[Music in background throughout]
On screen copy and voiceover:
Credential theft is when someone steals your digital proof of identity,
[person on laptop]
Voiceover:
such as your username, password, or one-time password
[shows typing in a Password box]
On screen copy and voiceover:
or PIN. It’s a leading cause of cyber security compromise for businesses today.
[stock video shows person working on laptop]
On screen copy and voiceover:
Here’s an example of how it works:
[illustration shows button titled Log in]
On screen copy and voiceover:
Jim is an AP manager at a large enterprise.
[Icon of our “Jim” character animates on]
On screen copy and voiceover:
He receives an SMS message that appears to be from the web application he uses to store financial data.
[illustration transitions to a phone as a text bubble animates on and the ellipsis animates as a message is being typed.]
On screen copy and voiceover:
The message contains a link and reads: “We noticed unusual activity on your account — recommend immediate action! Click here to review your account information
and change your password.” Jim clicks on the link
[Illustration zooms on the text message as the message animates on. Arrow comes into view and clicks on the link.]
On screen copy and voiceover:
and enters his username, existing password and a new password.
[illustration transition to a computer as we see Jim typing in his username, old password and a new password].
On screen copy and voiceover:
He exits the site and assumes he’s taken care of the problem.
[Illustration shows Jim closing out of “the site” and the laptop lid closes]
On screen copy and voiceover:
Unbeknownst to Jim, the text he received was actually from cyber criminals.
[Illustration shows the previous text Jim received which reappears as a criminal icon appears adjacent to the message revealing the text was not from a valid source.]
On screen copy and voiceover:
The link brought Jim to a fraudulent site that harvested his credentials.
[Illustration transitions to see the credentials being harvested from Jim to the criminal.]
On screen copy and voiceover:
The criminals sell Jim’s credentials to another threat group interested in targeting his company.
[Illustration shows Jim’s credentials are exchanged for cash with another criminal.]
On screen copy and voiceover:
The group uses Jim’s credentials to access his data and find hundreds of email/password combinations, including the CEO's credentials.
[Credentials bubble from the previous frame transforms into a folder the criminal can access. A data file with passwords emerge from the folder with CEO label.]
On screen copy and voiceover:
Jackpot! Criminals have now gained widespread access to Jim’s company,
[Folder illustrated from the previous scene opens up revealing the criminal has complete access to the company.]
On screen copy and voiceover:
…infecting computers and…
[The folder from the previous frame transforms into a laptop which has been infected.]
On screen copy and voiceover:
stealing both proprietary and personal data of high-ranking employees and the company.
[More computers animate on as personal data animates is accessed on each.]
On screen copy and voiceover:
They extort the company for $1.5 million, causing both reputational and financial harm.
[Illustration transitions back to the company building as money emerges around the company and keeps rising.]
On screen copy and voiceover:
How can Jim — and you — avoid this outcome in the future? First, always review texts with skepticism, especially if they contain a link. Even if the source appears legitimate, if there's an unusual request, be sure to verify the request independently. If in doubt, go back to the original source.
[Stock image of person on computer and person typing on phone to typing on laptop, transitioning to man on computer in personal and office setting.]
On screen copy and voiceover:
In this case, Jim should have gone directly to the application to confirm whether his account was
compromised.
[person on computer in office and calling on cellphone]
On screen copy and voiceover:
Next, avoid storing passwords in an easily accessible place, including writing them down.
[stock photo of person taking notes in front of computer and phone]
On screen copy and voiceover:
Finally, talk to your team about best security practices, such as employee education on fraud detection, controls like multifactor authentication and technologies that provide additional barriers to keep business networks and data safe.
[stock photos of employees in different office settings]
[Bank of America logo appears]
On screen disclosures:
“Bank of America” and “BofA Securities” are the marketing names used by the Global Banking and Global Markets divisions of Bank of America Corporation. Lending, other commercial banking activities, and trading in certain financial instruments are performed globally by banking affiliates of Bank of America Corporation, including Bank of America, N.A., Member FDIC. Trading in securities and financial instruments, and strategic advisory, and other investment banking activities, are performed globally by investment banking affiliates of Bank of America Corporation (“Investment Banking Affiliates”), including, in the United States, BofA Securities, Inc. and Merrill Lynch Professional Clearing Corp., both of which are registered broker-dealers and Members of SIPC, and, in other jurisdictions, by locally registered entities. BofA Securities, Inc. and Merrill Lynch Professional Clearing Corp. are registered as futures commission merchants with the CFTC and are members of the NFA.
Investment products offered by Investment Banking Affiliates:
Are Not FDIC Insured
Are Not Bank Guaranteed
May Lose Value
© 2022 Bank of America Corporation. All rights reserved.
[End of transcript]