Upload
lexuyen
View
217
Download
0
Embed Size (px)
Citation preview
Bank-Fund Staff Federal Credit Union
Fraud Awareness Seminar
October 2011
Rich Anderson, CGEIT, CISM, CRISC, NCCO Maria Velegris, CAMS, CIRM
Information Security Officer Supervisor, Financial Intelligence Unit
Common Types of Scams and Fraud
Identity Theft
Advance Fee
Foreign Lotteries
Overpayment
ATM Skimming
Phishing
Pharming
Vishing
Spoofing
Scripting
Identity Theft vs. Identity Fraud
• Identity Fraud - when someone takes illegally- obtained personal information to use for their own financial gain.
• If someone steals your credit card and makes purchases, you have been the victim of identity fraud.
• Identity Theft - occurs when personal information is accessed by someone else without permission.
• If someone found your Social Security number on a document in your trash and applied for a new credit card in your name and used it, you have been the victim of identity theft.
2011 Javelin Research Statistics • 8.1 million Americans learned they were victims of ID theft in 2010, down from 11.1 million victims in 2009.
• ATM losses per active card went up about 13% in 2010; mail/telephone order fraud climbed nearly 28%, and signature debit card losses per card rose approximately 36%.
• Online ID fraud is overestimated and most theft occurs off-line more than 89% of all ID fraud occurs conventionally
• The most common way victims discovered identity theft was by monitoring activity in their accounts
Javelin Research continued The Federal Trade Commission estimated that in 12% of
all cases of identity theft, a family member or relative was the culprit. That means one out of every 11 cases is an inside-the-family job.
People who have used social networking for five or more years are twice as likely as those newer to these sites to suffer identity fraud.
The average out-of-pocket loss suffered by identity theft victims jumped from $387 to $631 per incident.
Identity Theft
What are the warning signs?
Precautions
Reporting (FTC)
How Identities are Compromised
43% from a lost or stolen wallet 19% theft while conducting a transaction 12% know the thief personally (friendly fraud) 11% during online activities 11% from data breaches 2% stolen paper mail 2% other/unsure
2010 Identity Compromises Debit card fraud continues to rise Change in physical address was the #1 method
of account takeover reported Most customers who have received ‘sorry we
lost your card data’ letters do not take advantage of the free credit monitoring offer (you are 8 times more likely of becoming a victim)
Advance Fee Scams
Scams that seek funds prior to receiving goods or services
Advanced Fee Scams Employment scams Fancy job titles Minimal qualifications for
employment and excellent pay
Minimal details available on the company
Lots of testimonials from “employees”
Always say they are a scam-free company
Companionship scams Watch for errors
Look for Appropriate responses
Beware of being asked for money or to cash a check
Look out for unrealistic or fake photos
Scams, continued Secret Shopper Usually hooked through
an email Promises of fast, easy
money Told to make small
purchases from WalMart, then send wire through Money Gram or Western Union and rate the service
Work From Home Envelope stuffing
scheme/ Email Processing
Chain Letter
Assembly Work At Home
Medical Billing
Multi-Level Marketing
Typing at Home
419 Scams
Foreign Lottery
Overpayment
Craig’s List
Avoid buyers who include excess funds for “shipping charges.”
Deal locally with individuals you can meet in person
Never wire funds via Western Union or use Money Gram
Never give out your financial information
ATM Skimming
In the early days of computers…
Computers were used by select university and government groups. Almost everyone knew of each other.
Then computers became affordable and much more common…To make computers easier to use, they stripped out many of the security features.
To make it easier for computers to communicate and share information, they stripped out many of the security features.
“…ishing” Phishing: Bait: Email Hook: Fake web site or fake toll free phone number Target: YOU! Smishing (SMs phISHING): Bait: Cell Phone Text Message Hook: Fake web site or fake toll free phone number Target: YOU! Vishing (Voice phISHING): Bait: Phone Call Hook: Fake toll free phone number Target: YOU!
