Scam of the day – December 27, 2016 – Berkshire Bank sued for lax cybersecurity

It was just yesterday that I told you about a recent FBI warning as to increased incidents of the Business Email Communication (BEC) scam.  In an example of this scam,  a complaint was filed earlier this week in the Federal District Court by international art dealer Jim Jacobs against Berkshire Bank, alleging that the bank was negligent in  wiring more than 1.4 million dollars from his account at Berkshire Bank to accounts in Hong Kong  banks.  The money was wired by Berkshire Bank in response to emails purporting to be from Jacobs asking that the money be wired in regard to purchases of art by the abstract painter Agnes Martin.  The money was wired by the bank in response to the totally phony emails.

In his lawsuit, James alleges that Berkshire Bank should have understood the security issues involved in wiring large amounts of funds in response to email requests and should have instituted greater security measures to protect James’ account.

TIPS

As we have seen so often in the past year, emails are notoriously insecure and for a bank to wire more than a million dollars in response to unconfirmed email requests does appear to be unwise.   All banks and financial institutions should have analytics in place to recognize transactions that are out of the ordinary as these particular transactions were.  They should also have encrypted, secure programs to be used for email communications and strengthened security standards such as dual factor authentication to provide greater security. Unencrypted emails should not be used by anyone for financial transactions.