Fraud on the rise: How increased awareness can keep you protected

Rob Zerby

Key Takeaways

  • SVB stays aware of the emerging trends in bank account fraud, like the rise of account takeover attacks, and we share this information with our clients via our Fraud Prevention Center.
  • Your online and mobile environments — including systems like online banking and hardware such as smartphones, computers and servers — both protect and expose your company’s assets and information.
  • Taking precautions to safeguard online accounts that go beyond simply using strong passwords and firewalls are vital.

When it comes to fraud protection strategies, companies can’t take a “set it and forget it” approach. Fraud trends and tactics are constantly shifting and evolving in response to changes in the world. In response to new ways of combatting frauds such as business email compromise or phishing scams, fraudsters come up with even more sophisticated and hard-to-detect ways to target and exploit victims – in particular high-profile consumers.

SVB pays close attention to the shifting fraud landscape, and when we see new trends emerge, we share the information with our clients. One of those trends is the rise of account takeover attacks. Here’s what you need to know to identify and protect against these types of scams.

What are account takeover attacks?

An account takeover occurs when a cyberthief gains credentials to an individual’s most sensitive online accounts. These thieves may target an individual’s personal bank account and effectively empty it, leaving the account-holder with zero balance—and potentially no way to recoup their money.



"Account holders must watch carefully for unsolicited requests for personal information such as passwords, responses to security questions or one-time passcodes."



While some online scams are built on brute force—say, using powerful algorithms to crack a password—account takeovers require patience and sophistication on the part of the cyberthief. The criminals aim to learn passwords and login credentials through nuanced means such as:

  • Phishing (click here to learn more about phishing and other scams)

  • Placing malware on a user’s device in order to monitor their keystrokes to learn their user ID and password

  • Impersonating bank employees and asking customers for their passwords, PINs or one-time passcodes. (SVB will never ask for this information.)

What’s new?

Globally, banks are experiencing higher rates of account takeover attacks. Around the world, bank customers are being targeted more frequently and with more powerful tactics. By some measures, account takeover attacks steal nearly 30,000 credentials every minute.1

What can you do?

Take precautions to safeguard online accounts. Those precautions go beyond strong passwords and firewalls: Account holders must watch carefully for unsolicited requests for personal information such as passwords, responses to security questions or one-time passcodes.



"Around the world, bank customers are being targeted more frequently and with more powerful tactics. "



Customers can use the following tips to keep themselves out of reach of account takeover attacks:

  • Don’t respond to unsolicited requests for account or personal information, such as user IDs, passwords, challenge questions or one-time passwords

  • Establish dual administration and have both administrators pay attention to any unexpected alerts about failed login attempts or new devices being added to your online account

    • If one users email is compromised, another user will be alerted of any unauthorized activity

    • To update your account and enroll in dual administration, email your Relationship team for the Administrator Change Request form

  • Be wary of clicking on links in emails or online advertisements

  • Pay attention to any unexpected alerts about failed login attempts or new devices being added to online accounts

  • Use anti-malware software such as Trusteer Rapport, available at no cost to all SVB clients

  • Enable account notifications that cover balance and transaction thresholds, password changes, and any additions or modifications to the user profile

  • Set transaction limits and require a secondary approval for payments

Additional Fraud Prevention Reminders

  • With Multi-Factor Authentication (MFA) currently enacted for all SVB Online Banking clients, please make sure that your Authenticate phone number has been validated to ensure that you do not face any challenges with MFA at the point of login

  • Keep personal and business information protected and secure with strong, unique passwords

  • Continuously monitor accounts for unusual activity


For more information about online fraud prevention techniques, visit SVB’s Fraud Prevention Center. If you suspect that you may be a victim of fraud, contact your Relationship Manager or clientsupport@svb.com.


1
Source: NuData Security/Mastercard, “Account Takeover: Chronology of an Attack.” [https://nudatasecurity.com/resources/infographics/account-takeover-infographic/]

This article was originally published on October 13, 2020.

Rob Zerby
Written by
Rob Zerby
SVB Perspectives

SVB Perspectives provide a unique vantage point on the industries and issues forging innovation.
More on this topic


Editor's Top Picks
Read this next

Defend Your Company from Business Email Compromise (BEC)

Fraudsters are using increasingly sophisticated strategies to scam companies via email. Here's how you can protect against this dangerous—and pervasive—threat.
Read more

©2020 SVB Financial Group. All rights reserved. Silicon Valley Bank is a member of the FDIC and of the Federal Reserve System. Silicon Valley Bank is the California bank subsidiary of SVB Financial Group (Nasdaq: SIVB). SVB, SVB FINANCIAL GROUP, SILICON VALLEY BANK, MAKE NEXT HAPPEN NOW and the chevron device are trademarks of SVB Financial Group, used under license.

This material is provided for informational purposes only. The conclusions expressed are based upon limited information available to Silicon Valley Bank regarding your company's fraud detection and prevention programs, and should not be seen as a substitute for obtaining your own independent assessment of such programs. The security of your operating system and your procedures for conducting banking transactions with us remains your responsibility. Silicon Valley Bank is not responsible for any cost, claim or loss associated with your use of this material.

Trusteer is an independent third party and is not affiliated with SVB Financial Group. IBM Security Trusteer Rapport is an IBM software product offered by Silicon Valley Bank. IBM is solely responsible for the performance and maintenance of its product, as well as for related customer service and support.  
Get monthly startup insights and advice

Insights from SVB Industry Experts

 
SVB experts provide our customers with industry insights, proprietary research and insightful content. Check out these related articles that may be of interest to you.

High Net-Worth? You're at Special Risk for Fraud

 

Coronavirus and fraud: What you need to know

 

FBI Warning: What you don’t know about cloud-based email fraud can hurt you

 

Q&A with fraud prevention consultant Brett Johnson

 

Protect your assets from fraud: Tips from a former cybercriminal

 

SVB Webcast: Confessions of a Fraudster