U.S. Businesses Targeted Randy Wolverton Brian J. Koechner

 Payment Fraud Schemes  Involves Compromising Accounts  Fake s from Senior Executives  Fake s from Vendors  Goal: Cause Wire Transfers from Company to Fraudsters  Also Known as Man-In-The-Middle Scams  Video Video

 Global Scam Stats:  Time Period: 10/01/2013 to 12/01/2014:  Combined U.S. and Non-U.S. Victims: 2126  Combined Losses: $214,972,  Problem is Growing  Linked to Other Fraud Schemes: Romance; Lottery; Employment; Home/Vacation Rental Attorney Check;

 Compromise account of Executive  sent from Executive to Employee with ability to conduct wire transfers  Compromise Vendor/Supplier  Last Minute modifications to bank account  Wired Funds often sent to Asia, and other countries

 Business with longstanding relationship with supplier  Asked to wire funds for invoice payment to fraudulent account  Request made via telephone, fax, or  contains spoofed website  Appears to mimic prior legitimate requests

 accounts of high level Executives are compromised  Request for wire transfer from compromised account is made to employee(s) conducting wires  Fraudulent request is often sent to banking institution

 Employee’s is hacked  Contact list is obtained  Request for invoice payments to fraudster bank account are sent from this employee’s to multiple vendors  Scheme not discovered until contact is made with vendors

 Very Patient, Ruthless  Prior Reconnaissance of Target  Looking for Control Weaknesses  Often Use Weekends, Evenings, fake Emergency transfers  Often used when Executive is traveling and cannot be contacted

 Changing the header to disguise the true source  Used to get recipients to open and respond to solicitations  Used to convince person to provide personal or financial information  Used to gain access to computer system

 Use Spoofed s to employees allegedly from Executive  Spoofed from Executive describing a “Confidential Deal”  Spoofed from Executive asking to change Vendor information  Can be used to install Malware, Key Logging  Asks Employees to click on a compromised Website (Phishing)

 Businesses/Personnel using open source E- Mail are targeted  Individuals handling wire transfers are targeted  Spoofed s mimic a legitimate  Hacked s often occur with personal E- Mail account

 Fraudulent requests carefully worded to appear legitimate  Phrases “code to administrative expenses” or “urgent wire transfer” are common  Amount of wire transfer is business specific – similar to normal business

 Fraudulent requests coincide with business travel dates for Executives  Fraudulent IP addresses often trace back to free domain registers

 Avoid Free Web-Based  Establish a company web-site domain and use it to establish company accounts  Be careful of posts to social media and company websites  Be suspicious of requests for secrecy, or to take action immediately

 Consider additional IT and Financial Security  Consider 2-step verification  Arrange second-factor authentication (telephone contact)  Consider Digital Signatures on both sides of transaction  Delete Spam – unsolicited from unknown parties

 Do Not Open Spam  Do Not use the “Reply” option to respond to business s. Instead, use the “Forward” option and either type the correct address or select it from the address book  Be aware of significant or sudden changes in business practices  Train Employees