Upload
cheryl-white
View
352
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
Corporate Account Take Over
A Presentation of Federal Law Enforcement Agency Guidance
1
Information Source
Fraud Advisory for Businesses: Corporate Account Take Over
www.ic3.gov/media/2010/CorporateAccountTakeOver.pdf
2Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10
Disclaimer
Arvest Bank does not provide computer or related advisory services, including security
recommendations.
3
Federal Fraud Advisory Contents
• The Problem: fraud description, victim selection, perpetration methods
• Protect: education; computer, network & process enhancements; responsibilities and liabilities
• Detect: account monitoring, warning signs, anti-virus software
• Respond: compromised computer handling and reporting suspicious activity
4Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10
5Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10
Criminals target victims by way of phishing, spear phishing or social engineering techniques.
TargetVictims
1The victims unknowingly install malware on their computers, often including key logging and screen shot capabilities.
InstallMalware
2
The malware collects and transmits data back to the criminals through a back door connection.
Collect &Transmit
Data
4
AccountTake Over
DissectingAn Attack
Dissecting an Attack
The victims visit their online banking website and logon per the standard process.Online
Banking
3
The criminals leverage the victim’s online banking credentials to initiate a funds transfer from the victim’s account.
InitiateFunds
Transfer(s)
5
Protect: Educate
• Cyber criminals try to trick victims into divulging account information
• Don’t respond to, open attachments or click on links in unsolicited email
• Be wary of anti-virus pop-up messages• When logging in, if you encounter a message
that the system is temporarily unavailable, contact your bank immediately
6Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10
Protect: Computer & Network Enhancements
• Dedicate computers to online banking and accounting functions which cannot be used for email or general Web browsing
• Remove administrative privileges from computers used for online banking to reduce the risk of unauthorized software installations
• Utilize network routers and firewalls to reduce the risk of unauthorized access to your computers and network
7Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10
Protect: Computer & Network Enhancements
• Change default passwords on all network devices• Install security updates to operating systems and
critical software such as Microsoft Windows, Microsoft Office, Web browsers and Adobe products
• Install, use and maintain email SPAM filters• Install, use and automatically update “always on”
real-time anti-virus, anti-spyware and desktop firewall systems
8Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10
Protect: Enhance Corporate Processes
• Implement dual controls for creating and approving ACH batches and wire transfers using multiple users and computers. Please note: some systems have a “Security Administrator” function which should not be used for routine daily business
• Review and reduce ACH and wire transfer transaction limits to the lowest acceptable dollar amounts for routine transactions and temporarily raise them for exceptional transactions
9Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10
Protect: Responsibilities & Liabilities
• Become familiar with your bank’s account agreement
• Be aware of your liability for fraud under the agreement and the Uniform Commercial code (UCC) in your jurisdiction
10Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10
Detect: Monitoring and Awareness• Monitor or reconcile accounts at least once a day• Be on the alert for computer performance
changes such as:– Dramatic loss of speed– Changes in the way things appear– Lock-ups, shut downs or restarting– Unexpected password or token code requests– Unusual or unexpected pop-up messages, toolbars or
icons• Pay attention to anti-virus warnings and contact
your IT professional immediately
11Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10
Detect: Monitoring and Awareness
• Be on the alert for rogue email:– Please note: Be wary of unsolicited email from any
source containing warnings, alerts, reports or requests for information, and containing links or attachments. Please forward suspicious email to [email protected]
– If someone says they received an email from you that you did not send, you probably have malware on your computer
12Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10
Respond
• If you suspect suspicious activity, immediately:– Cease all online activity– Remove any computer that may be compromised
from the network, but leave it turned on– Make sure employees know how and to whom to
report suspicious activity– Maintain a written chronology of what happened
13Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10
Respond: Contact your bank
• Contact your bank so that the following actions may be taken:
– Disable online access and change passwords– Review transactions and account access– Take other measures as needed to protect your
accounts
14Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10
Summary, Questions & Comments• A continuous “cat and mouse” game is being “played” with
cyber criminals from around the world• No single preventative control or procedure can ever be
100% effective. What works today, may not work tomorrow
• As presented in the federal guidance, a “layered approach,” using more than one protective control to reduce the risk of a threat, is more effective than a single preventative control
• Please review this federal guidance with your board of directors, management & IT staff or advisors to determine what controls may be appropriate for your environment
• THANK YOU! Questions or Comments?
15Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10