Do you know who you’re dealing with? Social Engineering: Minimise the risk of becoming a victim.

Slides:



Advertisements
Similar presentations
P URCHASING C ARD T RAINING FOR R EVIEWERS AND C ARDHOLDERS Presented by Blair Blankinship UBs Director of Procurement.
Advertisements

Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.
Compliance with Federal Trade Commission’s “Red Flag Rule”
Operational Risks Task 13. What is CNP? CNP stands for Card Not Present and is when you order or pay for something online as you are not in front of the.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
1 Identity Theft and Phishing: What You Need to Know.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
David Abarca, Instructor Del Mar College Computer Corner Phishing, Pharming, Spear-Phishing, and now…. Vishing.
Hurricane Katrina Avoid Falling Prey to Donation Scams - Click to Proceed - Brought to you by The Louisiana State Fire Marshal.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.
DO YOU LOVE FISHING “PHISHING” ? OR Global Wealth Management Group MORGAN STANLEY & SMITH BARNEY A term used to describe fraudulent attempts to steal.
The most comprehensive Oracle applications & technology content under one roof Procure to Pay Automation Bevan Wright Fusion5 NZ Oracle User Group.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Internet Phishing Not the kind of Fishing you are used to.
ONLINE SAFETY Online safety Money Works: Level 1 Topic 3.
Chapter 4 Billing Schemes.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
1 Begin the E Signature Process Here. 2 OPTION 1: Send a secure to the Insured to E-Sign and Pay Online This is a copy of the your Insured.
Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Reliability & Desirability of Data
Scams & Schemes Common Sense Media.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Available from BankersOnline.com/tools 1 FACT ACT RED FLAG GUIDELINES.
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
To:Employee From: impersonated official company Message: Give us personal information here.
How Phishing Works Prof. Vipul Chudasama.
Chapter 4 Billing Schemes.
LIBS100 Etiquette and Hoaxes May 16, 2005 L. Galloway.
P URCHASING C ARD T RAINING FOR R EVIEWERS AND C ARDHOLDERS Presented by Blair Blankinship UB’s Director of Procurement.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Topic 5: Basic Security.
e-Learning Module Credit/Debit Payment Card Acceptance and Security
A Euronet Worldwide Company Welcome to epay WebPOS! Use this index to find detailed instructions for WebPOS and begin taking payments today!! 1.Downloading.
Alert against Online Shopping Frauds. Online Shopping A form of electronic commerce whereby consumers directly buy goods or services from a seller over.
FINANCIAL MANAGEMENT GUIDE © Marin Management, Inc. 1 A. The Purpose of This Policy The purpose of this policy is to inform Hotel management of common.
U.S. Businesses Targeted Randy Wolverton Brian J. Koechner.
Basics What is ? is short for electronic mail. is a method for sending messages electronically from one computer.
PHISHING PRESENTED BY: ARQAM PASHA. AGENDA What is Phishing? Phishing Statistics Phishing Techniques Recent Examples Damages Caused by Phishing How to.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Risk Outlook Anti money Laundering and Cybercrime Steve Wilmott and George Hawkins.
SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.
Fraud: Does it really only happen to others? Amanda Francis.
WHAT YOU NEED TO KNOW Chevron Federal Credit Union Great Rates. Personal Service. chevronfcu.org  
Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.
Outline of this module By the end of this module, you will be able to: Understand the benefits that internet banking provides; Name the different dangers.
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
I S P S loss Prevention.
Phishing is a form of social engineering that attempts to steal sensitive information.
Presented by: Brendan Walsh Manager, Security and Access Management
Cybersecurity Awareness
Personal IT Security Cyber Security – Basic Steps
The prudent man looketh well to his going.
Clemson University Red Flags Rule Training
Business Compromise and Cyber Threat
Social Engineering Humans are often the weakest point in security
Security of People, Property and Information
What is Phishing? Pronounced “Fishing”
Donning your Detective Hat: Sniffing Out Payroll Fraud
Presentation transcript:

Do you know who you’re dealing with? Social Engineering: Minimise the risk of becoming a victim

Introduction 1. What is Social Engineering and what issues does it create? 2. What is ‘Vishing’? 3. What is ‘Invoice Fraud’? 4. What is ‘Phishing’? 5. Avoiding falling prey to Social Engineering 6. Accountability and rules of good practice

Social engineering What is it? Why it is a cause for concern Why it is critical that it is confronted Estimating its scale

What is ‘Vishing’? Vishing is variety of telephone fraud being used increasingly by criminals to deceive businesses into revealing company financial information or to encourage the transfer of funds into a bank account held by the criminal.

