Paul Abramson
Paul Abramson, Montecito Bank & Trust’s chief technology officer, says clients and their personal information have never been more at risk from digital threats. “I can’t think of a business that doesn’t need that kind of help these days,” he notes. (Montecito Bank & Trust photo)

[Noozhawk’s note: Second in a series. Click here for the first article, on financial literacy.]

Cyber scams are on the rise and, in many cases, it’s become increasingly difficult to know what’s real or fraudulent.

Montecito Bank & Trust’s cybersecurity and fraud protection program is one of the bank’s four community outreach programs. The bank offers training presentations throughout the community, including at retirement homes, professional clients’ locations, local forums and bankers’ conferences.

The program’s resources have become more important as cyber scams are now a daily concern across the country. Mobile phone scam calls are expected to total almost half of all mobile phone calls in the United States in 2019, and data from the FBI showed that tax extortion schemes have skyrocketed, as the FBI received more than 50,000 complaints from people who reported losing more than $80 million during tax season this year.

Montecito Bank & Trust created its cybersecurity program about five years ago, said Paul Abramson, the bank’s chief technology officer. Today, banking is almost entirely digitized and community members are even more at risk of having their personal information compromised.

“I can’t think of a business that doesn’t need that kind of help these days,” he said of the program. “It’s open to everybody.”

Local businesses can reach out to the bank to schedule a cybersecurity workshop, but as scams grow more frequent, the bank will soon initiate scheduled, regularly held training courses for the community.

The most significant threat right now is fraudulent emails, Abramson said. These emails can deliver malware, share documents and links with viruses through fake Google Drive emails and Microsoft Excel and Word, and bait clients through phishing scams.

Montecito Bank & Trust’s presentations, often run by Abramson, feature examples of dangerous malware, phishing pages and impostor emails so clients know what to look out for.

“Phishing pages prey on the convenience of clicking on a link, so you never really want to do that,” he said. “Stop and take a minute and think about the context.”

The bank partners with several local organizations and tailors its presentations to the needs of specific companies, including Easy Lift, a nonprofit organization that provides specialized transportation for disabled and elderly community members.

Ernesto Paredes, executive director of Easy Lift, is grateful for the bank’s cybersecurity workshop for nonprofit organizations, which he describes as “truly a community service.”

“They know nonprofits have the pulse on what the most vulnerable community members need,” he told Noozhawk. “(The bank) understands that nonprofits don’t have the resources to get that information about cybersecurity. So they get the information and invite the community to come (to their workshops).”

In addition to the presentations, the bank also offers online resources with information about cyber-defense. The bank also has a Facebook page, MB&T Fraud Fighters, that posts about recognizing and preventing fraud.

The bank educates residents and businesses on preventative steps they can take to keep their information safe that don’t require spending a lot of money, such as verifying links and consistently monitoring bank accounts, said Megan Orloff, the bank’s executive vice president and chief strategy officer.

“We’re trying to be very responsive and reactive to the types of scams were seeing,” she said. “Not only is it about mitigating the losses the bank takes, but also the stability of our clients and our community.”

Cybersecurity Advice

Montecito Bank & Trust has some tips to keep your information safe:

» Be vigilant: Don’t immediately trust emails or phone calls.

» Caller ID can be easily spoofed so always hang up and call back at the published number.

» Methods exist to improve the trust of email. MB&T’s .BANK domain and the associated security requirements are one way. However, it’s not as common or easy to determine if they are in place. If you are unsure of the legitimacy of an email, pick up the phone and call to verify.

» Avoid clicking links and opening attachments: Email is the primary method to deliver malware and steal credentials. If you receive an invitation to access a file or log in to an online service, visit the legitimate site by searching for it using a search engine. If the email is legitimate, the file will be waiting for you when you log in.

» Maintain offline backups: Always have a failsafe copy of important data. Safe deposit boxes are an inexpensive way to store offline backups saved on a removable hard drive.

» Use strong authentication: Add two-factor authentication to critical online services, don’t reuse passwords and create longer rather than more complex passwords.

» Keep your software up-to-date to prevent susceptibility to hacks. Malware finds security holes and takes advantage of software vulnerabilities.

Noozhawk contributing writer Maura Fox can be reached at news@noozhawk.com. Follow Noozhawk on Twitter: @noozhawk, and connect with Noozhawk on Facebook.