Category Archives: Cyber Crime

Immediate Vault Immediate Access

Preventing Paycheck Protection Program Loan Scams

Posted on by

The COVID-19 pandemic and subsequent shutdowns have meant perilous times for small businesses across the country, with many shutting down temporarily or even permanently. As part of the U.S. government’s efforts to forestall bankruptcies and layoffs, Congress allocated hundreds of billions of dollars for the Paycheck Protection Program (PPP). Small businesses can apply for loans from the U.S. Small Business Association (SBA), which the SBA will forgive if the receiving business meets certain criteria, like “if all of the company’s employees are kept on the payroll for eight weeks and the money from the loan is used to pay for rent, mortgage interest, utilities or payroll.”

The program has helped many businesses, but also left many stranded and desperate when they could not qualify for the loans. According to the Wall Street Journal, as of this week, the government has disbursed “4.6 million loans worth more than $513 billion.” But some businesses were forced to return the funds when they discovered they could not open soon enough to meet the eight-week deadline, and some did not even bother applying because they did not meet the criteria. The program has also faced criticism for not providing enough funds, and when larger and/or publicly traded companies (like restaurant chain Ruth’s Chris) received loans.

As with many other government programs that award payouts and may have confusing or labyrinthine application and approval processes (such as Social Security payments or tax refunds), scammers have targeted desperate businesses trying to access PPP funds. Online identity verification service Social Catfish recently published guidelines for avoiding PPP-related scams that small businesses are facing, including phishing and robocall scams.

As Risk Management recently reported, phishing scams—in which criminals use fraudulent emails to trick users into clicking malicious links or divulging sensitive personal information—have proliferated since the start of the COVID-19 pandemic, often specifically targeting pandemic-related concerns. According to Social Catfish, online scammers have been using emails posing as the SBA inviting the recipient to apply for a PPP loan, then installing malware or stealing any information provided. With this information, scammers can then pose as a business to apply for loans or steal funds.

Scammers may also try to contact businesses by phone, either in person or by robocall, asking for confidential information or demanding a fee for their PPP application, even promising faster processing after the payment. Similar to the IRS, the SBA does not call PPP applicants for information, and there are no fees associated with PPP applications. Businesses applying for PPP loans may also encounter fake companies claiming that they facilitate applications, which scammers then use to steal the confidential information victims provide.

 To avoid being scammed, Social Catfish recommended that businesses interested in applying for PPP loans do their due diligence by following the steps below:

  • Don’t pay for a PPP Loan application. The SBA doesn’t require payment to fill out and submit a PPP Loan application. If someone is charging you to fill out an application, chances are its a scam.
  • Don’t give your information in response to any suspicious email, text, or phone call. The SBA will not email you out of the blue to fill out a PPP Loan application. If someone is emailing you out of the blue to fill out an application and to give them your information, chances are they are trying to scam you.
  • Verify the lender before applying for the loan. Only lenders approved by the SBA can administer PPP Loans. To find out if the lender you are applying with is approved to distribute PPP Loans, click here.
  • Don’t click on links in emails. The links in the emails are often filled with viruses and malware that will infect your computer and steal your personal information. They also spoof the application so that you’ll have to give out your personal or business’ confidential information.
  • Don’t reply back to any text or email you don’t know. Replying back to them with your personal or company’s confidential information may lead to you getting scammed. The SBA will not email you encouraging you to apply for the loan, you would have to look for the loan yourself.

Prevent Your Employees From Getting Tricked by Phishing Emails

Posted on by

We all know to watch for suspicious emails. But phishing emails are becoming increasingly more sophisticated, tricking even the savviest among us. The costs to consumers, businesses and institutions keep adding up: According to the FBI, online theft, fraud and exploitation totaled $2.7 billion in financial losses in 2018.

The most expensive complaints involve business email compromise (BEC), a tool that cybercriminals use to launch many types of cybercrimes, from misdirected payment and inventory fraud to ransomware attacks.

