Benchmark Bank’s Blog - Category: “Personal Banking”


| Affiliated Mortgage, Plano Branch, Community Events, Private Wealth Management, Benchmark Bank News, Business Banking, Customers in the News, Events, BMB Employee Spotlight, Personal Banking, Photo Galleries, Videos, Public Relations, Park Cities Branch, Uptown Branch, Shops at Legacy Branch, Austin Branches


Incidents of Ransomware on the Rise
Protect Yourself and Your Organization


Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.

The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation.

And, of course, home computers are just as susceptible to ransomware, and the loss of access to personal and often irreplaceable items—including family photos, videos, and other data—can be devastating for individuals as well.

Ransomware has been around for a few years, but during 2015, law enforcement saw an increase in these types of cyber attacks, particularly against organizations because the payoffs are higher. And if the first three months of this year are any indication, the number of ransomware incidents—and the ensuing damage they cause—will grow even more in 2016 if individuals and organizations don’t prepare for these attacks in advance.

Tips for Dealing with the Ransomware Threat

While the below tips are primarily aimed at organizations and their employees, some are also applicable to individual users.

Prevention Efforts

- Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.

- Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).

- Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.

- Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.

- Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.

- Disable macro scripts from office files transmitted over e-mail.

- Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).

Business Continuity Efforts

- Back up data regularly and verify the integrity of those backups regularly.

- Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

More info

In a ransomware attack, victims—upon seeing an e-mail addressed to them—will open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.

One the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to. Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides.

Ransomware attacks are not only proliferating, they’re becoming more sophisticated. Several years ago, ransomware was normally delivered through spam e-mails, but because e-mail systems got better at filtering out spam, cyber criminals turned to spear phishing e-mails targeting specific individuals.

And in newly identified instances of ransomware, some cyber criminals aren’t using e-mails at all. According to FBI Cyber Division Assistant Director James Trainor, “These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.”

The FBI doesn’t support paying a ransom in response to a ransomware attack. Said Trainor, “Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”

So what does the FBI recommend? As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—organizations in particular should focus on two main areas:
◾Prevention efforts—both in both in terms of awareness training for employees and robust technical prevention controls; and
◾The creation of a solid business continuity plan in the event of a ransomware attack. (See sidebar for more information.)

“There’s no one method or tool that will completely protect you or your organization from a ransomware attack,” said Trainor. “But contingency and remediation planning is crucial to business recovery and continuity—and these plans should be tested regularly.” In the meantime, according to Trainor, the FBI will continue working with its local, federal, international, and private sector partners to combat ransomware and other cyber threats.

If you think you or your organization have been the victim of ransomware, contact your local FBI field office and report the incident to the Bureau’s Internet Crime Complaint Center.

- More on the FBI’s Cyber Division
- Ransomware brochure
- Internet Crime Complaint Center (IC3)

7th Best Bank to Work for in the US!!!

| Plano Branch, Benchmark Bank News, Business Banking, Events, BMB Employee Spotlight, Personal Banking, Public Relations, Park Cities Branch, Uptown Branch, Shops at Legacy Branch, Austin Branches

7th Best Bank to Work for in the US!!!

American Banker Magazine has published its annual list of the Top 50 Best Banks to Work For nationally and Benchmark Bank finished at #7. Yes, that’s #7 nationally and the top rated bank in Texas. Our outstanding management and fabulous employees make us great!

Follow this link to view the article:

Hackers Trick Email Systems Into Wiring Them Large Sums

| Plano Branch, Private Wealth Management, Business Banking, Personal Banking, Public Relations, Park Cities Branch, Uptown Branch, Shops at Legacy Branch, Austin Branches

Read this Wall Street Journal article here to learn more -

July 29, 2015 6:43 p.m. ET
Cybercriminals are exploiting publicly available information and weaknesses in corporate email systems to trick small businesses into transferring large sums of money into fraudulent bank accounts, in schemes known as “corporate account takeover” or “business email fraud.”

Companies across the globe lost more than $1 billion from October 2013 through June 2015 as a result of such schemes, according to the Federal Bureau of Investigation. The estimates include complaints from businesses in 64 countries, though most come from U.S. firms. Both “organized crime groups from overseas and domestic-based actors” are typical perpetrators, said Patrick Fallon, a section chief in the FBI’s Criminal Investigative Division.

Their targets are businesses such as Mega Metals Inc., a 30-year-old scrap processor. In April, the company wired $100,000 to a German vendor to pay for a 40,000-pound container load of titanium shavings. Mega Metals typically buys three to four loads of titanium a week from suppliers in Europe and Asia, for anywhere from $50,000 to $5 million or more per transaction. Mega Metals crushes and washes the titanium scrap before selling it to mills that remelt the scrap into new products.

But following the recent transaction, the vendor complained that it hadn’t received payment. A third party had infected the email account used by a broker working for Mega Metals, the company said. “We got tricked,” said David Megdal, vice president of the family-owned business in Phoenix, which has 30 employees. “We, in fact, had sent a wire to who knows where.”

George Kurtz, chief executive of CrowdStrike Inc., an Irvine, Calif., cybersecurity firm that investigated the loss, said it appears that malicious software implanted on the broker’s computer allowed the crooks to collect passwords that provided access to the broker’s email system, and then to falsify wire-transfer instructions for a legitimate purchase. “Given that the money has been moved out several times, there is no hope of recovering it,” said Mr. Kurtz.

