1. U.S. Businesses Targeted Randy Wolverton Brian J. Koechner

2.  Payment Fraud Schemes  Involves Compromising E-Mail Accounts  Fake E-Mails from Senior Executives  Fake E-Mails from Vendors  Goal: Cause Wire Transfers from Company to Fraudsters  Also Known as Man-In-The-Middle Scams  Video Video

3.  Global Scam Stats:  Time Period: 10/01/2013 to 12/01/2014:  Combined U.S. and Non-U.S. Victims: 2126  Combined Losses: $214,972,503.30  Problem is Growing  Linked to Other Fraud Schemes: Romance; Lottery; Employment; Home/Vacation Rental Attorney Check;

4.  Compromise E-Mail account of Executive  E-Mail sent from Executive to Employee with ability to conduct wire transfers  Compromise Vendor/Supplier E-Mail  Last Minute modifications to bank account  Wired Funds often sent to Asia, and other countries

5.  Business with longstanding relationship with supplier  Asked to wire funds for invoice payment to fraudulent account  Request made via telephone, fax, or E-Mail  E-Mail contains spoofed website  Appears to mimic prior legitimate requests

6.  E-Mail accounts of high level Executives are compromised  Request for wire transfer from compromised account is made to employee(s) conducting wires  Fraudulent request is often sent to banking institution

7.  Employee’s E-mail is hacked  Contact list is obtained  Request for invoice payments to fraudster bank account are sent from this employee’s e-mail to multiple vendors  Scheme not discovered until contact is made with vendors

8.  Very Patient, Ruthless  Prior Reconnaissance of Target  Looking for Control Weaknesses  Often Use Weekends, Evenings, fake Emergency transfers  Often used when Executive is traveling and cannot be contacted

9.  Changing the E-Mail header to disguise the true source  Used to get recipients to open and respond to solicitations  Used to convince person to provide personal or financial information  Used to gain access to computer system

10.  Use Spoofed E-Mails to employees allegedly from Executive  Spoofed E-Mail from Executive describing a “Confidential Deal”  Spoofed E-Mail from Executive asking to change Vendor information  Can be used to install Malware, Key Logging  Asks Employees to click on a compromised Website (Phishing)

11.  Businesses/Personnel using open source E- Mail are targeted  Individuals handling wire transfers are targeted  Spoofed E-Mails mimic a legitimate E-Mail  Hacked E-Mails often occur with personal E- Mail account

12.  Fraudulent E-Mail requests carefully worded to appear legitimate  Phrases “code to administrative expenses” or “urgent wire transfer” are common  Amount of wire transfer is business specific – similar to normal business

13.  Fraudulent E-Mail requests coincide with business travel dates for Executives  Fraudulent IP addresses often trace back to free domain registers

14.  Avoid Free Web-Based E-Mail  Establish a company web-site domain and use it to establish company E-Mail accounts  Be careful of posts to social media and company websites  Be suspicious of requests for secrecy, or to take action immediately

15.  Consider additional IT and Financial Security  Consider 2-step verification  Arrange second-factor authentication (telephone contact)  Consider Digital Signatures on both sides of transaction  Delete Spam – unsolicited E-Mail from unknown parties

16.  Do Not Open Spam  Do Not use the “Reply” option to respond to business E-Mails. Instead, use the “Forward” option and either type the correct E-Mail address or select it from the E-Mail address book  Be aware of significant or sudden changes in business practices  Train Employees