Fraud on the rise: How increased awareness can keep you protected

When it comes to fraud protection strategies, companies can’t take a “set it and forget it” approach. Fraud trends and tactics are constantly shifting and evolving in response to changes in the world. In response to new ways of combatting frauds such as business email compromise or phishing scams, fraudsters come up with even more sophisticated and hard-to-detect ways to target and exploit victims – in particular high-profile consumers.

SVB pays close attention to the shifting fraud landscape, and when we see new trends emerge, we share the information with our clients. One of those trends is the rise of account takeover attacks. Here’s what you need to know to identify and protect against these types of scams.

What are account takeover attacks?

An account takeover occurs when a cyberthief gains credentials to an individual’s most sensitive online accounts. These thieves may target an individual’s personal bank account and effectively empty it, leaving the account-holder with zero balance—and potentially no way to recoup their money.

While some online scams are built on brute force—say, using powerful algorithms to crack a password—account takeovers require patience and sophistication on the part of the cyberthief. The criminals aim to learn passwords and login credentials through nuanced means such as:

• Phishing (click here to learn more about phishing and other scams)
  
  

• Placing malware on a user’s device in order to monitor their keystrokes to learn their user ID and password
  
  

• Impersonating bank employees and asking customers for their passwords, PINs or one-time passcodes. (SVB will never ask for this information.)

What’s new?

Globally, banks are experiencing higher rates of account takeover attacks. Around the world, bank customers are being targeted more frequently and with more powerful tactics. By some measures, account takeover attacks steal nearly 30,000 credentials every minute.¹

What can you do?

Take precautions to safeguard online accounts. Those precautions go beyond strong passwords and firewalls: Account holders must watch carefully for unsolicited requests for personal information such as passwords, responses to security questions or one-time passcodes.

Customers can use the following tips to keep themselves out of reach of account takeover attacks:

• Don’t respond to unsolicited requests for account or personal information, such as user IDs, passwords, challenge questions or one-time passwords
  
  

• Establish dual administration and have both administrators pay attention to any unexpected alerts about failed login attempts or new devices being added to your online account

  • If one users email is compromised, another user will be alerted of any unauthorized activity
    
    

  • To update your account and enroll in dual administration, email your Relationship team for the Administrator Change Request form
    
    

• Be wary of clicking on links in emails or online advertisements
  
  

• Pay attention to any unexpected alerts about failed login attempts or new devices being added to online accounts
  
  

• Use anti-malware software such as Trusteer Rapport, available at no cost to all SVB clients
  
  

• Enable account notifications that cover balance and transaction thresholds, password changes, and any additions or modifications to the user profile
  
  

• Set transaction limits and require a secondary approval for payments

Additional Fraud Prevention Reminders

• With Multi-Factor Authentication (MFA) currently enacted for all SVB Online Banking clients, please make sure that your Authenticate phone number has been validated to ensure that you do not face any challenges with MFA at the point of login
  
  

• Keep personal and business information protected and secure with strong, unique passwords
  
  

• Continuously monitor accounts for unusual activity

For more information about online fraud prevention techniques, visit SVB’s Fraud Prevention Center. If you suspect that you may be a victim of fraud, contact your Relationship Manager or clientsupport@svb.com.

¹ Source: NuData Security/Mastercard, “Account Takeover: Chronology of an Attack.” [https://nudatasecurity.com/resources/infographics/account-takeover-infographic/]

This article was originally published on October 13, 2020.