4. Your Bank is NOT Your Friend

Is bank fraud on your radar? It should be. We break down a $400,000 heist that could happen to any of us. It's not about the dollar amount, but how it happened. It can happen to any of us. And most likely will. Here's how to prevent it!
Stupid...or Just Irresponsible? | Episode 4: The Bank is NOT Your Friend


Subscribe to Stupid or Irresponsible Podcast
Spotify  | Apple Podcasts | Google Podcasts


Resources
Security Webinar -  Stay ahead of the game! Sign up for our Security Webinar today. We give you FREE tools, FREE training, and we WILL hold your hand throughout the process. BUT when you don’t take our help or our advice that is stupid.

Schedule Your Discovery Call - If you know you've got a problem take us up on this offer! Book a 10 minute call with myself (Justin Shelley) and we’ll go over what we can do to help, get you started on a path to have a solid plan in place, constantly reviewing that plan, and just making sure you are doing the right things to minimize ALL the risk we possibly can.
 

Show Notes
 
[1:50] – Justin shares what started his love affair with technology and how he is shocked to be spending most his time fighting crime...

  • Justin’s love affair with Technology began at the rightful age of 12 with the Apple 2E 

[2:26] - “I got into computers at the rightful age of 12 but did not see myself fighting crime…”

[2:36] - But here we are… Master Computing is an IT company we really pride ourselves of fast response, on processes, on client education, but man we spend most our time fighting crime! Who knew!?

[2:59] The title of this podcast Stupid or irresponsible 

  • Title Background -  We send out the this letter called the “Stupid or Irresponsible” letter and people got offended or squeamish about calling someone Stupid.. So, they would play it down to sound less harsh. But the fact is, not taking basic security measures and educating yourselves, employees, then you are stupid. 

[3:50] - Justin came to this conclusion when making this title - If you don’t care enough about your business to care about your business to protect it from cyber crime, I can’t care about your business more than you do. SO, take the advice, take the tools we’re giving YOU, or don’t but if you don’t and you get hit... sorry YOU’RE STUPID. 

[4:08] – Today we are going to talk about a BEC Attack that cost a very intelligent very established businessman $400,000 that he DID NOT RECOVER.

[4:20] – What's a BEC Attack?
  • BEC Attack – Business email compromise attack:
    • It’s when someone has access to or is faking that they have access to your email account.
What does it mean? What can it do? 
You are going to want to Keep listening!
  • A BEC attack begins with cyber criminals hacking and spoofing to gain access to your email. 
  • If they have access to your email or at least the end user they’re talking to (which could be your bank or any financial institution you name it) … If they think they’re talking to you and your email account, the hacker, now they’ve got your world. 

“So, if you want my bank account and you aren’t me but happen to have my email then you pretty much have it all.” 

[5:47] - So that’s what a BEC, a scam is – it’s when somebody (aka a hacker) gets access to your email by impersonating you or someone in your business.

What is “Spoofing”?         

[5:57] - If somebody can PRETEND to have your email address, we call that “spoofing”

[6:09] – Unless you have security set up it’ll look exactly like it’s coming from you 

[6:17] – We’re talking about scary stuff “we can’t really get through life believing every little bad thing is going to happen to us.” 

[6:30] – one of the human defense mechanisms is to believe that bad things cannot happen to us… Today, in this podcast, we are here talking about things that HAVE happened. 

Listen as we shine light on the importance of this growing threat.

[8:00] - Above was talking about Spoofing 
  • A “spoofed email” would set off alerts, but if you logged into my email account it’s NOT triggering those alerts – THIS is what we really must be careful of. 
  • We have all kinds of protections we can put against spoofing but sounds like we’ve got to work on our email... 

[8:16] What Joe recommends to anyone, especially people who have any kind of personal Yahoo or Gmail account: Setting up one or both of these two things:
  1. MFA 
  2. 2FA
The most basic of those would be Multi Factor Authentication (MFA). You might also see 2FA out there. Recommendations from Joe: 
  •  I would highly recommend anybody, if you have any kind of Yahoo, Gmail, personal account, you name it!
  • I would 100% set up MFA – It will save you so much time, headache and effort. 

[8:35] – So let’s get into the nuts and bolts of this one - we are going to talk about a guy named Verne Harnish

STORY

[9:04] – Verne Harnish got hit. But he is not stupid, he had protections in place.

He was in a foreign country, doing a big presentation to 3,000+ CEO's, executives, entrepreneurs. In this article Verne says he used a “public network” and in that process somebody was able to sniff out his emails and now is when the attack begins. 

1st – they hack his email, then they start impersonating him 

Note: They are not spoofing him. They are actually INSIDE his email account. They are him. 

Inside his email account watching messages being sent between Verne and his admin (communicating about wiring money...)

