Pub 8 2018-2019 Issue 1

O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S July • August 2018 17 Out of Band Communication: Establish other communication channels, such as telephone calls, to verify wire transactions. When using phone verification, use previously known numbers, not a number provided in an e-mail requesting a wire transfer or changing wire instructions. the e-mail environment to avoid interception by a hacker. Examples include code words, passwords or authentication numbers. A phone call to verify modified wire instructions after the scam is in mo - tion may be too late. If your company uses a VoIP internet phone system, a hacker who has penetrated your email system may also be able to access the VoIP system. The hacker may have the ability to intercept and redirect phone calls placed to verified phone numbers from the intended recipient to the hacker. o Forward vs. Reply: Do not use the “Reply” option to respond to any business e-mails. Instead, use the “Forward” option and either type in the correct e-mail address or select it from your existing e-mail address book to ensure the intended recipient’s cor- rect e-mail address is used. o Train Employees toDelete Spam: Immediately report and delete unsolicited e-mail (spam) from unknown parties. DO NOT open spam e-mail, click on links in the e-mail, or open attachments. These often contain malware that will give hackers access to your computer system. o Two Factor Authentication (TFA): Consider implementing TFA for corporate e-mail accounts. Requiring two pieces of information to login: some- thing you know (a password) and something you have (such as a dynamic PIN or code) reduces the likelihood of access to an employee’s e-mail account through a weak or compromised password. What to Do If You Are a Victim If funds are transferred to a fraudulent account, it is im- portant to act quickly: • Immediately contact the corresponding financial insti - tution where the fraudulent transfer was sent. • Contact your local Federal Bureau of Investigation (FBI) office if the wire is recent. The FBI, working with the United States Department of Treasury Financial Crimes Enforcement Network, might be able to help return or freeze the funds. • File a complaint at www.IC3.gov In summary, be aware of sudden changes in transactions or business practices. A request to change bank accounts, fi - nancial institutions or an email address is a glaring red flag. Before providing final authorization towire funds, always verify the instructions via other channels to ensure that you are still communicating with the legitimate authorized counterparty. Finally, contact your insurance broker to review your cyber security and breach insurance. Standard fidelity bond, error & omission, director & officer and property & casualty policies are not likely to cover cyber breach or fraud claims. To obtain additional information please contact: Lewis Roca Rothgerber Christie partners, Ed Barkel or Hillary Wells at http://www.lrrc.com . n Ed Barkel is the lead partner in the Lewis Roca Rothgerber Christie’s Securities Litiga- tion practice group. He defends broker-dealers and individual brokers in arbitrations and litigated matters. A significant portion of his practice is devoted to defending independent financial services firms and their advisors. He also provides consulting services in compliance-related matters including supervisory system design, spe- cial investigations, special supervision programs, branch office examinations and regulatory mandated consulting. His securities industry background enables him to offer unique “insider” insight, knowledge, experience and understanding to clients. 1 https://www.ic3.gov/media/2016/160614.aspx 2 For example: John.Smith@xyz.com vs. JohnSmith@xyz.com 3 See footnote 1. 4 Id.