More than a third of businesses (37%) surveyed nationally for HSB by Zogby Analytics received an email from someone pretending to be a senior manager or vendor requesting payments. The businesses reported that almost half of employees receiving those emails (47%) responded by transferring company funds, resulting in tens of thousands of dollars in losses. For some types of businesses and government entities, the payment frauds can reach hundreds of thousands to millions of dollars.

Three Tips to Help Employees Avoid Cyber Fraud

What can a business or institution do to help prevent employees from falling for email phishing schemes? Here are three tips to avoid falling for the latest tricks:

  1. Check the Source

Before you open an email, take a moment to consider the source of the email and whether that person is likely to send you an attachment or link. Check the email address, screen name or phone number associated with the message.

online pharmacy estrace with best prices today in the USA

Hackers often mimic an email address that you would trust with one letter or number off from the original name or domain.

The address may even look exactly like a trusted contact but when you mouse-over the name, you can see that the address is different. A hacked email account can also be used to send malicious content, so be sure to evaluate the content of the message.

  1. Check the Content

Before you click on a link or download an attachment, take a good look. Many times, if you copy the link or name of the attachment into a search engine, you can find out whether cybercriminals are actively using the content to spread malicious content, like a virus or ransomware.

Ask yourself whether this is the type of content you usually receive from the sender. Are you expecting an attachment? Even if you are expecting an attachment, does it appear, from the name and type of file, that it is legitimate? Is the attachment or link the only content of the email?

If you have doubts, delete the message or call the sender at a number you have verified as theirs.

online pharmacy zetia with best prices today in the USA

Also, hackers often make an urgent request to trick victims into clicking on malicious links or files. Any urgent request sent via email should be verified in-person.

  1. What if I Clicked on the Wrong Thing?

Everyone makes mistakes. You would not be the first person to click on a bad link or download a bad file. But even if nothing happens immediately, there is no guarantee that the threat is gone.

Malware can lay dormant for weeks, months, or even years before activation. It may also be transmitting information in the background without your knowledge.

So, act as soon as you realize you clicked on a bad link or file. Alert your information technology security department right away. If you are a smaller operation, run a virus scan and keep an eye on your financial information.

online pharmacy cymbalta with best prices today in the USA

RIMS Risk Forum India 2019: Top Risks and a Special Edition Magazine

Posted on by

rims risk forum india 2019

MUMBAI—”Why are we here?” asked RIMS CEO Mary Roth, welcoming over 100 risk professionals to the recent RIMS Risk Forum India 2019 in Mumbai. “If you look around this room, I think we all share very similar reasons. Risks are changing. Today’s risks seem more complex, and they hit our organizations faster. Think about our climate: heat waves, droughts, and other extreme weather events we’re experiencing. Data: it’s abundant and rich. Technology: it’s evolving overnight, and so are the related risks and opportunities.

online pharmacy avodart with best prices today in the USA

She added, “Expectations have never been greater for our organizations to quickly adapt and implement emerging technologies, address cyber exposures, brace for political change, and uphold ethical and social standards.”

The day’s sessions delved into critical issues like emerging technology, fraud, regulation, and building a risk culture, drawing upon expertise from panelists ranging from the C-suite to regulators themselves. Another key theme was clear to all in attendance: the rapidly shifting role of risk management in organizations across India, and the opportunities that new risks are presenting here.

top risks india 2019According to the new Marsh and RIMS “Excellence in Risk Management” report State of Risk Management in India 2019, which was unveiled at the forum, many of these issues dominate the risk landscape for organizations operating in the country. Indeed, cyberattacks, extreme weather, and data fraud or theft top the agenda for risk professionals in India this year.

Across 23 industries, a vast majority of senior risk professionals cited cyberrisk as their top concern, with 62% agreeing cyber poses the greatest risk to their organization—nearly four times the number who prioritized the runner up, weather events.

