site statistics

Small Business
Planning & Resources
Community Focus
About Us

Security Information

Business Fraud Prevention Tips

Business owners, large and small, are faced with making financial decisions every day.  Do I buy this?  Do I extend credit to that customer?  Do I hire this employee?  These decisions, if not made wisely, could impact the company greatly especially if someone has the intent to deceive or deprive the company of funds.  No businesses can't afford to lose money.

Every business owner or manager today should have due diligence processes in place that prevent fraud and reduce the risk of income loss relating to the extension of credit, hiring new employees, and online fraud.

Regulation E (Reg E) provides consumers with certain protections when errors occur that involve electronic fund transfers (EFT) that are not available to businesses or the business accounts they maintain. If you, as a business owner, incur a loss, that loss becomes your responsibility.

It's important for our business customers to understand the reality of the threats that face them today.  Customers are constantly being targeted by advanced malware threats.  According to information security sources, the United States now has the highest concentration of websites that host ZeuS crimeware package.

Security experts estimate that nearly 1 in 200 computers are infected with malware and that more than $1 billion is stolen annually.   Rockland Trust has put together this information to help you identity any weaknesses you may have at your business, and give you helpful information to help you mitigate against any loss you may incur from a fraud happening to your business. For more information please contact us at 800.222.2299

Avoiding Fraud

What is corporate account takeover?
Corporate account takeover is when cyber thieves gain control of a business' bank account by stealing the business' valid online banking credentials.
  The most prevalent form involves malware that infects a business' computer workstations and laptops.

A business can become infected with malware via infected documents attached to an e-mail or a link contained within an email that connects to an infected web site.  In addition, malware can be downloaded to users' workstations and laptops by visiting legitimate websites - especially social network sites - and clicking on the documents, videos, or photos posted there.  This malware can also spread across a business' internal network.


ACH Fraud

ACH Fraud is becoming an increasingly popular way for hackers to siphon money out of the bank accounts of unsuspecting victims.  While conducting ACH and wire transactions, single and dual factor authentication is not enough to protect accounts and user credentials against current online account fraud and identity attacks. Rockland Trust recommends a multi-layered security approach to protect accounts.

What is a Key Stroke Logging Trojan?

A Trojan is a piece of code or software that finds a way to your computer through malicious emails, infected websites, or social networking sites such as Facebook.  Once it reaches your computer, it deploys and becomes almost invisible and waits to be activated by a date, an event, or a hacker. 

A very invasive type of Trojan is a keystroke logger such as Zeus.  This key stroke logger actually captures every key stroke you make and sends it off to a hacker or cyber-crime organization within seconds of being entered.  This allows them to capture your ID and password and quickly log-in and move money through wire or ACH transfers using your online banking.

Is it possible that it's on my computer? 
Absolutely, it could be there now and just sleeping....and the biggest concern is that only 15 percent of these Trojans are detectable by the leading anti-virus software solutions.  For example, the following companies were infected with Trojans:  Bank of America, NASA, Monster, ABC, Oracle, Cisco, Amazon, and Business Week, and they spend millions of dollars on security measures.  These Trojans infect millions of computers each year in the US and Zeus has sent out millions of attacks to users through Facebook since it started.

What can I do?

  1. Do not perform any financial or online banking activities from public computers, or on public wireless networks with your personal computer.  The little coffee shop on the corner is a great place to sit and work on your laptop, but wait to do your financial tasks when you get home or to a secure network that you can trust. 
  2. Do not open or access emails that come from someone you do not know or an organization you do not recognize.  Just by opening an email you could trigger the Trojan to become active. 
  3. Make sure you are using reliable anti-virus software and keep the renewal and virus updates current and active. 
  4. Don't allow your employees to go to YouTube or Facebook on company computers and download files or access links. Limit their social networking activities to posting and reading text if at all possible.  Files, video clips, or downloads are the biggest risk on contracting malware. 
  5. Don't respond to emails that appear to be from your bank or financial institution that ask for you to access a web site and update your personal information such as social security number, user ID, or password. 
  6. Don't pick up a thumb drive or memory stick that is not yours and plug it into your computer.  Criminals will leave them in parking lots loaded with the latest Trojan virus, just waiting to be activated.
  7. Limit your family's use of the computer you use for financial activities to a minimum.  It's hard to keep track of where they have gone or what they have downloaded.
  8. Make sure if you have a wireless network at your home or business that it has been set up with encryption to reduce the risk of being accessed by an unwanted intruder. 

How does all this apply for my business?

  1. Educate your employees; have a company policy so that there is no doubt as to what is expected of them.  Hold monthly meetings to discuss issues and problems and talk about the zero tolerance with respect to your policy.
  2. If you own a business, you should have security policies in place and layers of security built into your network.  Following the recommendations above is a good start, and preventing employees from using social networking tools such as Facebook, Twitter, or external email systems, and other non-work related activities will reduce the risk. 
  3. Also making sure there are proper anti-virus and anti-spam solutions in place to protect your users and your systems is also recommended, and these things can be maintained internally or by using a local reputable computer services vendor.
  4. In addition, it is recommended that you dedicate a single computer to be used for your external financial or business activities such as making wire transfers, submitting orders to partner companies, entering financial information, or employee information into remote systems. If this system is dedicated to these purposes and not used for email or web surfing, it greatly reduces the risk of infection.
  5. Always do a bank statement reconciliation at least once a month and preferably more often.  If a check is stolen, lost or altered, you will be able to rectify the situation before it causes problems for your company.
  6. Limit use of memory sticks or thumb drives. Transporting these to and from business systems and home systems introduces the risk of transporting the virus to your business network. 
  7. Make sure your servers and computers are patched with the latest Microsoft Patches. Many of these patches prevent or correct security issues.


Key Points to Remember

  • Keep your anti-virus active and up to date.  Never deactivate it due to performance issues.
  • Don't open or access unknown files or emails.
  • Report any suspected bank fraud to
  • Limit your use of social networking tools to text based activities and don't open or download files.
  • Perform your financial and banking activities on your computer and network; do not use public systems or networks.  

Contact your local computer service store if you feel you need additional assistance in protecting your systems or networks.