This information is intended to help our clients protect themselves from fraud, including cyberfraud and other fraudulent activity. BNY Mellon maintains active oversight of our systems in order to protect the security and privacy of client information; however, our clients are responsible for protecting themselves against fraudulent activities and for maintaining cybersecurity best practices.
Criminals have capitalized on the broad power and wide availability of the internet and email to defraud unsuspecting people, and they can be convincing. They make their fraudulent emails look like they come from legitimate sources. They publish fake websites that use designs, information and programming stolen from their rightful owners. They use methods to impersonate you over the phone to arrange funds transfers, imitate communications from a financial institution to verify transactions or initiate other changes to your account. Learn more:
Phishing (a variation on the word “fishing”) is a technique whereby a fraudster impersonates a legitimate/reputable entity or person in an attempt to steal sensitive information. Cyber criminals often target individuals and trick them into clicking a link, opening an email attachment, accepting a fake request from a friend to a social networking site, visiting a legitimate website that has been compromised or using an infected USB drive. These actions can potentially enable a fraudster to install malware. The malware opens the door for criminals to steal account login credentials and submit fraudulent wire transfers and/or ACH payments on your behalf.
BNY Mellon does not contact its clients or anyone else by email to confirm credit card or financial transactions, or to confirm or request personal account information or any other type of sensitive information.
The BNY Mellon Service Desk will never ask for your password or any information about your token (PIN). Be wary of anyone who asks for your credentials and do not trust any email communication that requests your personal information.
Contact BNY Mellon immediately if you receive an email to this effect from someone claiming to be from BNY Mellon.
Email is by far the most popular way for criminals to try to get your attention and personal information. Don't necessarily believe what you're being told. There are numerous variations of these online scams, so the best defense is education and a healthy dose of skepticism. And if you’re dealing with value-bearing instructions (e.g., instructions to move cash or securities), make sure you’re following your company’s authentication procedures to validate the instruction as legitimate.
Many fraudulent emails and websites may be characterized by the following:
However, some fraudulent emails are very convincing and appear legitimate, created by sophisticated criminals who are highly motivated to steal your information. Some recent methods spoof legitimate businesses to trick individuals into opening an attachment or clicking on the link. For example:
In addition to spoofing legitimate businesses, fraudsters may employ Business Email Compromise to impersonate a senior executive or a trusted client to obtain access to sensitive data.
Business Email Compromise
This method of impersonating a senior manager or client is sometimes used to request a wire transfer or other critical actions (such as releasing highly confidential data or changing wiring destination instructions), using management’s or a client’s position as a way to bypass standard approvals and controls.
Oftentimes, the email demands an urgent action and is “time-sensitive”, using the sender’s influence to pressure the recipient into clicking the link or taking action.
Even though the email may originate from a known or even trusted source, make sure you know the email is legitimate before taking action.
"Spoofing" is another trick used by fraudsters to create a fake website that appears to be a legitimate site. To help protect yourself, be aware of how you're accessing the site:
Cyber Criminals: Tricks of the Trade
Criminals create new email scams every day, but here are a few of the most common:
Report any suspicious activity involving BNY Mellon to your customer service representative.
Consider these best practices to help combat cyber fraud (note – this list is not exhaustive):
Consider the following best practices to help secure computer systems (note – this list is not exhaustive):
BNY Mellon works to protect the privacy and data integrity of sensitive information while it is in our possession and control.
In the course of providing services, we may exchange information with clients or their authorized representatives, which is sensitive and confidential. In order to protect this information, BNY Mellon requires sensitive information to be encrypted when transmitted over an open unsecured network.
BNY Mellon provides two encryption methods for electronic messages containing sensitive information sent to external recipients:
Transport Layer Security (TLS) is the primary and preferred method of encryption for BNY Mellon. TLS encrypts email messages between servers and is designed to protect confidentiality and data integrity, and is a widely recognized standard issued by the Internet Engineering Task Force (IETF) for securing transmitted data. This method of encryption allows email to be automatically secured with no additional steps required by the sender and recipient. TLS requires our external partner organizations to have both a TLS-capable infrastructure and a valid digital certificate for encryption. Once established, this method is the most convenient for all users and provides seamless encryption for email and attachments.
BNY Mellon Secure Messaging Portal is the alternative secure encryption tool that is utilized when an external partner does not have TLS capability. The portal encapsulates a message and its attachments into an encrypted message. Once protected, the encrypted message is sent to recipients as an attachment to a plain text email. The recipient uses a self-created, pre-registered password to access the notification and any attachments.