Businessman Concerned Looking at Computer

Organizations that never considered themselves targets are becoming victims of online payment fraud. But there are steps you can take to protect your entity.

Preventing Cybercrime

Protecting Your Organization From Online Hackers

  • Mark Eich
  • 1/8/2015

While high profile breaches at Target, Home Depot, and Sony dominate the headlines, breaches at small businesses fly under the radar. Yet these disruptions are often more devastating, even to the point of business failure.

Churches and other organizations that never considered themselves targets are becoming victims of credit card fraud, automatic clearing house (ACH) fraud, and wire fraud. These crimes are often perpetrated from outside the country by attacking the online cash management features that banks provide their customers.

You can take steps to protect your entity, but before taking action, you must first understand and acknowledge this growing threat. The attacks fall into three main categories:

  • Theft of personal financial information
  • Online banking malware (so-called corporate account take-over)
  • Ransomware attacks (the most common being CryptoLocker)

Theft of personal financial information

Organized crime groups (primarily in Russia, Eastern Europe, and China) have created a high demand for personal financial information, including name, address, social security number, driver’s license number, bank account number, and credit card details. Hackers steal this information then sell it to criminals who use it to commit various forms of identity theft. The more complete and associated to an individual, the more valuable the information is on a “wholesale” basis. Payroll databases, customer sales records, and supplier/accounts payable records are common targets for this type of attack.

This was the driving force behind the breaches at Target, Neiman Marcus, the University of Maryland, and many others. Indeed, as the price being paid to hackers escalates, smaller businesses are being targeted.

Online banking malware

Zeus, Citadel, Spyeye, and Gozi are just a few examples of the new breed of sophisticated online banking malware. Once a network is infected with this type of malware the online banking credentials (user ID, password, challenge questions) are harvested by the attacker, who then logs into the online banking server and executes fraudulent wires or ACH transactions. More sophisticated malware can bypass multifactor authentication tokens. This type of attack is often called corporate account takeover.

Malware code is often delivered via email, either by a file attached directly to the message, or more commonly, by use of a link to a rogue web page. In the latter case, the malware returns with the web page and installs itself on the victim’s computer. This type of attack has been dubbed “spear phishing” since often only one email is sent to the victim organization.

Spear phishing emails have improved significantly in their sophistication and effectiveness, and can be very difficult for users to identify as fraudulent. They often use carefully crafted scripts to entice the user to click the link. In some cases, the emails are even “spoofed,” that is, they are crafted to appear to come from someone inside the victim organization (e.g., the company president). In other cases, the emails are designed so they appear to come from a legitimate business or organization, such as UPS, American Express, PayPal, or the IRS. These spoofing tactics are designed to increase the likelihood that the recipient will act quickly, clicking on the link without much thought.


Ransomware is a malware that encrypts virtually all data and files that it can find, both on the local machine and on every network device that it can connect to. This renders the data unusable by the victim organization. Typically the hacker requests payment (the ransom) in exchange for decrypting the affected data. This is how the hacker hopes to make his money.

Having working backups that are regularly tested allows victims to wipe the affected machines clean and reinstall both systems and data. However, for companies with high reliance on technology, even the downtime required to wipe and reinstall can result in costly losses and reputational damage.

CryptoLocker is by far the most common ransomware deployed. CryptoLocker attacks are increasing rapidly because they are easy and effective. Such attacks rose from 7,000 in April 2014, to more than 15,000 in May. Kovter is a ransomware variant with an especially malicious tactic. It dumps a payload of child pornography, in addition to the encryption, to put more pressure on the victim to comply with the ransom demand.

Protecting your business

Preventing these attacks is no small task. It requires a multilayered approach. Organizations should consider each of these tactics.

Properly defend

  • Keep current on technical defensive measures such as firewalls, intrusion detection systems, and spam filters.
  • Keep up-to-date on the anti-virus software on each device, and complete regular scans to keep them clean.
  • Keep all network servers and PC workstations current with the latest security updates and patches.
  • Limit the number of PCs used to conduct online cash management. If possible, isolate them from the rest of the company network.
  • Encrypt sensitive data, such as intellectual property and personal financial information.
  • Utilize bank security tools for online cash management, including:
    • Multifactor authentication
    • ACH blocks and filters
    • Daily and individual transaction limits
    • Wire call-back features
    • Positive pay systems to reduce check fraud
  • Make regular backups of key data and systems and store them in a secure, off-site location.
  • Monitor activity and balance online accounts daily.
  • Perform periodic vulnerability or penetration assessments to validate that controls believed to be in place are functioning as intended.

Relationships, communication, and training 

  • Educate users to spot fake emails and to be wary of website links and file attachments.
  • Read and thoroughly understand your agreements with your bank related to online activity.
  • Identify the primary contact at your bank who will be your first call for help in the event of a breach.
  • Develop an incident response plan so users know who to contact immediately if they suspect malicious activity on their computer.
  • Establish a relationship with local law enforcement agencies that are familiar with online crimes.

How we can help

Reliance on technology is a reality for even the smallest organization. But you can conduct business securely in this threatening environment with the right strategy and implementation. View our webinar on payment fraud trends to help prepare your entity against online attacks.