Vishing – Detection Be alert to: Cold calls to your company or organisation Callers who suggest you hang up the phone and call them back Callers who tell you that your company or organisation’s payment has become trapped in the transfer system Callers who request that you transfer funds to a new bank account Callers who claim to be a member of staff within your company or organisation, who request that you make an unusual payment

Remember: Never assume a caller is legitimate because they possess privileged information about your company or organisation or claim to represent a genuine company or organisation Firmly decline requests to provide information and terminate the call if you are suspicious of a caller Caller display IDs can be manipulated to disguise the origin of the call. If in doubt, call back using an independently verified number Use a different line to validate a call. Be aware that it takes two people to terminate a telephone call. The line can be kept open if the caller does not end the call, meaning that if you do attempt to call back in order to validate them, you will reach the same person Review company policy on what information staff are permitted to provide to a telephone caller, both internal and external Preventing Vishing

Invoice fraud happens when a company or organisation is tricked into changing bank account payee details for a sizeable payment. Criminals pose as regular suppliers to the company or organisation and will make a formal request for bank account details to be changed. The fraud is often only discovered at the point when the legitimate supplier of the product or service chases for non-payment of invoice. At that point recovery of the funds from the fraudulent account is very difficult. What is Invoice Fraud?

Counterfeit invoices, and any covering letters, will appear to be printed on company headed paper, but closer inspection is likely to reveal them to be copies scanned from an original document then printed onto paper using an office printer. Consequently the company logo may appear less sharp and slightly blurred. Detecting Invoice Fraud Every company or organisation is vulnerable to invoice fraud. Vigilance is key, look out for requests to: Change payee account details for a regular payment already set up with a supplier. Change the payee bank account details and make an immediate payment. Take time to consider and check: If notifications to alter bank details were expected If the supplier already has a mandate with your organisation

Always: Before implementing the change, verify requests to change bank details or set up new payment instructions by contacting the supplier directly, using established contact details Reconcile accounts regularly, daily if possible, to help quickly identify potential fraudulent transactions Check paper notifications and invoices carefully – is the company letterhead blurred? Is the address different to previous correspondence? Also consider: Adopting dual control procedures for the authorisation of payments Applying limit controls to payments Regularly conducting audits across accounts Gaining an understanding of supplier timescales for non payments Preventing Invoice Fraud

fraud is being increasingly used by criminals who send s at random, often to thousands of individual accounts. Such s claim to have come from reputable companies such as banks or credit card companies. What is ‘Phishing’? s often attempt to deceive the recipient into visiting a website where they are encouraged to update personal financial information to update or reactivate a bank account. This information is then fraudulently used by the criminals. In a variation on this type of fraud, the content will request that the recipient completes and returns an attached form, or to open an attachment feigning to be a receipt for the attempted delivery of a parcel.

Be wary of s that: Are unsolicited and supposedly come from a reputable organisation, such as a bank or credit card company Open with a vague greeting such as ‘Dear Customer’ or ‘Dear Sir/Madam’ Request personal information such as username, password or bank details Contain addresses which are different to the website of the organisation they claim to be from Detecting Phishing

Remember : Never open or forward s which you suspect might be spam Never visit a website from an link or enter your personal details Be alert to any unexpected changes on your bank’s website which involve you being asked for more information than you would normally provide Question all unusual requests for payments, changes of bank details or personal information, even if they have been sent from a recognised company Carefully check website addresses – the address for the login page on your bank’s website should always start with ‘https’ Contact your bank immediately if you think you might have visited a Phishing site and provided your account details Preventing Phishing

Can you define your responsibilities to your company or organisation? Do you feel changes need to be made? Is the reporting structure in place when a member of staff becomes suspicious that an attempt of Social Engineering is being made? Should it be reported to: A manager? The Finance Team? The bank? Action Fraud? Accountability and rules for good practice

For further advice and guidance visit Further advice and UK Financial Fraud Action UK

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.