Corporate Account Takeover Presented by : Jim Vogt, CFE, CTP.

Slides:



Advertisements
Similar presentations
How to protect yourself, your computer, and others on the internet
Advertisements

Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.
Fraud Protection. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Breaking Trust On The Internet
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
What is identity theft, and how can you protect yourself from it?
8 Mistakes That Expose You to Online Fraud to Online Fraud.
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Internet Fraud By: Noelle Woodman.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
Internet safety By Lydia Snowden.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent s.
PHISHING AND SPAM INTRODUCTION There’s a good chance that in the past week you have received at least one that pretends to be from your bank,
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crimes.
PART THREE E-commerce in Action Norton University E-commerce in Action.
The Internet = A World of Opportunities Look what’s at your fingertips A way to communicate with friends, family, colleagues Access to information and.
3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge America,
Scams & Schemes Common Sense Media.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
IT security By Tilly Gerlack.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
CYBER CRIME.
ED 505 Educational Technology By James Moore.  What is the definition of Netiquette and how does it apply to social media sites? ◦ Netiquette is the.
Malware Targets Bank Accounts GAMEOVER!!. GameOver Cyber criminals have found yet another way to steal your hard-earned money: a recent phishing scheme.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
Information Security Sharon Welna Information Security Officer.
1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.
Topic 5: Basic Security.
What is Spam? d min.
Identity Theft What is it, is identity theft really a problem, how can I protect myself, what do I do if my Identity is stolen.
Cyber Safety Jamie Salazar.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Internet Security. 2 Computers on the Internet are almost constantly bombarded with viruses, other malware and other threats.
U.S. Businesses Targeted Randy Wolverton Brian J. Koechner.
INTRODUCTION & QUESTIONS.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
Protecting Yourself from Fraud including Identity Theft Personal Finance.
Protecting Your Assets By Preventing Identity Theft 1.
Protecting Yourself from Fraud including Identity Theft Advanced Level.
Unit Five Your Money – Keeping It Safe and Secure Identity Theft Part II Resource: NEFE High School Financial Planning Program.
5.6- Demonstrate how to be a responsible consumer in the 21 st century Roll Call Question: Something that you learned in this unit.
Zeus Virus By: Chris Foley. Overview  What is Zeus  What Zeus Did  The FBI investigation  The virus for phones  Removal and detection  Conclusion.
Yes, it’s the holidays... A time of joy, a time of good cheer, a time of celebration... From the Office of the Chief Human Capital Officer (CHCO ) Privacy.
Outline of this module By the end of this module, you will be able to: Understand the benefits that internet banking provides; Name the different dangers.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
CURRENT STATUS OF CYBERCRIME  Security is the fastest growing service in IT  Cyber Crime Costs $750 Billion annually  70% of threats arrive via .
Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?
Fraud Protection.
Fraud protection.
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
Protect Your Computer Against Harmful Attacks!
Cybersecurity Awareness
Business Compromise and Cyber Threat
Cybersecurity Simplified: Phishing
Presentation transcript:

Corporate Account Takeover Presented by : Jim Vogt, CFE, CTP

The Definition of Fraud Seven Specific Parts of Fraud A representation… about a material point… which is false… and intentionally or recklessly so… which is believed… and acted upon by the victim… to the victim’s damage. 2

OR… Theft by deception

MULTIPLE THREATS Fraud threats exist both inside and outside your organization It’s not a question of “if” but WHEN your organization will be threatened or impacted by one of these many threats

EXTERNAL THREATS Primary external threat is payments fraud – Check Fraud – ACH/Wire fraud, etc. Seventy-one percent of organizations experienced attempted or actual payments fraud in % of these companies were victims of check fraud. – ACH debits – 25 percent Other external threats – Corporate Account Takeover – Corporate Identity Theft 2011 AFP Payments Fraud and Control Survey

In the News… N.Y. Firm Faces Bankruptcy from $164,000 E-Banking Loss European Cyber-Gangs Target Small U.S. Firms, Group Says e-Banking Bandits Stole $465,000 From Calif. Escrow Firm La. firm sues [bank] after losing thousands in online bank fraud Cyber attackers empty business accounts in minutes Zeus hackers could steal corporate secrets too TEXAS FIRM BLAMES BANK FOR $50,000 CYBER HEIST Computer Crooks Steal $100,000 from Ill. Town FBI Investigating Theft of $500,000 from NY School District Zeus Botnet Thriving Despite Arrests in the US, UK -News headlines from The New York Times, The Washington Post, Computer World, and Krebs on Security 6

Examples… …company fell prey to fraud after hackers were able to break into the company's network, steal bank credentials and send 26 consecutive wire transfers out of the country, totaling $465,000. …construction company, had its corporate bank account raided over a six-day period by cyber thieves who were able to move over $588,000 to dozens of money mules throughout the country. 7

Other Examples of Losses $700,000 school district $1.2 million Texas company $100,000 electronics testing firm 8

What is Corporate Account Takeover? Cyber criminals target the financial accounts of owners and employees of small and medium sized businesses Creates significant business disruption and substantial monetary losses due to fraudulent transfers from these accounts Often these funds are not recovered 9

Corporate Account Takeover First identified in 2006 Millions of dollars are lost every year Has morphed in terms of the types of companies targeted and the technologies and techniques employed by cyber criminals Initially targeted large corporations, they now target municipalities, smaller businesses, and non-profit organizations. 10

What is Corporate Account Takeover? Purpose: Gain access to financial accounts How: cyber criminals target employees – often senior executives or accounting and HR personnel - and business partners and cause the targeted individual to spread malicious software (or "malware") Malware steals their personal information and log-in credentials. Once the account is compromised, the cyber criminal is able to electronically steal money from business accounts. 11

How is it Done? 13 1.Target victims by way of phishing, spear phishing or social engineering techniques. 2.Victims unknowingly install malware on their computers, often including key logging and screen shot capabilities. 3.The victims visit their online banking website and logon per the standard process. 4.The malware collects and transmits data back to the criminals through a back door connection. 5.The criminals leverage the victim’s online banking credentials to initiate a funds transfer from the victim’s account. Joint Fraud Advisory for Businesses - U.S. Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FS ‐ ISAC).

