Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business Compromise and Cyber Threat

Published byEsther Foster Modified over 5 years ago

Similar presentations

Presentation on theme: "Business Compromise and Cyber Threat"— Presentation transcript:

1

2 Business Email Compromise and Cyber Threat
By: Mohammed Dabbour, SVP and Director of Group Regulatory Compliance, Arab Bank Date: 29 November 2018

3 Introduction Technology – a window of opportunity! BEC vs. EAC.
Methods for conducting BEC / EAC. What to do! When becoming a victim. What to expect from your financial institution. Conclusion.

4 Business Email Compromise Vs. Email Account Compromise
Business Compromise (BEC): target financial institutions’ corporate customers; criminals seek to access unlawfully the accounts of a company’s executives or employees to; Directly submit fraudulent transaction instructions to the company’s FI by impersonating the company employees through s and documentation related to the requested transfer; or Mislead a company employee into submitting fraudulent transaction instructions to the company’s FI by impersonating a supplier OR a company executive to authorize or order payment through seemingly legitimate internal s. Account Compromise (EAC): target individuals instead of businesses; individuals who conduct large transactions through FIs, lending entities, real estate companies, and law firms are the most likely target.

5 Business Email Compromise Vs. Email Account Compromise Key Scenarios
Business Compromise (BEC): Impersonating a financial institution corporate customer prompting the financial institution to execute an unauthorized fund transfer. Impersonating an executive to mislead a company employee into unintentionally authorizing a fraudulent fund transfer to a criminal controlled account. Impersonating a supplier provided fraudulent payment information to mislead a company into unintentionally directing a fund transfer to a criminal controlled account. Impersonating an executive to obtain personally identifiable information from a key employee in human resources or payroll / chief financial officer / (e.g. tax number, social security number, address, salaries, etc.) OR impersonating a financial institution to obtain PII (name, account number, credit card number, etc.).

6 Business Email Compromise Vs. Email Account Compromise Key Scenarios
Account Compromise (EAC): Lending / Brokerage Services: hacking and using the financial service professional (e.g. broker or accountant) account to fraudulent instructions, allegedly on behalf of a client, to the client’s bank or brokerage to initiate funds transfer from the clients account to an account controlled by a criminal. Real Estate Services: hacking the account of a real estate agent or the individual purchasing / selling the real estate to alter the payment instructions OR contact an escrow company using the real estate agent compromised to instruct it to redirect commission proceeds to an account controlled by the criminal. Legal Services: hacking an attorney’s account to access client information and related transactions, then ing fraudulent transaction payment instructions to the attorney’s FI, OR compromising a client’s account to request a fund transfer from the trust and escrow accounts that the client’s attorney manages.

7 How – methods of conducting BAC / EAC
Phishing – using deceptive s and websites to harvest credentials, personally identifiable information, banking and credit card details. Social Engineering – using deceptive methods that rely on human interaction and often involve tricking individuals into breaking normal security procedures to divulge confidential or personal information. Spoofing – sending deceptive that appears to have originated from a trusted source. Malware or links – malicious software / link that is unknowingly installed on a business’s computer system / smartphone to steal sensitive information, alter or hijack a computer system / phone, or plant ransomware.

8 Who – is being targeted It is still vague to learn / know how criminals select there victims! However, Criminals often monitor and study victims before initiating a BEC / EAC scam, learning the parties and protocols necessary to perform fund transfer request. Some victims reported receiving s requesting additional details on themselves or their companies (e.g. name, travel dates, account number, etc.). Some victims reported that they have experienced a cyber intrusion immediately before a BEC / EAC incident.

9 What – to do when you are becoming a victim?
Among other obligations; Contact your financial institution immediately and report the incident; instruct your financial institution to freeze the account / financial instrument. Change your account password. Report the incident immediately to the local competent authorities (e.g. law enforcement authorities) – obtain copy of the report. Seek legal advice (e.g. whether you should file a complaint in the country of funds destination, etc.). Inform your supplier with the incident (use different communication method). Follow up with your financial institution to try to recover the funds. Be prepared to sign an Indemnity Letter!

10 What – to expect from your financial institution
Among other obligations; Freeze / block your account or the financial instruments (e.g. plastic card). List the criminal controlled account on its blacklists. Communicate immediately with the beneficiary financial institution / bank and/or the correspondent bank to cancel and recover the fund transfer. Inform the beneficiary financial institution / bank that the beneficiary account is suspected for fraudulent activities – this will depend on the local regulations. Submit reports to the competent authorities.

11 Who – pays when a BEC / EAC hits?
Depends on the country’s legal system; however, likely depends on who’s system was compromised and what safeguards were in place to prevent the scam.

12 Conclusion Continuous awareness, training, and educations to your staff, customers, clients, etc. Financial Crime Risk based review of the products / services / processes. Timely update, circulation, and sharing of new red flags and scenarios. Continuous tuning to the early warning systems and tools. Invest in the Internal IT Controls Framework and Operational Internal Controls (e.g. encryption, out of band communications, SMS, anti spam, vulnerabilities testing, etc.). Consider other alternatives to s-based financial transactions (e.g. trade finance instruments, electronic banking solutions, blockchain, Fintech solutions, etc.).

13 Thank You

Download ppt "Business Compromise and Cyber Threat"

Similar presentations

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Internet Fraud By: Noelle Woodman.

Internet Fraud By: Noelle Woodman.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent emails.

Commercial eSecurity Training and Awareness. Common Online Threats Most electronic fraud falls into one of three categories:  PHISHING – Fraudulent s.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Cyber Crimes.

Cyber Crimes.
FRAUD, ONE OF THE FASTEST GROWING SEGMENTS OF OUR INDUSTRY Joseph Bajic, Chief Compliance Officer and Vice-President, Compliance.

FRAUD, ONE OF THE FASTEST GROWING SEGMENTS OF OUR INDUSTRY Joseph Bajic, Chief Compliance Officer and Vice-President, Compliance.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
Professional Values and Basic Business Legislation.

Professional Values and Basic Business Legislation.
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.
Fraudsters’ Accounts Malek Costa, CPA Head of Group Compliance BLOM Bank sal.

Fraudsters’ Accounts Malek Costa, CPA Head of Group Compliance BLOM Bank sal.
Friday, October 23, 2015. Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.

Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
Internet Security. 2 Computers on the Internet are almost constantly bombarded with viruses, other malware and other threats.

Internet Security. 2 Computers on the Internet are almost constantly bombarded with viruses, other malware and other threats.
U.S. Businesses Targeted Randy Wolverton Brian J. Koechner.

U.S. Businesses Targeted Randy Wolverton Brian J. Koechner.
Proprietary and Confidential Don’t be the Next Cyber Crime Statistic C. Kevin deBrucky, Vice President PINACLE ® Security Manager.

Proprietary and Confidential Don’t be the Next Cyber Crime Statistic C. Kevin deBrucky, Vice President PINACLE ® Security Manager.

Similar presentations

Ads by Google