Emerging Pattern Observed Nationwide
Recent incidents affecting businesses across multiple industries have followed a similar pattern:
- Employee Personally Identifiable Information (PII) Compromise: Fraudsters obtain employee data through phishing, malware, or prior data breaches.
- Business Email Account Compromise: Fraudsters gain unauthorized access to an employee’s business email account or successfully impersonate the employee using compromised credentials or personal data. The fraudsters then use the trusted email account or identity to send fraudulent instructions, request payment changes, or redirect funds, often appearing legitimate to internal staff and financial institutions.
- Caller ID Spoofing: Fraudsters spoof the legitimate business phone number and contact the bank by posing as authorized representatives.
- Multi-Factor Authentication (MFA) Interception: Because the email account is compromised, password reset communications and authentication codes may be intercepted.
- Online Banking Reset & Account Takeover: Fraudsters reset credentials, add users, modify account settings, and initiate wire or ACH transactions.
- Email Subscription ‘Bombing’: In some cases, compromised inboxes are flooded with subscription emails to conceal legitimate security alerts and delay detection.
Recommended Actions for Commercial Clients
Protect Employee Email Accounts
- Require multi-factor authentication (MFA) for all business email accounts.
- Implement phishing and spam filtering protections.
- Disable legacy authentication protocols where possible.
- Monitor for suspicious mailbox rules or unauthorized forwarding settings.
- Restrict access to personal email and social media on work devices used for business and financial activities.
Secure Devices Used for Banking
- Use modern endpoint protection tools capable of detecting suspicious behavior.
- Ensure laptops and workstations are encrypted.
- Enable device lock and automatic screen timeout controls.
- Use reputable, continuously updated antivirus and anti-malware software on all business devices.
- Prohibit installation of unapproved browser extensions or plugins on business devices.
Strengthen User Access Controls
- Regularly review user access and administrative privileges.
- Assign unique user IDs for each employee; never share credentials.
- Limit user access based on job responsibilities (least-privilege model).
- Remove administrative rights from standard users whenever possible.
- Immediately disable access for terminated or transferred employees.
Monitor, Filter & Actively Manage Risk
- Maintain centralized visibility over endpoint security status where possible.
- Limit non-business web browsing and personal email access on systems used for payment initiation or online banking.
- Implement web filtering or browser security controls where feasible.
- Deploy host-based and network firewalls and ensure they are actively managed.
- Review account activity daily and immediately report any unusual login attempts or transactions.
- Choose a qualified IT & Network Security Provider to actively manage security controls.
If You Suspect Suspicious Activity
If you believe your business email or online banking access may have been compromised, please contact your Relationship Manager or BankUnited’s Client Care Center at (877) 779-BANK (2265).
Available Monday–Friday from 8:00 a.m. to 7:00 p.m. ET and Saturday from 9:00 a.m. to 12:00 p.m. ET.
Early reporting significantly increases our ability to prevent unauthorized transactions.
This guidance is provided for informational purposes only and does not constitute legal, technical, or cybersecurity advice. The effectiveness or completeness of the practices described above does not guarantee prevention of fraud or cyber incidents from occurring. Customers should assess their own cybersecurity posture and implement controls appropriate to their specific systems, operations, and risk profile.