“Phishing” for Victims Mass s Pop-up messages Social networking or internet career sites Use these various methods to: – Ask for personal or account information – Entice employee to click on a malicious link or attachment Even “vishing” – Soliciting victims over the phone of VoIP

Other Tricks Cyber criminals use various methods, both technological and non-technological to install malware – attachments – Fake friend requests on a social networking site – Legitimate, but compromised, website 15

More Tricks To get employees to open messages and/or attachments or click on links, cyber criminals will: Disguise the to look as though it’s from a legitimate business. – Usually a scare tactic is used to entice the employee to open the and/or provide account information. Examples include: UPS (e.g., “There has been a problem with your shipment.”) Financial institutions (e.g., “There is a problem with your banking account.”) Better Business Bureaus (e.g., “A complaint has been filed against you.”) Court systems (e.g., “You have been served a subpoena.”) Make the appear to provide information regarding current events: – Natural disasters – Major sporting events – Celebrity news Use addresses or other credentials stolen from company websites or victims, such as relatives, co-workers, friends, or executives to design an to look like it is from a trusted source 16

The Mission… Get the malware installed. This allows the fraudster to “see” and track employee's activities across the business’ internal network and on the Internet The main target: visits to the financial institution and use of online banking credentials used to access accounts (account information, log in, and passwords). 17

Moving the Money To make the transaction appear legitimate, wire transfers or ACH credits are sent to the accounts of one or multiple money mules throughout the U.S Mules then withdraw the money and send it to criminal associates, usually overseas in countries like Ukraine, Russia and Moldova.

Money Mules Consumers lured into fake work-at-home scams, in which their employment involves receiving money and then forwarding the funds, usually to Eastern Europe. All you have to do is respond to the ad on Monster.com or other legitimate sites and: send a résumé with some personal information They, in turn, ask you to set up a checking account that soon starts filling with cash. You take the money to Western Union and wire it to your new employer, keeping 5% and 10% for yourself. Easy money, right? Except that it's illegal money laundering, called "money muleing" by the security industry.

Mule Recruitment-- Location: USA Status: Opened Employee Type: Part-Time Employee Company: Broad Capital Company, Inc. Duties of the Service Representatives include holding and supporting a local business used for payments processing between the company and the clients, managing cash flows, creating reports, providing support to the clients. Every office of the company starts from the local Service Representative cooperation, so the position is very prospective. Requirements: Advanced user ability to operate computer and to use Internet and . An existing bank account opened on personal or business name Basic skills in managing payments and money transfers. Ability to schedule working hours effectively. Availability of spare time (3-4 hours per day). Legal age.

Mule Recruitment (cont’d) Payment: basic salary $2500 monthly plus payments turnover bonus. Benefits: Flexible work schedule. Possibility to combine the job with primary employment. Free training course. How to apply: To apply, please reply back with your contact details. Phone number, contact name and attach any copy of your document with photo. Please reply ONLY to our

“Poof” Money is quickly gone and often not recovered 22

Who is Responsible? The bank? The client? 23

Other Variations Use various attack methods to exploit check archiving and verification services that enable them to issue counterfeit checks Impersonate the customer over the phone to arrange funds transfers Mimic legitimate communication from the financial institution to verify transactions, create unauthorized wire transfers and ACH payments, or initiate other changes to the account Gain customer lists and/or proprietary information - often through the spread of malware - that can also cause indirect losses and reputational damage to a business 24

BEST PRACTICES Educate your employees Exercise extreme caution when confronted with any request to divulge account information or banking access credentials Never open file attachments or click on web links if you are unsure of the source Be wary of pop-up messages Teach and require best practices for IT security

BEST PRACTICES Enhance the security of computers and networks – Install a dedicated, actively managed firewall – Create strong passwords (at least 10 characters) and update them several times per year – Install commercial anti-virus and spyware detection programs on all computer systems – Run regular scans for viruses, spyware, and malware – Ensure virus protection and other security software are updated regularly – Pay attention to warnings (viruses, etc.) – Note any changes in computer performance

BEST PRACTICES Reconcile all bank transactions (including checking online for electronic transfers) on a daily basis Enhance corporate banking processes and protocols – Multi-factor authentication – Dual control/authorization – Access controls – Watch for suspicious or out-of-pattern activity – Immediately report any transactions in your accounts that you question

BEST PRACTICES (cont.) Never leave a computer unattended while using any online banking or investing service Never access bank, brokerage or other financial services information at Internet cafes, public libraries, etc.

Contact Jim Vogt, CFE, CTP (858) NO PART OF THIS DOCUMENT MAY BE REPRODUCED IN ANY FORM OR BY ANY MEANS WITHOUT THE EXPRESSED WRITTEN PERMISSION OF JIM VOGT. ALL RIGHTS RESERVED, © 2012.

What is Business Identity Theft? Business identity theft (or corporate or commercial identity theft) is a relatively new development in the criminal enterprise of identity theft. In the case of a business, a criminal will hijack a business’s identity and use that identity to establish lines of credit with banks or retailers to purchase: – commercial electronics – home improvement materials – gift cards, and other items that can be bought and exchanged for cash or sold with relative ease. 30

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.