VIENNA, Ohio – Molly Maids owner Katie Burkey knows what it is like to find your business accounts in someone else’s control.
Her signature was sold on the dark web, and multiple unauthorized checks were issued from her business account.
“It was a very tragic situation,” said Burkey, who was one of the business owners who attended a Coffee and Connections event on combating fraud Thursday, presented by 717 Credit Union and The Business Journal. “It took me, with the help of 717, a good six months to rectify those accounts. … Now I’m a lot more leery about checking and making sure things are really true,” she said.
Fraud can happen to any business owner, according to Sgt. Michael Altiere, an investigator with the Warren Police Department. He said phishing emails and automated clearing house scams are among the most common fraud schemes targeting business owners in Warren.
And phishing emails are getting a lot more sophisticated.
“Before, I would always tell people, ‘Hey, slow down, read the email. You’re going to see some grammar issues.’”
But with artificial intelligence helping craft the messages, they’re much harder to detect.
Altier said scammers are targeting businesses and their employees by pulling employees’ emails off websites and checking to see if those emails have been compromised. Phishing scammers may ask someone to click on a link or do multiple steps beyond CAPTCHAs that verify they are human, which can give them access to the computer. This can allow them to steal data and other information stored on a computer’s browser, such as credit card numbers, passwords and usernames.
Before clicking a link, Altiere recommends analyzing it first. By hovering the mouse over the link, users can see in the bottom-left corner of the screen where the link will actually direct them.
Additionally, users can right-click a link to copy it into a URL redirect checker, which can reveal whether the link redirects to a malicious site or prompts a malware download.
When cybercriminals gain access to an email account, Altiere said they can see who the victim is doing business with and send messages from the compromised account to those contacts. Because the emails appear legitimate, they can be used to gain access to account information and wire transfers.
Altiere cautioned business owners to use two-factor authentication on their emails, change their passwords often and not use the same passwords for multiple accounts. Do not store passwords in the browser, and use a good password manager, he added.
“I understand everybody has various different things that they need to log into on a daily basis,” Altiere said. “It’s having you reset your password every 45 days. Two factor authentication is coming up, and it’s driving you nuts. Your IT guy’s driving you nuts. He’s trying to keep everybody safe.”
Some companies offer simulated phishing tests that send fake phishing emails to employees to determine whether additional cybersecurity training is needed. Altiere said they use one at the Warren Police Department to help them protect their information.
If someone becomes the victim of an email scam, Altiere advises against deleting the message, as law enforcement may be able to analyze it and trace its origin.
Brittany Socie, assistant fraud manager at 717, works with local law enforcement when the credit union’s members report fraud or when fraud is detected on a member’s account. If someone gets a suspicious phone call, Socie suggests it is fine to hang up and call back the legitimate phone number directly.
Socie is part of a team of in-house fraud investigators at 717, and she said they not only fix the problem after it happens but attempt through automated and manual means to monitor every account around the clock, even on weekends. The team also has relationships with local law enforcement in various jurisdictions where 717 has locations.
“We have a go-to at each one,” Socie said. “It’s really awesome to be able to have that communication and actually get to the bottom of things. Instead of just making a report, we’re trying to actively prevent it from happening.”
John Demmler, president and CEO of 717 Credit Union, said Altiere’s message is a strong reminder of the scams businesses and business owners need to stay vigilant against.
“Some of those comments about everyone getting phishing emails from time to time and everybody clicks on those links – it’s a great reminder that you’re not alone,” Demmler said.
Pictured at top: Sgt. Michael Altiere speaks during Thursday’s event.