Recently, several fraudulent checks were cashed against our company’s bank account. Some thief obtained our RTN and account number, and then manufactured fake payroll checks from a regional staffing company with the names of three big banks printed on them. It was a mediocre job at-best—something any high school could create on their laptop computer—but good enough to fool a few tellers and cashiers.
As a result, the funds were debited from our account, and it took a few weeks to have those monies re-deposited into our account—after filing police reports in each of the jurisdictions that a check was cashed. During this unfortunate experience, I decided to dig deeper into the seedy business of fraud and identify theft and concluded the following:
Ø It is incredibly easy to defraud the financial industry and its customers;
Ø There are an infinite number of very easy methods by which your identity can be stolen and exploited—as a business owner or as an individual; and
Ø Just as easy, are the preventive measures.
Nearly all identity theft starts with the stealing of source information—it is rarely created. In our case, that source information was our company’s bank account number, which had to be obtained from a valid check, either paper or electronic. So I started mapping the possibilities.
First, I considered the paper check. We issue dozens of paper checks each month to vendors, which sit in mailboxes. Once received and processed, the check stubs are often discarded into trash cans and recycling bins. It is just too easy for someone who is willing to steal mail or go “dumpster diving” to retrieve this information.
The first step in protecting yourself against fraud—shred everything that has your name, address, financial and other information—including credit card applications and other offers having your name and address.
Then I started mapping the possibilities for nefarious collection of information via the Internet.
Our accounting team often collaborates via email with scans of cancelled checks, bank statements, and other source information. Our finance department uses online requests for wire transfers, and our purchasing specialists conduct online transactions—all quite susceptible to malware and phishing schemes.
Phishing is the practice of tricking people into divulging private or sensitive data by fake email links and websites. This has been shown to be more than 80 percent effective. Why? Two recent studies indicated that most business people ignore warnings from their Internet browser.
Firefox, Internet Explorer, Safari and Chrome notify the user when an Internet site does not have validated credentials. When asked, most people don’t realize that their reflex of clicking “Ignore” to a warning (shown) puts them at significant risk of a phishing attack.
Unless you trust the source, and verify the URL, it is strongly recommended that you select the “get me out of here” button when your browser warns you of an untrusted site.
Your browser also indicates when you have a secure connection to a website—in technical terms a Secure Socket Layer (SSL)—a communications protocol for encrypting information over the Internet. Without an SSL connection, thieves can easily impersonate / replicate a trusted website (i.e., bank, bill pay, online store, etc.) and trick you into providing account information including usernames, passwords, and account numbers.
Once you have typed in that information, it is off-to-the-races for the thieves. To minimize this vulnerability, be sure to verify an SSL connection when entering any and all private information. The URL should include an “s” in the address “https://…”
Having your identity stolen is as invasive as someone breaking into your home. Locking you’re digital doors by following these few simple actions will thwart most attacks.
In the next article, I will introduce several methods for encrypting data for safe transmission over the Internet.
Content contributed by Advanced Mission Systems, LLC, a company specializing in technical surveillance and physical, electronic and cyber security for military, law enforcement, commercial and individual use. For more information, contact Jerry Snyder at 980-819-2600 or visit www.amsdv.com.