KSB Bank Smart - Cyber Security Protection Fraud Webinar

Thank you for joining us!

At Kennebec Savings Bank, safeguarding your business is central to our commitment to your success. That’s why we hosted a free virtual event, KSB Bank Smart: Cyber Security Protection Webinar, created to help you stay ahead of evolving cyber threats and strengthen your defenses against online fraud.

Below, you’ll find access to the full webinar recording, presentation slides, helpful resources, and answers to questions shared during the event.

About the Webinar

In today’s digital world, bad actors are constantly developing new ways to target businesses of all sizes. During this session, our experts discussed how to identify common cyber risks, protect your organization from email and social engineering scams, and implement practical security measures like multi-factor authentication and access controls. Whether you’re a small business owner or managing a larger organization, this webinar provides valuable insights to help you safeguard your accounts and sensitive data.


Webinar Recording

Missed the live session, or want to revisit the key takeaways? Watch the full webinar below:
 
































Questions & Answers from the Webinar

You have an alert in online banking this week about a current scam. Can you talk a little bit about that? And how do scammers know we are Kennebec Savings Bank customers to target us? 

We’re aware of a situation where fraudsters are spoofing Kennebec Savings Bank’s phone number and pretending to be KSB staff. The Maine Bankers Association has confirmed that we’re not alone—other banks in Maine, and possibly beyond, are experiencing similar fraudulent activity. 

As mentioned in the “Important Takeaway” section, if you’re ever in doubt, hang up and call us directly. You can always ask to speak with your usual business contact at Kennebec Savings Bank. No one here will ever be upset that you want to verify who you're speaking with or connect with your trusted partner at KSB. 

To address the second part of your question: there are several ways criminals can determine where someone banks. For example: 

 

  • Checks: Most checks display the bank’s logo or name. 
  • Public filings: Information in Uniform Commercial Code (UCC) or other loan filings can reveal banking relationships. 
  • Card data: The first six digits of a debit or credit card (known as the BIN) are tied to the issuing bank. 
  • Location and market share: In some regions, it’s not difficult to guess where someone banks based on which institutions dominate the local market. 
  • Third-party data breaches: If a business where you’ve used your card experiences a breach, that data could potentially expose your banking information. 

Fraudsters use all of these clues to piece together where someone banks, so it’s important to stay vigilant. 



 Employee training seems key. Any recommendations for how to do that if no one on our staff has the expertise? 

This is such an important topic. By attending today’s session—or reviewing the recording and sharing the materials provided, such as guides and resources—you’re actively strengthening your organization’s security. We encourage you to have your teams watch the recording as well. As your financial institution, we’re always happy to assist with user reviews and are your partner in protecting your business. 


The Kennebec Valley Chamber of Commerce had a business luncheon on fraud prevention recently and there are many other events, webinars, and training sessions offered by financial institutions—often free and available online. In addition to those, insurance companies, local payments associations like NEACH (New England ACH Association), and other organizations frequently offer training opportunities, some at no cost and others for a reasonable fee.  


There are also excellent free tools available online. The Cybersecurity and Infrastructure Security Agency (CISA) offers free training toolkits and even on-site assessments. The U.S. Small Business Administration (SBA) also provides a variety of cybersecurity resources. We’ve included links to these tools at the bottom of our slides, and they’re great options to explore further. 


For those looking for more robust solutions, there are paid third-party tools like KnowBe4, a widely used cybersecurity awareness platform. 



What are the red flags within an e-mail that might tell you this is not legitimate? 

There’s a lot to consider when it comes to email security. Before taking action on any email, it’s important to pause and look for red flags. The number one red flag is the sender—is it someone you know and expect to hear from? Even if the name looks familiar, always double-check the actual email address. Fraudsters often use addresses that look nearly identical to legitimate ones, sometimes swapping characters (like using a “1” instead of a lowercase “l”). 

Phishing emails typically have two key characteristics: 

  1. A call to action – A phishing email is only effective if it gets you to do something. Whether it’s clicking a link, providing personal information, or downloading an attachment, the goal is to prompt a response. Even the most convincing message—like one claiming to be from a foreign prince offering you money—is useless to the scammer unless you take action. 

  1. A sense of urgency – Phishing emails often try to create panic or pressure, urging you to act immediately. But in legitimate situations, if something were truly urgent, the sender would likely call you instead of emailing. That urgency is a tactic to get you to bypass your usual caution and overlook other warning signs. 

There are many great resources online to help identify phishing emails. A quick Google search will turn up helpful PDFs and guides that you can share with your team. 



What do you consider the most secure or best MFA options?    
 

I prefer using a Two-Factor Authentication (2FA) app. These apps live on your mobile device, and the only way someone could access the code is by physically having your phone. The same applies to soft token apps—they generate a code within an app on your phone, adding a strong layer of protection. 


We also offer hard tokens, which are small physical devices you can keep on your keychain or in your desk. These generate a unique code for logging into online banking. Again, the key advantage is that someone would need to physically possess the device to gain access. 


In contrast, methods like email, text messages, or voice calls are more vulnerable. Fraudsters are becoming increasingly skilled at spoofing phone numbers and intercepting messages. For example, if a criminal has already compromised your email account, they could easily retrieve a 2FA code sent via email. 


While any form of multi-factor authentication is better than none, we strongly recommend using 2FA apps, soft tokens, or hard tokens as the most secure options. 



Which alerts do you think are the most important to turn on in business online banking? 

I recommend setting up alerts that work best for you. Everyone manages their finances differently, and the key is to choose alerts that you’ll actually pay attention to and find helpful. 

If you’re someone who appreciates frequent reassurance and doesn’t mind multiple notifications, you might benefit from enabling an online banking login alert. That way, every time you log in, you’ll receive a multi-factor authentication (MFA) code followed by a text message confirming the login. This can give you peace of mind, knowing that only you are accessing your account. 

Others may prefer fewer notifications and might opt for alerts only when a transaction fails or for a daily summary of activity. It really depends on your preferences and how you monitor your accounts. 

That said, I strongly recommend enabling alerts for critical changes, such as an ACH payee change. Since payees don’t change often, receiving an alert for this type of activity can be a vital early warning sign of fraud. 

There’s no one-size-fits-all solution. Take time to review the alert options available and select the ones that align with how you manage your business’s day-to-day finances. 





Stay Protected with Kennebec Savings Bank

If you have additional questions or would like to learn more about how Kennebec Savings Bank can help you enhance your business’s cybersecurity and fraud prevention strategies, our team is here to help.