Presentation is loading. Please wait.

Presentation is loading. Please wait.

Do you know who you’re dealing with? Social Engineering: Minimise the risk of becoming a victim.

Published bySherman Lang Modified over 8 years ago

Similar presentations

Presentation on theme: "Do you know who you’re dealing with? Social Engineering: Minimise the risk of becoming a victim."— Presentation transcript:

1 Do you know who you’re dealing with? Social Engineering: Minimise the risk of becoming a victim

2 Introduction 1. What is Social Engineering and what issues does it create? 2. What is ‘Vishing’? 3. What is ‘Invoice Fraud’? 4. What is ‘Phishing’? 5. Avoiding falling prey to Social Engineering 6. Accountability and rules of good practice

3 Social engineering What is it? Why it is a cause for concern Why it is critical that it is confronted Estimating its scale

4 What is ‘Vishing’? Vishing is variety of telephone fraud being used increasingly by criminals to deceive businesses into revealing company financial information or to encourage the transfer of funds into a bank account held by the criminal.

5 Vishing – Detection Be alert to: Cold calls to your company or organisation Callers who suggest you hang up the phone and call them back Callers who tell you that your company or organisation’s payment has become trapped in the transfer system Callers who request that you transfer funds to a new bank account Callers who claim to be a member of staff within your company or organisation, who request that you make an unusual payment

6 Remember: Never assume a caller is legitimate because they possess privileged information about your company or organisation or claim to represent a genuine company or organisation Firmly decline requests to provide information and terminate the call if you are suspicious of a caller Caller display IDs can be manipulated to disguise the origin of the call. If in doubt, call back using an independently verified number Use a different line to validate a call. Be aware that it takes two people to terminate a telephone call. The line can be kept open if the caller does not end the call, meaning that if you do attempt to call back in order to validate them, you will reach the same person Review company policy on what information staff are permitted to provide to a telephone caller, both internal and external Preventing Vishing

7 Invoice fraud happens when a company or organisation is tricked into changing bank account payee details for a sizeable payment. Criminals pose as regular suppliers to the company or organisation and will make a formal request for bank account details to be changed. The fraud is often only discovered at the point when the legitimate supplier of the product or service chases for non-payment of invoice. At that point recovery of the funds from the fraudulent account is very difficult. What is Invoice Fraud?

8 Counterfeit invoices, and any covering letters, will appear to be printed on company headed paper, but closer inspection is likely to reveal them to be copies scanned from an original document then printed onto paper using an office printer. Consequently the company logo may appear less sharp and slightly blurred. Detecting Invoice Fraud Every company or organisation is vulnerable to invoice fraud. Vigilance is key, look out for requests to: Change payee account details for a regular payment already set up with a supplier. Change the payee bank account details and make an immediate payment. Take time to consider and check: If notifications to alter bank details were expected If the supplier already has a mandate with your organisation

9 Always: Before implementing the change, verify requests to change bank details or set up new payment instructions by contacting the supplier directly, using established contact details Reconcile accounts regularly, daily if possible, to help quickly identify potential fraudulent transactions Check paper notifications and invoices carefully – is the company letterhead blurred? Is the email address different to previous correspondence? Also consider: Adopting dual control procedures for the authorisation of payments Applying limit controls to payments Regularly conducting audits across accounts Gaining an understanding of supplier timescales for non payments Preventing Invoice Fraud

10 Email fraud is being increasingly used by criminals who send emails at random, often to thousands of individual email accounts. Such emails claim to have come from reputable companies such as banks or credit card companies. What is ‘Phishing’? Emails often attempt to deceive the recipient into visiting a website where they are encouraged to update personal financial information to update or reactivate a bank account. This information is then fraudulently used by the criminals. In a variation on this type of fraud, the email content will request that the recipient completes and returns an attached form, or to open an attachment feigning to be a receipt for the attempted delivery of a parcel.

11 Be wary of emails that: Are unsolicited and supposedly come from a reputable organisation, such as a bank or credit card company Open with a vague greeting such as ‘Dear Customer’ or ‘Dear Sir/Madam’ Request personal information such as username, password or bank details Contain addresses which are different to the website of the organisation they claim to be from Detecting Phishing

12 Remember : Never open or forward emails which you suspect might be spam Never visit a website from an email link or enter your personal details Be alert to any unexpected changes on your bank’s website which involve you being asked for more information than you would normally provide Question all unusual requests for payments, changes of bank details or personal information, even if they have been sent from a recognised company Carefully check website addresses – the address for the login page on your bank’s website should always start with ‘https’ Contact your bank immediately if you think you might have visited a Phishing site and provided your account details Preventing Phishing

13 Can you define your responsibilities to your company or organisation? Do you feel changes need to be made? Is the reporting structure in place when a member of staff becomes suspicious that an attempt of Social Engineering is being made? Should it be reported to: A manager? The Finance Team? The bank? Action Fraud? Accountability and rules for good practice

14 For further advice and guidance visit www.financialfraudaction.org.uk Further advice and guidance @FFA UK Financial Fraud Action UK

Download ppt "Do you know who you’re dealing with? Social Engineering: Minimise the risk of becoming a victim."

Similar presentations

P URCHASING C ARD T RAINING FOR R EVIEWERS AND C ARDHOLDERS Presented by Blair Blankinship UBs Director of Procurement.

P URCHASING C ARD T RAINING FOR R EVIEWERS AND C ARDHOLDERS Presented by Blair Blankinship UBs Director of Procurement.
Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.

Account HIGHJACKING & IDENTITY THEFT GPCE Credit Union has prepared a slide show presentation to examine the most prevalent financial crimes at work today.
Compliance with Federal Trade Commission’s “Red Flag Rule”

Compliance with Federal Trade Commission’s “Red Flag Rule”
Operational Risks Task 13. What is CNP? CNP stands for Card Not Present and is when you order or pay for something online as you are not in front of the.

Operational Risks Task 13. What is CNP? CNP stands for Card Not Present and is when you order or pay for something online as you are not in front of the.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?

1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
David Abarca, Instructor Del Mar College Computer Corner Phishing, Pharming, Spear-Phishing, and now…. Vishing.

David Abarca, Instructor Del Mar College Computer Corner Phishing, Pharming, Spear-Phishing, and now…. Vishing.
Hurricane Katrina Avoid Falling Prey to Donation Scams - Click to Proceed - Brought to you by The Louisiana State Fire Marshal.

Hurricane Katrina Avoid Falling Prey to Donation Scams - Click to Proceed - Brought to you by The Louisiana State Fire Marshal.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.

1 What is Phishing? …listening to music by the band called Phish or perhaps …a hobby, sport or recreation involving the ocean, rivers or streams…nope.
DO YOU LOVE FISHING “PHISHING” ? OR Global Wealth Management Group MORGAN STANLEY & SMITH BARNEY A term used to describe fraudulent attempts to steal.

DO YOU LOVE FISHING “PHISHING” ? OR Global Wealth Management Group MORGAN STANLEY & SMITH BARNEY A term used to describe fraudulent attempts to steal.
The most comprehensive Oracle applications & technology content under one roof Procure to Pay Automation Bevan Wright Fusion5 NZ Oracle User Group.

The most comprehensive Oracle applications & technology content under one roof Procure to Pay Automation Bevan Wright Fusion5 NZ Oracle User Group.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
ONLINE SAFETY Online safety Money Works: Level 1 Topic 3.

ONLINE SAFETY Online safety Money Works: Level 1 Topic 3.
Chapter 4 Billing Schemes.

Chapter 4 Billing Schemes.

Similar presentations

Ads by Google