‘We got tricked,’ said David Megdal, vice president of Mega Metals. ‘We in fact had sent a wire to who knows where.’ ENLARGE
‘We got tricked,’ said David Megdal, vice president of Mega Metals. ‘We in fact had sent a wire to who knows where.’ PHOTO: MARK PETERMAN FOR THE WALL STREET JOURNAL
Mr. Megdal of Mega Metals said that he reported the incident to his bank, Comerica Inc. “We investigate reported instances of potential fraud,” said a Comerica spokesman, adding that it is bank policy not to comment on its “internal fraud policies or procedures or on matters involving a current or former customer claim.”


In a recent advisory, the FBI said its Dallas office had identified six Nigerians, possibly working as a group, who had targeted roughly 25 Dallas companies, “with an attempted loss of over $100 million.” The emails appeared to be from high-level executives in the company being targeted, the FBI said in the advisory. But in fact, the emails were sent from a domain that was similar, not identical, to the target’s actual domain name.

In other instances, cybercrooks have used malware to insert themselves into a company’s email system. After monitoring email traffic, they tinker with a legitimate message, altering wire transfer or Automated Clearing House orders so that the payment is diverted to a bank account they control.

A spokeswoman for Nacha, the industry-run group overseeing ACH transactions, says the group “strongly advocates” that businesses “work together with their financial institutions to understand and use sound business practices to prevent and mitigate the risk of corporate account takeover.”

In the last year, some insurers began offering “social engineering fraud” coverage as an add-on to their standard crime policies, reimbursing companies for losses when employees are intentionally misled into sending money or diverting a payment based on fraudulent information provided via email, fax, phone call or other means.

Mega Metals now verifies emailed wire-transfer instructions with a phone call to the company getting the payment, using a number received from a source other than the emailed instructions. ENLARGE
Mega Metals now verifies emailed wire-transfer instructions with a phone call to the company getting the payment, using a number received from a source other than the emailed instructions. PHOTO: MARK PETERMAN FOR THE WALL STREET JOURNAL
The problem is “really quite new in its frequency and severity,” said Steven Balmer, social engineering product manager with Travelers Cos. “Larger companies have some belief that they are better protected because of their internal procedures and controls, but there is strong interest in the coverage from midsize and smaller businesses once they are made aware of the exposure.”

“It is very likely that the hacker was able to get into our electronic mails, changing the information for his own benefit,” said Giampiero D’Angelo, owner of Sri, in Naples, Italy, the broker that acted as the middleman between Mega Metals and the vendor. His company has added new verification procedures in an effort to prevent future problems, Mr. D’Angelo said.

Companies of all sizes have lost money as a result of such schemes, but “small businesses are probably one of the biggest targets because they don’t have the same budgets for security and investigations,” said Brian Hussey, global director of incident response for cybersecurity firm Trustwave Holdings Inc.

In February, the chief financial officer for Infront Consulting Group Inc., based in Toronto and Las Vegas, received an email that appeared to come from the company’s chief executive, instructing her to “Process a payment of $169,705.00 USD.” Attached wire transfer instructions, reviewed by The Wall Street Journal, directed that payment be made via Northern Trust Co. to “Cat Financial Power Investment” in Naples, Fla.

The scheme unraveled when Infront CEO Rory McCaw, by coincidence, called the CFO as she was reviewing the request. When she asked what the money was for, Mr. McCaw said he knew nothing about it. Further scrutiny revealed that the email was sent from an address similar to the company’s, but that lacked the letter “I” in “consulting.”

“We could have missed it,” said Mr. McCaw, whose 38-person firm helps companies implement Microsoft software. “We were somewhat lucky that we caught it when we did.”

Mr. McCaw said he reported the incident to the police in Lexington, Mass., because the domain was registered at a store in that location.

“The Lexington Police Department decided not to pursue the investigation since no money was lost, it was difficult to determine jurisdiction to investigate, and because bank security was in a better position to track the interstate fraud attempt,” said Lexington Police Chief Mark Corr. “These types of banking/security fraud cases are difficult for a small police department to solve.”

A Northern Trust spokeswoman said the bank has “robust procedures for detecting and reporting on potentially fraudulent transactions. Upon receiving Mr. McCaw’s information,” she added, “we promptly followed those procedures.” A search of Florida State Division of Corporations records shows no registration for a Cat Financial Power Investment.

Fraudulent transfer schemes are proliferating because “everything is online these days,” said Steven Bullitt, an assistant special agent in charge of the Secret Service’s Dallas Field Office. By monitoring social media, a company’s website and other sources, crooks can gather intelligence needed to craft a legitimate-seeming request, security experts say.

Banks can sometimes “claw back” or recover some or all of the funds by notifying the receiving bank that the wire was the result of a fraudulent transaction, said Bill Nelson president of the Financial Services Information Sharing and Analysis Center, a nonprofit focusing on cybersecurity issues whose members include banks and other financial institutions.

The window for recovering missing funds can be hours, or at best, a few days. “Once you reach beyond the 72-hour mark, it’s extremely difficult,” said Mr. Fallon of the FBI.

Mega Metals now verifies emailed wire-transfer instructions with a phone call to the company receiving the payment, using a number received from a source other than the emailed instructions, such as the vendor’s website, or via fax.

“We are always trying to make our process more ironclad,” Mr. Megdal said. Losing the $100,000 “was an expensive learning lesson,” he added, “but at least it wasn’t a career-ending lesson.”

Write to Ruth Simon at

1 of 5 | older »