If you received an e-mail at work that appears to be from your bank, would you open it? How about that message that looks as if it’s from UPS saying there’s a problem with your shipment?

Increasingly, small and medium-sized businesses in Iowa are being targeted by sophisticated cyber fraud attacks that may be initiated this way.

Last week, RSM McGladrey Inc., a national business consulting firm with offices in Iowa, sent an e-mail to its clients warning of high-dollar cyber heists targeting clients of Iowa banks.

According to the alert, “another one of our Iowa bank clients who has an Automated Clearing House (ACH) customer got infected and a significant amount of money was moved overseas. We are seeing a trend and want you to be aware of how to protect yourself from this fraud outbreak.” 

The Internet Crime Complaint Center last year received 1,955 reports of cyber fraud in Iowa, with losses totaling nearly $3 million. The most common type of fraud reported was advanced-fee fraud, with losses of more than $363,000. Nationwide, cyber fraud cases increased by 22 percent in 2009, with total dollar losses of $559.7 million reported and a median dollar loss of $557 per incident.

In a typical “corporate account takeover,” an employee may respond to a “phishing” e-mail that contains malicious software containing a key-logging program or other means to track account data. When customers log on to the company’s website, their account information is then relayed to the criminals through a back-door connection. The criminals then use the account information to transfer funds from the victims’ accounts.

Loras Even, a managing director and information technology security specialist with McGladrey, declined to provide details of the attack, citing client confidentiality.

Iowa Banking Superintendent Tom Gronstal said the Iowa Division of Banking’s bank examinations include vulnerability testing of banks’ information technology departments. 

“Actual losses from the type of activity in the McGladrey article are rare in Iowa, but since they can be large, bankers are very concerned,” he said. “Many banks have put additional controls on foreign wire transfers to help prevent losses.  Banks have always had to work hard to stay ahead of the crooks.”

Federal law enforcement agencies recently issued a fraud advisory for businesses that detailed steps companies should take to prevent being victimized by such attacks.

To access the 2009 cyber fraud report for Iowa, click here.