“India, like other countries, has been susceptible to malicious cyber attacks and there is growing awareness among corporates of the need to ensure they have appropriate cybersecurity controls,” said Sanjay Kedia, Country Head and CEO, Marsh India. “Firms need to keep up with the evolution of cyber threats if they are to capitalize on technology-based opportunities.

online pharmacy ocuflox with best prices today in the USA

This will require organizations to make additional investment to ensure they have adequate protection.

online pharmacy antabuse with best prices today in the USA

As the profession matures and expands in the region, risk professionals looking to earn a seat at the table are focusing on their potential to serve as a key strategic partner driving these investments.

“Global business leaders who have engrained risk management into the fabric of the organization’s strategic planning processes have become better equipped to make informed, proactive, and rewarding decisions,” said RIMS CEO Mary Roth.

“India’s risk management community continues to demonstrate its strength, as well as its passion for developing advanced capabilities that support growth and innovation.”

risk management india special edition coverTo that end, these top issues are also covered in greater depth in a recent special issue of Risk Management curated specifically for risk professionals in India. Originally available exclusively for attendees of this year’s RIMS Risk Forum India, Risk Management Special Edition: India is now available for readers worldwide. Check it out today and, if you have any feedback, we would love your input to help inform future international coverage—email your thoughts to HTuttle@rims.org.

Americans Mistrust Companies with Personal Data, Study Shows

Posted on by

According to a new survey by the Pew Research Center, most Americans believe that companies are tracking their activities on and offline, and that this activity is unavoidable. Not only that, but many also believe that they have little control over who can access an array of personal details, such as their location and online activity, including purchases they have made online or in person. This mistrust, coupled with the advent of more stringent data privacy regulations, means a more complex risk landscape for businesses operating online.

While companies often market services that collect data as improving the customer experience, those users likely disagree.

buy tenormin online www.northwestmed.net/wp-content/uploads/2023/10/jpg/tenormin.html no prescription pharmacy

In fact, 81% of the American public believe that the risks of companies collecting their data outweigh the benefits. This may have to do with a lack of understanding of what companies do with their data—59% say “they have very little/no understanding about what companies do with the data collected.”

It may also be a perceived lack of control over how companies are collecting and using that data, with 81% saying that “they have very little/no control” over companies collecting their data, and 79% “very/somewhat concerned about how companies use the data collected.” With more online activity, 72% of respondents said that “all, almost all or most of what they do online or while using their cellphone is being tracked by advertisers, technology firms or other companies,” and 64% report seeing ads based on their personal data.

Many companies outline how they use customer data in terms of service or other privacy disclaimers—according to the survey, 81% of respondents say they are asked to agree to a privacy policy at least once a month, and 25% almost daily. However, 74% report that they sometimes or never read a company’s privacy policy before agreeing, and only 22% read the entire text if they do read it.

Pew Data Trust

Security is also a worry, with 70% reporting that they feel like their data is less secure than it was five years ago and only 6% saying it is more secure today than in the past.

buy tretiva online www.northwestmed.net/wp-content/uploads/2023/10/jpg/tretiva.html no prescription pharmacy

Considering the vast array of data breaches, seemingly across all industries, this is likely not surprising.

buy albenza online www.northwestmed.net/wp-content/uploads/2023/10/jpg/albenza.html no prescription pharmacy

Millions of Americans have received notices from their banks, hospitals, or even their hardware store or ride-share app that their personal data has been compromised. According to cybersecurity company Norton, the first half of 2019 saw 3,800 breaches exposing 4.1 billion records, a 54% increase from the first half of 2018.

Given these results, it is no wonder that states, countries, and regions are beginning to enact strict regulations about data privacy. The California Consumer Privacy Act (CCPA), which provides protections for the data of California residents, also exposes businesses that collect, store, use and disclose those residents’ data to serious liabilities. In response to some companies hiding breaches from the public, states are also weighing stronger breach reporting requirements with larger fines for violations. Whether these efforts will diminish user mistrust is unclear—63% said that “they understand very little or nothing at all about the laws and regulations that are currently in place to protect their data privacy.”