They sit and learn this stuff until they are able to very accurately impersonate him THEN they make the attack. Wiring money to 3-4 different places. By the time Verne (or anyone) figures it out, it’s game over… the money is GONE.

[12:15] – Joe, let’s talk about what Verne did RIGHT what he did WRONG
  • Rule #1: Just don’t get on public WiFi. 
    • We highly suggest that if you do get on public WiFi you’ve got a proxy VPN, or a VPN set up. 
    • Why? If you don’t have that, any hacker is reading words verbatim off your computer. 

So Joe, "DO or DO NOT use Starbucks WiFi? 
  • NO do not… 
  • Safe alternative like the VPN set up is to 100% use your mobile hotspot if you need WiFi.  
So what could Verne have done as extra security to possibly prevent this?
 
[15:00] – What could they have done to possibly prevent this? 
The BEST thing they could have done: 
  • In this case one KEY component that was missing is – 
    • Don’t ever allow money to be authorized over email. 
    • Or at least not over the initial form of communication. 
  • Example:
    • If email is where it initiated, get another form of communication in there (like a direct phone call).
    • Have 2 ways of communicating with the person authorizing the transmission of money.
[15:48] - What is FDIC and why does it not help in a case like this? 
$400,000 out of the bank account just GONE.

  • FDIC is not to protect us; they are to protect the banks. Insolvency. NOT to protect your business account against fraud. 
Don’t believe me? Call your bank! Talk to them, know what their policies are, know their process, understand your risks, understand your limitations, liabilities, what they can do, will do, will not do, etc. 

[17:40] - Justin's recording of his phone call asking his bank these questions

PHONE CALL - Justin calling his bank to ask about their policies

[18:07] - Justin's question he asks his bank:
  •  “If somebody was able to access our account and steal money out of it, is there any protection in place for that? Is there any way of getting it back? This is strictly hypothetical; I am just trying to get ahead of this thing because I hear it happening all the time.” 
    • Gal replies yes of course we will protect you we have you covered. 
  • "Do you have that in writing anywhere?" 
(1st gal on the phone now transfers Justin over to a 2nd representative for that question)
  • In this conversation the SOCKING PROOF that the bank is NOT your friend: 
    • The bank has NO INFORMATION about what’s covered and what’s not and 
    • No recommendations about how to prevent fraud. 
    • Will not even provide Justin with advice to help me minimize risks before I’m desperate. 
 
Justin - "Everybody’s account is susceptible for identity theft"
Justin - "I'm Looking for ways to protect from this happening. Was just wondering if you had some examples of what type of transactions are not covered and how to protect against them.  Do you have any type of information like that?"
Bank - replies "No." 
*beeeep* *bank hangs up, end of conversation*

Phone call with my beloved bank which I was sure had my back… but I'm wrong
1. The 1st representative told me not to worry everything is covered we will protect you
2. The 2nd one can’t help me no documentation for customers. she says not only are we not going to protect you, we’re not even going to tell you what we protect against, what we don’t protect against and how you can make effort to protect yourself.  

- Joe also did some online research - More proof that the FDIC does NOT protect against fraud.
Hence the title - The Bank is NOT Your Friend 

 "To even face the world we have to believe bad things aren’t going to happen to us. But guys, you MUST keep our eyes open on this one. This stuff is happening ALL the time. " - Justin

[29:45] - So what’s stupid and what is Irresponsible for you as a business owner? 
  • Stupid: is thinking your bank is there to protect you when you get hit with fraud. 
    • Because I’m telling you it IS going to happen. 
    • If its happened already, that sucks but guess what probably going to happen again
  • Irresponsible: is not having a plan, or not having the RIGHT plan 
    • Policies need to be updated. 
      • You think you’ve got it down and you’re going to relax and a year later just criminals keep getting smarter and smarter. 
    • We must stay ahead of the game! 
      • Always check your policies.
      • Always have a procedure in place to check your policies at least once a year.

[30:30] – On that note, Security Webinar GO TO: master-computing.com/live-webinars/ and sign up for that Security Webinar. 
  • We give you FREE TOOLS, FREE training, we WILL hold your hand throughout the process. BUT when you don’t take our help or our advice that is stupid.

[30:50] – If you know you’ve got a problem and don’t want to watch the webinar. Jump right into things and get serious - book a 10 minute discovery call with myself, Justin Shelley, and we’ll go over what we can do to help. We will get you started on a path to have a solid plan in place, constantly reviewing that plan, and just making sure you are doing the right things to minimize ALL the risk we possibly can.

Why? Because… FACT: 
“97% of these issues could have been prevented with BASIC measures in place” 

Take us up on this offer guys: master-computing.com/discovery. Book a call, get started, creating a plan then making sure it is constantly reviewed, revised, and  properly implemented.

Policies need to be updated, criminals keep getting smarter & smarter, always check your policies, stay ahead of the game