Cybercrime Continues to Top the Leader Board: 8 Ways You Can Protect Your Institution

Terri Luttrell, CAMS-Audit
July 17, 2019
Read Time: min

Cybercrime is on the rise within financial institutions and other businesses and continues to be at the forefront of the minds of those in the fraud prevention field. Bad actors are staying one step ahead of detection creating serious hard dollar losses for financial institutions.

Cybercrime is defined as a criminal activity (such as fraud, theft, or distribution of child pornography) committed using a computer especially to illegally access, transmit, or manipulate data. According to 2018 numbers compiled by the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3), there were over 351,936 cybercrime complaints during the year with hard dollar losses of over $3.7 billion. Although not all of the following types of fraud are fully internet-based, the IC3 statistics represent the cybercrime side of these crimes.

The breakdown by hard dollar fraud losses is as follows:

By Monetary Loss

1)    Business Email Compromise


2)    Confidence Fraud/Romance Fraud


3)    Investment Fraud


4)    Non-Payment/Non-Delivery


5)    Real Estate/Rental


Here is a deeper look into the definitions of each of these popular means of fraud:

  • Business Email Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. An example of BEC would be a receipt of an email from a company executive to transfer funds with high importance. By doing extensive research, criminals obtain information (often through phishing or social engineering) and build profiles of senior executives in an organization. The CFO is often a target and criminals study how the executive corresponds via email; they even observe nuances in those communications to ensure their fraudulent emails appear authentic. The BEC email often happens when the CFO is out of the office, making it difficult for employees to verify the email is credible.
  • Confidence fraud/romance fraud is an attempt to defraud a person or group of persons after gaining their confidence and trust. An example of this type of fraud would be the “sweetheart scam” where an internet or in-person love interest convinces the victim to send funds as a loan or a means to be together, only to become the victim of a loss of money, embarrassment, and a broken heart.
  • Investment fraud is one type of fraud that the financial crimes world has known for some time. Unscrupulous brokers and investment advisors prey on unsophisticated investors, many times the elderly, to invest their life savings on unsuitable or speculative high-risk investments. Popular scams such as pyramid schemes and Ponzi schemes, have promised sky-high returns in a short period of time, only to have the duped investors lose millions of dollars when the schemes collapse.
  • Non-Payment/Non-Delivery is also a very commonly known form of fraud. Non-payment or delivery of goods or failure to ship merchandise has grown significantly with the increase in internet auctions, such as eBay. Users should remain cautious when buying/selling and do your homework and deal only with reputable parties.
  • Real estate/rental fraud is real for a consumer looking for a new real estate purchase or rental property. Rental fraud occurs when someone claiming to be a property manager tried to rent a property that doesn’t exist or isn’t their rental property at all. Scammers collect an application fee, security deposit, or rent before the victim discovers it is a scam. With real estate fraud, a purchase transaction email from a scammer perpetrating to be the title company requesting payment for a property purchase can cause the victim to wire millions of dollars, only to find out later that it did not actually go to the title company.

In remarks at the New York University Law Program on Corporate Compliance and Enforcement in June 2019, Financial Crimes Enforcement Network (FinCEN) Director Kenneth Blanco stated that FinCEN continues to strive toward its mission of safeguarding our financial system, protecting our national security, and keeping our communities and families safe from harm. Particularly relating to cybercrimes, FinCEN is working hard to combat the rise of large-scale cyber theft, and in particular, BEC scams.

Fighting financial crime is more than a full-time job.
we can help

According to FinCEN data, these schemes are among the growing trend of cyber-enabled crime adversely affecting financial institutions, their clients, and others. Approximately 80,000 cyber-related SARs are filed per year, including an average of 13,500 SARs for BEC cases. Since the release of the BEC advisory in 2016, the rate of BEC SARs received has increased by more than 95%.

How can a financial institution, or BSA and fraud professionals, prevent these types of fraud? Their fraud monitoring software should be able to detect certain fraud in their clients’ accounts, such as account takeover, ACH, new account, kiting, debit card, and check card fraud, at a minimum.

In addition, here are eight tips from the FBI that an institution (and industry professionals) should follow:

  1. Keep the firewall turned on: A firewall helps protect computers from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.
  2. Install or update antivirus software: Antivirus software is designed to prevent malicious software programs from embedding on a computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users’ knowledge. Most types of antivirus software can be set up to update automatically.
  3. Install or update antispyware technology: Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into one’s activities on the computer. Some spyware collects information about people without their consent or produces unwanted pop-up ads on a web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at a local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may contain spyware or other malicious code themselves. It’s like buying groceries—shop where you trust.
  4. Keep the operating system up to date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure each computer has the latest protection.
  5. Be careful what is downloaded: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. One should never open an e-mail attachment from someone he/she does not know and be wary of forwarded attachments from people he/she does know. They may have unwittingly advanced malicious code.
  6. Confirm that any unusual email that one wishes to respond to is from the stated party: If a person receives an unusual request, such as to send money on behalf of his/her institution, confirm with a phone call or personal visit that the sender is valid. Don’t let oneself be caught in a business compromise email scam.
  7. Turn off the computer: With the growth of high-speed Internet connections, many opt to leave their computers on constantly. When they are left on, it renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker’s connection—be it spyware or a botnet that employs one’s computer’s resources to reach out to other unwitting users.
  8. Train, train, train: Cybercrime staff training is routine for many financial institutions on an annual basis, but if an institution has not implemented effective training, it is time to do so. Test the staff on occasion and remind those who click on links or answer phony emails what they have learned in training.

Internet usage will continue to rise within the corporate and private worlds, but with these tips for prevention and detection, financial institutions and each person’s personal computers will be a step ahead in not having to deal with cybercrime in the future. Cybercrime will continue to evolve, so be proactive by attending training, reading articles and staying abreast of the newest trends.

About the Author

Terri Luttrell, CAMS-Audit

Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size. She has successfully worked with institutions in developing BSA/OFAC programs, optimizing various automated solutions, and streamlining processes while ensuring all regulatory requirements are met. As the Compliance and Engagement Director at Abrigo, Terri provides insights that contribute and support long-term banking strategies based on analysis of market and industry trends, competitor developments, and financial and regulatory technology changes. She is an audit-certified anti-money laundering specialist and a board member of the Central Texas chapter of the Association of Certified Anti-Money Laundering Specialists (ACAMS). Terri earned her bachelor’s degree in business administration, specializing in business and finance, from the University of North Texas.

Full Bio

About Abrigo

Abrigo is a leading technology provider of compliance, credit risk, and lending solutions that community financial institutions use to manage risk and drive growth. Our software automates key processes — from anti-money laundering to fraud detection to lending solutions — empowering our customers by addressing their Enterprise Risk Management needs.

Make Big Things Happen.


Looking for Banker’s Toolbox? You are in the Right Place!

Banker’s Toolbox is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to Banker’s Toolbox Community Online.

Make yourself at home!