Bank-Fund Staff Federal Credit Union

Fraud Awareness Seminar

October 2011

Rich Anderson, CGEIT, CISM, CRISC, NCCO Maria Velegris, CAMS, CIRM

Information Security Officer Supervisor, Financial Intelligence Unit

Common Types of Scams and Fraud

Identity Theft

Advance Fee

Foreign Lotteries

Overpayment

ATM Skimming

Phishing

Pharming

Vishing

Spoofing

Scripting

Identity Theft vs. Identity Fraud

• Identity Fraud - when someone takes illegally- obtained personal information to use for their own financial gain.

• If someone steals your credit card and makes purchases, you have been the victim of identity fraud.

• Identity Theft - occurs when personal information is accessed by someone else without permission.

• If someone found your Social Security number on a document in your trash and applied for a new credit card in your name and used it, you have been the victim of identity theft.

2011 Javelin Research Statistics • 8.1 million Americans learned they were victims of ID theft in 2010, down from 11.1 million victims in 2009.

• ATM losses per active card went up about 13% in 2010; mail/telephone order fraud climbed nearly 28%, and signature debit card losses per card rose approximately 36%.

• Online ID fraud is overestimated and most theft occurs off-line more than 89% of all ID fraud occurs conventionally

• The most common way victims discovered identity theft was by monitoring activity in their accounts

Javelin Research continued The Federal Trade Commission estimated that in 12% of

all cases of identity theft, a family member or relative was the culprit. That means one out of every 11 cases is an inside-the-family job.

People who have used social networking for five or more years are twice as likely as those newer to these sites to suffer identity fraud.

The average out-of-pocket loss suffered by identity theft victims jumped from $387 to $631 per incident.

Identity Theft

What are the warning signs?

Precautions

Reporting (FTC)

How Identities are Compromised

43% from a lost or stolen wallet 19% theft while conducting a transaction 12% know the thief personally (friendly fraud) 11% during online activities 11% from data breaches 2% stolen paper mail 2% other/unsure

2010 Identity Compromises Debit card fraud continues to rise Change in physical address was the #1 method

of account takeover reported Most customers who have received ‘sorry we

lost your card data’ letters do not take advantage of the free credit monitoring offer (you are 8 times more likely of becoming a victim)

Advance Fee Scams

Scams that seek funds prior to receiving goods or services

Advanced Fee Scams Employment scams Fancy job titles Minimal qualifications for

employment and excellent pay

Minimal details available on the company

Lots of testimonials from “employees”

Always say they are a scam-free company

Companionship scams Watch for errors

Look for Appropriate responses

Beware of being asked for money or to cash a check

Look out for unrealistic or fake photos

Scams, continued Secret Shopper Usually hooked through

an email Promises of fast, easy

money Told to make small

purchases from WalMart, then send wire through Money Gram or Western Union and rate the service

Work From Home Envelope stuffing

scheme/ Email Processing

Chain Letter

Assembly Work At Home

Medical Billing

Multi-Level Marketing

Typing at Home

419 Scams

Foreign Lottery

Overpayment

Craig’s List

Avoid buyers who include excess funds for “shipping charges.”

Deal locally with individuals you can meet in person

Never wire funds via Western Union or use Money Gram

Never give out your financial information

ATM Skimming

In the early days of computers…

Computers were used by select university and government groups. Almost everyone knew of each other.

Then computers became affordable and much more common…To make computers easier to use, they stripped out many of the security features.

To make it easier for computers to communicate and share information, they stripped out many of the security features.

“…ishing” Phishing: Bait: Email Hook: Fake web site or fake toll free phone number Target: YOU! Smishing (SMs phISHING): Bait: Cell Phone Text Message Hook: Fake web site or fake toll free phone number Target: YOU! Vishing (Voice phISHING): Bait: Phone Call Hook: Fake toll free phone number Target: YOU!

