Ransomware is a type of malicious software that infects and restricts access to a computer until a ransom is paid. Although there are other methods of delivery, ransomware is frequently delivered through phishing or business email compromise (BEC) scams.
According to the FBI, the scam typically starts with a spoofed email or text from a person of authority, such as a CEO or HR director, or someone with whom you do business, like a vendor or customer. The message will have a link or an attachment that references a bill, delivery, payment or need for information to be updated. When the link or attachment is clicked, malware or ransomware is loaded onto your business computers. Once the cybercriminal gets access to your computer, they may send fake emails that appear to have come from your company or load ransomware that will lock up your computer and request payment to unlock it.
There are ways to prevent these types of scams:
- Look at the email header of the sender. Keep an eye out for email addresses that look similar to, but not the same as the ones used by your work supervisors, peers, vendors or customers (abc_company.com vs. abc-company.com).
- Be wary of requests to update or reveal sensitive material or make a payment.
- Watch out for grammatical errors or odd phrasing.
- Notice language that tries to pressure you to respond quickly.
- Finally, don’t rely on email alone. If you are suspicious, contact the sender directly, but not by replying to the message in question.
Bank OZK’s cybersecurity experts recommend never opening an email attachment, particularly compressed or ZIP file attachments, from an unknown sender or providing confidential information in response to an email or phone call you did not initiate or request. The sender may have stolen the identity of a trusted individual, agency or business. If you are concerned you are a victim, search for a legitimate way to contact the person or company directly to let them know you received the email and verify they sent it. Do not use contact information provided on a website connected to the questionable request.
Bank OZK will never ask you for sensitive information via email, text, or during a telephone conversation you did not initiate or request. Do not share personal information. Never give your passwords, PIN, checking account or credit card numbers or Social Security number to anyone unless you know the person or the organization. If you receive an unsolicited email, text, or phone call in regard to private information, you should contact our Customer Care Center at 800-274-4482.