Warning Signs of Potentially Compromised Computer Systems
Warning signs visible to a business or consumer customer that their system/network may have been compromised include:
- Inability to log into online banking (thieves could be blocking customer access to the customer won’t see the theft until the criminals have control of the money);
- Dramatic loss of computer speed;
- Changes in the way things appear on the screen;
- Computer locks up so the user is unable to perform any functions;
- Unexpected rebooting or restarting of the computer ;
- Unexpected request for a one time password (or token) in the middle of an online session;
- Unusual pop-up messages, especially a message in the middle of a session that says the connection to the banking system is not working (system unavailable, down for maintenance, etc.);
- New or unexpected toolbars and/or icons; and
- Inability to shut down or restart the computer.
Examples of Deceptive Ways Criminals Contact Account Holders
The FDIC does not directly contact bank customer (especially related to ACH and Wire transactions, account suspension, or security alerts), nor does the FDIC request bank customer to install software upgrades. Such messages should be treated as fraudulent and the account holder should permanently delete them and not click on any links.
Messages or inquiries from the Internal Revenue Service, Better Business Bureau, NACHA, and almost any other organization asking the customer to install software, provide account information or access credentials is probably fraudulent and should be verified before any files are opened, software is installed, or information is provided.
Phone calls and text messages requesting sensitive information are likely fraudulent. If in doubt, account holders should contact the organization at the phone number the customer obtained from a different source (such as the number they have on file, that is on their most recent statement, or that is from the organization’s website). Account holders should not call phone numbers (even with local prefixes) that are listed in the suspicious email or text message.
Resources for Business Account Holders
- The Better Business Bureau’s website on Data Security Made Simpler:
- The Small Business Administration’s (SBA) website on Protecting and Securing Customer Information: http://community.sba.gov/community/blogs/community-blogs/business-law-advisor/how-smallbusinesses-can-protect-and-secure-customer-information
- The Federal Trade Commission’s (FTC) interactive business guide for protecting data:
- The National Institute of Standards and Technology’s (NIST) Fundamentals of Information Security for Small Businesses: http://csrc.nist.gov/publications/nistir/ir7621/nistir-7621.pdf
- The jointly issued “Fraud Advisory for Businesses: Corporate Account Takeover” from the U.S. Secret Service, FBI, IC3, and FS-ISAC available on the IC3 website (http://www.ic3.gov/media/2010/CorporateAccountTakeOver.pdf ) or the FS-ISAC website (http://www.fsisac.com/files/public/db/p265.pdf)
- NACHA – The Electronic Payments Association’s website has numerous articles regarding Corporate Account Takeover for both financial institutions and banking customers: http://www.nacha.org/c/Corporate_Account_Takeover_Resource_Center.cfm.
- Payment Card Industry (PCI) Security Standards Council
^return to top