Let’s go Phishing

Sample Phishing/Vishing Letter From: MBNA Security Department [mailto:security@mbna.com]

Sent: Friday, September 08, 2006 9:27 PM To: *Member Services Subject: Fraud Prevention Measures

Dear customer! Due to high fraud activity we constantly increasing security level both for online banking and card transactions. In order to update our records you are required to call MBNA Card Service number at 1-800-976-5713 and update information on your MBNA card. This is free of charge and would not affect any transactions with your card. Please note this is necessary to provide highest security level for all transactions with your card. Thank you. David Morones, Chief Officer, MBNA Card Service Department

Sample Vishing Message

Smishing Message #1, 17 December 2008 BFSFCU / This is an automated message from Bank-Fund Staff F.C.U. .Your ATM card has been suspended. To reactivate call urgent at 1-410-910-0787 #2, 17 December 2008 BFSFCU / This is an automated message from Bank-Fund Staff F.C.U. .Your ATM card has been suspended. To reactivate call urgent at 1-202-729-8214 #3, 5 January 2009 Notice / This is an automated message from Bank-Fund Staff F.C.U. .Your ATM card has been suspended. To reactivate call urgent at 1-888-741-6168

ZEUS! Zeusbot – Zuesbot - Zbot

Zeus is malware that can reside on your home computer, and attempts to hijack your online bank accounts. It

does this by tricking you into giving up your online banking credentials.

Zeusbot – Zuesbot - Zbot

Some Zeus Info • Might not be detected by most anti-virus software • Is usually spread by an email, asking you to “pickup an online postcard” or “click here to review your IRS information”.

• Attempts to change the code/appearance of your online banking web page, as it displays on your computer!!!

Zeusbot – Zuesbot - Zbot How does it work?

Financial Institution Web Site

Across the Internet

To your computer Displays on your monitor in the web browser

Processed on your computer

Spoofed!

Spoof continued…

Scripting…

The “drive by” installations!

Scripting Example…

The American Express Web Site…

Hijackers

First, they hold you hostage…

Then, they demand ransom…

Security on YOUR Computer… How are you connected to the Internet? –

– Firewalls: Netgear (hardware), ZoneAlarm (software) Anti-Virus Software

– Norton Anti-Virus – Symantec Anti-Virus

Anti-Spyware Software – Spybot Search & Destroy (Free!) – Adware by Lavasoft (Free!)

Updates

Safer Browsing? How to Choose the Best Web Browser 07.16.09

Safer Browsing?

Passwords

Use a Secure Password At least 8 characters in length If the web site allows it ~ Use UPPERCASE,

lowercase, numbers, and special characters (!@#$%^&*)

Do not use the same password for every web

site!

Create a Secure Password Start with a sentence ~ The Yankees are the best baseball team in the

galaxy!

Reduce it down ~

TYatbbtitg! Substitute ~

TY4tbbt1tG!

Our Online Banking

Second Factor Authentication

More Secure to Protect Your Information

Free and Easy to Use

Online Safety & Security Info

Recap Take preventative measures

– Anti-virus and Anti-spyware – “Internet spending” Credit Card – Make the effort to secure your information

Watch where you are going – Don’t trust every email or website – Don’t use your ATM card at dubious locations – Don’t trust overly helpful people

Information Precautions

Don’t keep PIN and ATM card together

Don’t keep online banking password and account number together

Don’t put outgoing payments in your mailbox

Secure all your banking information in a safe place

Shred all documents with personal information

Email Precautions Use Common Sense Filter Spam Regard Unsolicited Email with Suspicion Treat Email Attachments with Caution Install Antivirus Software and Keep it Up to Date Install a Personal Firewall and Keep it Up to

Date

If you are a victim

Close any affected accounts Change passwords on all of your online

accounts Place a fraud alert on your credit reports Contact the proper authorities Record and save everything

Where to go for Help

Contact the Credit Bureaus – Experian, 888-397-3742, or www.experian.com – Equifax, 800-525-6285, or www.equifax.com – Trans Union, 800-680-7289, or www.tuc.com

Social Security Administration

800-269-0271, or http://ssa-custhelp.ssa.gov

Where to go for Help Federal Trade Commission

– http://www.consumer.gov/idtheft – http://www.onguardonline.gov/topics/phishing.aspx – http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt27.shtm – http://www.ftc.gov/bcp/edu/microsites/idtheft

http://www.microsoft.com/protect/yourself/phishing/identify.mspx http://www.fraud.org/tips/internet/phishing.htm

Where to go for Help Member Services Questions:

memberservices@BFSFCU.org Tel: 202-212-6400 | Fax: 202-683-2380 U.S. & Canada Toll Free: 1-800-9-BFSFCU

ID Theft, Scams, Check Fraud: Security@BFSFCU.org

Phishing, Viruses, Malware: InfoSec@BFSFCU.org