View
223
Download
4
Category
Tags:
Preview:
Citation preview
Current Fraud TrendsKathy Druckenmiller, CFCI, CIRM, ACT SpecialistApril 29, 2014
4/29/2014
PhishingVishingSmishingHijacked EmailSocial MediaSweetheart ScamsOnline Job Scams
Social Engineering
4/29/2014
Phishing
Using electronic communication to manipulate someone into giving private information
Social Engineering
Phishing
Using electronic communication to manipulate someone into giving private information
4/29/2014
4
Vishing
Utilizing VOIP or traditional telephone lines to trick someone into giving confidential information
Social Engineering
4/29/2014
5
Smishing
Using SMS test messages to obtain sensitive data
Social Engineering
4/29/2014
6
Hijacked Email
Taking over a personal email account and masquerading as the customer
Social Engineering
Hijacked
4/29/2014
7
Social Media
Using social media as resource to obtain your identity or commit fraud against you
Social Engineering
4/29/2014
8
Sweetheart Scams
Fraudsters trolling online dating websites and social media sites, looking for partners that will ultimately send their own funds to the fraudster or will be used to launder stolen funds through their personal accounts
Social Engineering
4/29/2014
9
Online Job Applications
Phony job postings placed on legitimate employment websites that trick applicants into becoming money mules for stolen funds
Social Engineering
4/29/2014
10
Mitigation for Social Engineering Fraud?
Education for Customers – to avoid involvement in scams
Education for Employees – to recognize the signs of transactions that may be the result of social engineering
Social Engineering
4/29/2014
? Amazing mind reader reveals his 'gift' - YouTube.website
11
Current Debit and Credit Card Fraud
Counterfeit “Skimmed” Debit and Credit Cards
Data Breaches
Cybercrime
4/29/2014
12
Counterfeit/Skimmed Cards
SkimmerClone Magnetic stripe dataCapture CVV and CVD codesData can be transferred to card stock or “white
plastic”
Skimming Equipment:Handheld skimmerAlternate skimmers Skimming device placed over legitimate card reader
4/29/2014
13
Skimming Equipment
Handheld Skimmer
Requires human assistance
Requires card to be out of site of customer
Targets restaurant patrons
Information re-encoded onto plastic or sold on internet “carder” sites
4/29/2014
14
Skimming Equipment
Handheld Skimmer
4/29/2014
15
Skimming Equipment
Alternate Skimmers
4/29/2014
16
Skimmed Cards
Reader placed directly over legitimate card reader:
Does not requires human assistance
Does not require card to be out of site of customer
Targets: ATM machines, Gas pumps and readers that are remote and can be tampered with without witnesses.
Information re-encoded onto plastic or sold on internet “carder” sites
4/29/2014
17
ATM Skimming Equipment
ATM Skimmer Examples
4/29/2014
18
ATM Skimming Equipment
ATM Skimmer Examples
4/29/2014
19
EMV (Europay, MasterCard and Visa)
Chip and PIN technology
Fraud liability shift to POS merchants -October 2015, ATMs - October 2016 and Gas Pumps - October 2017
EMV will not affect Data Breaches
4/29/2014
20
EMV (Europay, MasterCard and Visa)
EMV Chip and PIN reader
4/29/2014
21
Data Breaches
Data Breaches
Malware that targets corporate servers
Operation can be completely remote
Mass amounts of data at once
Information sold on internet “carder” sites
EMV removes the magnetic stripe, compromised data cannot be re-encoded onto card
4/29/2014
QUESTIONS ?
4/29/2014
Recommended