures, phrases, phone numbers, etc. Some emails look like statements that have you click a link to view it online. Some emails might be a request to reset your password or to verify your password change. There will even be emails that will look like the company has found something wrong with your account and that you need to click a link to fix the issue. There are an endless amount of possibilities it could be, but the real threat is that link or picture that the “phisher” wants you to click.
There are several possible outcomes that will occur from clicking the links/pictures in the email. One possible outcome will ask for the user to input their information or log into their account to continue. Even though the website looks like the real website, the fake website will then capture all the information entered. The person who captures this information could then use those credentials to siphon funds out of an account, or to buy online purchases and perhaps ruin someone’s credit.
Another possible outcome would be malicious software will be installed. Once the user clicks the link, software will then install in the background without their acknowledgement. The website might seem like its slowing loading, but never actually loads. The malicious software could then capture passwords, websites they visit, Social Security numbers, account information and pretty much everything the user types. The malicious software can also install Trojans, which can allow the attacker to connect into the computer and view everything they’re viewing. This allows the attacker to do much more sophisticated attacks behind the scenes without their acknowledgement.
How to Prevent It
Education is the key to preventing phishing attacks. Since all phishing attacks require users to click the links, respond to the emails, or enter their information, it’s vital to train the users on phishing emails and how to prevent it. There is an endless amount of resources online that can warn users of the latest scams, report phishing emails, ask questions, and so much more. The following tips below will help prevent phishing attacks, and will help protect the user.
- Beware of all emails that request for urgent personal information and/or action. Typically, the phisher will try to upset or entice the customer to enter their information as soon as possible.
- Beware of emails that have spelling, grammatical errors, or not personalized. Some phishing emails are sent from other countries, which English is not their first language, so there is typically spelling or grammatical errors. Most of phishing emails are also sent in bulks, so typically the emails are not personalized. They might say, Dear “contact”, or Dear “client”. If you are suspicious or aren’t sure, call the company back before opening the email to get clarification on it.
- Be careful of personalized emails that ask for personal financial information. Level One Bank will never ask for your personal information nor send personal information over an email.
- Be careful about clicking on any link that goes to the Level One Bank’s website. It is best practice to manually enter the website address in. If you’re in doubt about a link in an email address, you can always call Level One Bank to get confirmation on the link that was sent.
- Hovering over email links will let you know where that link goes. Typically, you can tell whether or not the link is a phishing email or not by the address it is attempting to go to.
- Clicking on a phishing link can install malicious software and Trojans that are aimed at stealing online banking information, such as the Zeus bot Trojan.
- Do not complete any forms in an email and send it back to the sender. Level One Bank will never ask for this information through an email.
- Only communicate information, such as credit/debit card transactions, account information, money transfers, etc., via a secure session. A secure session will ALWAYS display “HTTPS://”. If you see “HTTP://”, please do not continue as your information can be captured.
- Whenever possible, do not use a wireless network for financial transactions. This would include public Wi-Fi spots such as hotels, restaurants, public libraries, etc. If a wireless network must be used, enforce security measures such as enabling encryption and MAC address filtering, changing the service set identifier (SSID) and turning off SSID broadcasting.
- Regularly log into your online banking accounts to check your bank, credit card, debit card statements to ensure they are all legitimate transactions. If there are any suspicious or unusual activities, please call your bank(s) and credit card companies to get assistance and/or to be issued new cards.
- Install a security software suite that includes antivirus, anti-spyware, malware and adware detection, from a reputable vendor. Keep the software up-to-date through an automatic update feature and configure it to perform recurring, automated complete system scans on a routine basis. This will help to protect a computer against known viruses, malware, and adware, but remember many viruses, malware, and adware programs are undetectable by antivirus software.
- Routinely install all new software and hardware patches or use the automatic update feature when available. Ensure that all your software, including your operating system and application software such as Microsoft Office, Java, Adobe Flash, Apple QuickTime, Adobe Reader, etc., are updated as well and not just the computer’s operating system.
- If your computer is connecting directly to the Internet, which is often the case with DSL or cable modem, you should use personal firewall software or a hardware router/firewall to protect your PC. If possible, use a separate and dedicated computer that only does all the online transactions and implement restrictions on the computer to prevent it from going outside certain white-listed websites. If adding an additional computer isn’t possible then setup and use a “non-privileged user” account on the computer to prevent unauthorized changes to the computer. Use this non-privileged account for web browsing whenever possible.
- You can also do a few more preventative measures such as not allowing the computer or web browser to save your login names and passwords. Clear the internet browser’s cache before visiting the bank’s website. Properly log out of the website by clicking the “Log Off” instead of the “X” on the browser page. Do not use the same computer for online transactions that children or “non-savvy” Internet users use for regular Internet access.
- Do not post your personal information on the web. Your high school, maiden name, date of birth, first car, first school, youngest sibling’s name, mother’s full name, father’s full name, best friend’s name, etc. are the answers to many security questions on financial web sites. When you post this information, you are making it easier for criminals to gain access to your financial information.
My Account Was Compromised, Now What?
Immediately stop using any computers that may be involved and contact Level One Bank and any other institution you use to request their help in preventing further loss and to aid in the possible recovery of any money.
Begin a log of your activities, including who you have talked with, what information you have and what mitigation steps you have taken. Report fraudulent activity to the local authorities. Sign up for any credit reports or identity theft protection service that can monitor credit scores/changes to prevent any ongoing damages.