Let’s go Phishing
Sample Phishing/Vishing Letter From: MBNA Security Department [mailto:[email protected]]
Sent: Friday, September 08, 2006 9:27 PM To: *Member Services Subject: Fraud Prevention Measures
Dear customer! Due to high fraud activity we constantly increasing security level both for online banking and card transactions. In order to update our records you are required to call MBNA Card Service number at 1-800-976-5713 and update information on your MBNA card. This is free of charge and would not affect any transactions with your card. Please note this is necessary to provide highest security level for all transactions with your card. Thank you. David Morones, Chief Officer, MBNA Card Service Department
Sample Vishing Message
Smishing Message #1, 17 December 2008 BFSFCU / This is an automated message from Bank-Fund Staff F.C.U. .Your ATM card has been suspended. To reactivate call urgent at 1-410-910-0787 #2, 17 December 2008 BFSFCU / This is an automated message from Bank-Fund Staff F.C.U. .Your ATM card has been suspended. To reactivate call urgent at 1-202-729-8214 #3, 5 January 2009 Notice / This is an automated message from Bank-Fund Staff F.C.U. .Your ATM card has been suspended. To reactivate call urgent at 1-888-741-6168
ZEUS! Zeusbot – Zuesbot - Zbot
Zeus is malware that can reside on your home computer, and attempts to hijack your online bank accounts. It
does this by tricking you into giving up your online banking credentials.
Zeusbot – Zuesbot - Zbot
Some Zeus Info • Might not be detected by most anti-virus software • Is usually spread by an email, asking you to “pickup an online postcard” or “click here to review your IRS information”.
• Attempts to change the code/appearance of your online banking web page, as it displays on your computer!!!
Zeusbot – Zuesbot - Zbot How does it work?
Financial Institution Web Site
Across the Internet
To your computer Displays on your monitor in the web browser
Processed on your computer
Spoofed!
Spoof continued…
Scripting…
The “drive by” installations!
Scripting Example…
The American Express Web Site…
Hijackers
First, they hold you hostage…
Then, they demand ransom…
Security on YOUR Computer… How are you connected to the Internet? –
– Firewalls: Netgear (hardware), ZoneAlarm (software) Anti-Virus Software
– Norton Anti-Virus – Symantec Anti-Virus
Anti-Spyware Software – Spybot Search & Destroy (Free!) – Adware by Lavasoft (Free!)
Updates
Safer Browsing? How to Choose the Best Web Browser 07.16.09
Safer Browsing?
Passwords
Use a Secure Password At least 8 characters in length If the web site allows it ~ Use UPPERCASE,
lowercase, numbers, and special characters (!@#$%^&*)
Do not use the same password for every web
site!
Create a Secure Password Start with a sentence ~ The Yankees are the best baseball team in the
galaxy!
Reduce it down ~
TYatbbtitg! Substitute ~
TY4tbbt1tG!
Our Online Banking
Second Factor Authentication
More Secure to Protect Your Information
Free and Easy to Use
Online Safety & Security Info
Recap Take preventative measures
– Anti-virus and Anti-spyware – “Internet spending” Credit Card – Make the effort to secure your information
Watch where you are going – Don’t trust every email or website – Don’t use your ATM card at dubious locations – Don’t trust overly helpful people
Information Precautions
Don’t keep PIN and ATM card together
Don’t keep online banking password and account number together
Don’t put outgoing payments in your mailbox
Secure all your banking information in a safe place
Shred all documents with personal information
Email Precautions Use Common Sense Filter Spam Regard Unsolicited Email with Suspicion Treat Email Attachments with Caution Install Antivirus Software and Keep it Up to Date Install a Personal Firewall and Keep it Up to
Date
If you are a victim
Close any affected accounts Change passwords on all of your online
accounts Place a fraud alert on your credit reports Contact the proper authorities Record and save everything
Where to go for Help
Contact the Credit Bureaus – Experian, 888-397-3742, or www.experian.com – Equifax, 800-525-6285, or www.equifax.com – Trans Union, 800-680-7289, or www.tuc.com
Social Security Administration
800-269-0271, or http://ssa-custhelp.ssa.gov
Where to go for Help Federal Trade Commission
– http://www.consumer.gov/idtheft – http://www.onguardonline.gov/topics/phishing.aspx – http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt27.shtm – http://www.ftc.gov/bcp/edu/microsites/idtheft
http://www.microsoft.com/protect/yourself/phishing/identify.mspx http://www.fraud.org/tips/internet/phishing.htm
Where to go for Help Member Services Questions:
[email protected] Tel: 202-212-6400 | Fax: 202-683-2380 U.S. & Canada Toll Free: 1-800-9-BFSFCU
ID Theft, Scams, Check Fraud: [email protected]
Phishing, Viruses, Malware: [email protected]