At AgWest Farm Credit, protecting your personal information from cyberattacks is our highest priority. Our association strives to follow ever-evolving best practices proven to be highly effective in the financial industry.

How your email gets compromised

Common characteristics of successful attacks involve spying and manipulation as hackers monitor email accounts — sometimes for days or weeks — looking for financial transactions to occur. Unnoticed to you, they can learn to communicate as you do and disguise themselves until they ultimately receive the fraudulent money transfer.

Here are three common ways your email account can be compromised:

• Malware can be installed on your PC after you click on a link delivered through a phishing email. This grants a hacker complete control of your device.
• Your login information can be part of a large information breach and you use the same credentials for multiple websites.
• Your password and credentials are too simple and can be easily guessed.

Unfortunately, hacking has impacted some of our customers in the past. As you read through these real-life customer scenarios, ask yourself: Could this happen to me? Am I doing enough to protect my account?

(Details have been modified and changed to protect the identity of the subjects.)

Complicate your credentials

Without his knowledge, a rancher’s email account was hacked. The rancher had reused the same credentials on multiple sites, so cyberhackers were able to access several of the rancher’s accounts by utilizing breached data of usernames and passwords that was posted online. The hacker was then able to access the rancher’s financial accounts and successfully obtain a fraudulent transfer of funds.

How this situation could have been avoided:

• Create long and complex passwords that can’t be easily guessed or cracked so that attackers cannot access your accounts.
• Change credentials often and use different passwords for each website where a login is required.

Tip: Download a password manager like LastPass to generate and keep track of different usernames and passwords for different sites.

Take a second look

The CFO of a processing facility received an email from the CEO requesting that funds be transferred from the company’s bank. Without verifying the transaction request over the phone or carefully checking the wire instructions, the CFO contacted the bank and processed the transaction. Once the funds were deposited, the CFO called the CEO verifying the transaction had been placed. Unfortunately, the CEO was unaware of the request, as his account had been hacked without his knowledge. By the time they realized what had happened, the money had been deposited into a hacker’s account.

How this situation could have been avoided:

• Verify senders of emails or texts, especially those asking for private information or making suspicious requests.
• Examine emails for inconsistent communication styles, unfamiliar email addresses or fuzzy logos. This could be a sign of a malicious email.
• Utilize multifactor authentication whenever offered to avoid email hacks and compromised accounts.

Use secure methods for transactions

A customer was in escrow with a leasing agent to purchase farm equipment. During this transaction the leasing agent’s email account was compromised. Unknown to anyone, the hacker was monitoring communications between the customer, leasing agent and AgWest. Armed with this knowledge, the hacker created an email address that appeared very similar to the customer’s. They then drafted a message to AgWest’s accounting team in a manner that mimicked the customer’s communication style, requesting funds be wired to a fraudulent account. Upon receipt of this request, AgWest staff called the customer to confirm the request. The customer immediately recognized they were a victim of a fraudulent attack and denied the request to transfer funds.

How this situation could have been avoided:

• Ensure that communication discussions regarding financial transactions are conducted in a secure manner.

Return to Cybersecurity News home.