Bank of America Custom Supplement - S4

The dangers of phishing
Being held for "ransom" after malicious software is installed on the company computer
system. Stolen customer data. An employee inadvertently transferring money to a fake
vendor account. The impact of cyber crime presents a serious, expensive and growing
threat to all businesses. Dealerships, with expensive inventory and valuable customer
data, are a prime target.
Company-related cyber fraud often begins with a type
of phishing called business email compromise. Financial
losses connected to such incidents rose to $1.7 billion
in the U.S. in 2019, up 37% from the previous year.4 It's
important to understand what business email compromise
is and how to spot it.

Business email
compromise losses were
$1.7 billion in 2019,

up 37%

compared to 2018

Emails look legitimate but are sent from fake
addresses - or from hijacked real addresses - to
a business email account. The seemingly legitimate
address serves as the "Trojan horse" to get an employee's
attention, and persuades the employee to change
payment information or send a wire transfer by mistake.
Attachments or links in a fraudulent email provide a way
for criminals to deploy malware or ransomware; it just
takes one click from an unassuming recipient.
Business email compromise campaigns are getting harder
to recognize. They may reference current news events, and
may be personalized and professionally written. Gone are
the days of easy-to-spot emails with spelling errors and
poorly replicated company logos.


In 2020, opportunistic criminals have been tailoring their
campaigns to reference the latest coronavirus news, often
addressing changes in payment schedules that have been
created by disrupted workflows and employees working
from home. Cyber criminals understand that concerned
and distracted employees - particularly those working
from home - are vulnerable and have targeted people
working with devices that are insufficiently secured.
Business email compromise succeeds because it exploits
people's trust and their impulse to help when presented
with an apparent emergency. An effective way to earn
someone's trust is to send a fake message that sounds
real, with legitimate details and information.
The availability of information on the Internet and the
rise of social engineering provide cyber criminals an
opportunity to study their potential targets. Criminals
can conduct research on company websites, Securities
and Exchange Commission databases, news sites and
third-party retail websites.
In addition, they may scour social media sites and gather
personal information about targeted individuals, including
roles and responsibilities listed in social media profiles
or on social platforms, then use those personal details to
tailor messages. These individual cyber criminals also work
with organized-crime organizations to share information
on how to best get access to corporate email. Criminal use
of hijacked or compromised email accounts is on the rise.
In the past, attempts at business email compromise have
been aimed primarily at financial gatekeepers, including
employees in treasury, and particularly business owners,
general managers or CFOs. But criminals' targets have
expanded to other departments that can provide access to
money as well as access to third-party vendor payments.


Bank of America Custom Supplement

Table of Contents for the Digital Edition of Bank of America Custom Supplement

Bank of America Custom Supplement - SIntro
Bank of America Custom Supplement - SCover1
Bank of America Custom Supplement - SCover2
Bank of America Custom Supplement - S1
Bank of America Custom Supplement - S2
Bank of America Custom Supplement - S3
Bank of America Custom Supplement - S4
Bank of America Custom Supplement - S5
Bank of America Custom Supplement - S6
Bank of America Custom Supplement - S7
Bank of America Custom Supplement - S8
Bank of America Custom Supplement - SCover3
Bank of America Custom Supplement - SCover4