Jon ppoint

Corporate Account Take Over

A Presentation of Federal Law Enforcement Agency Guidance

1

Information Source

Fraud Advisory for Businesses: Corporate Account Take Over

www.ic3.gov/media/2010/CorporateAccountTakeOver.pdf

2Source: FBI "Fraud Advisory for Businesses: Corporate Account Take Over” dated 10/20/10

Disclaimer

Arvest Bank does not provide computer or related advisory services, including security

recommendations.

3

Federal Fraud Advisory Contents

• The Problem: fraud description, victim selection, perpetration methods

• Protect: education; computer, network & process enhancements; responsibilities and liabilities

• Detect: account monitoring, warning signs, anti-virus software

• Respond: compromised computer handling and reporting suspicious activity



Criminals target victims by way of phishing, spear phishing or social engineering techniques.

TargetVictims

1The victims unknowingly install malware on their computers, often including key logging and screen shot capabilities.

InstallMalware

2

The malware collects and transmits data back to the criminals through a back door connection.

Collect &Transmit

Data

4

AccountTake Over

DissectingAn Attack

Dissecting an Attack

The victims visit their online banking website and logon per the standard process.Online

Banking

3

The criminals leverage the victim’s online banking credentials to initiate a funds transfer from the victim’s account.

InitiateFunds

Transfer(s)

5

Protect: Educate

• Cyber criminals try to trick victims into divulging account information

• Don’t respond to, open attachments or click on links in unsolicited email

• Be wary of anti-virus pop-up messages• When logging in, if you encounter a message

that the system is temporarily unavailable, contact your bank immediately


Protect: Computer & Network Enhancements

• Dedicate computers to online banking and accounting functions which cannot be used for email or general Web browsing

• Remove administrative privileges from computers used for online banking to reduce the risk of unauthorized software installations

• Utilize network routers and firewalls to reduce the risk of unauthorized access to your computers and network


Protect: Computer & Network Enhancements

• Change default passwords on all network devices• Install security updates to operating systems and

critical software such as Microsoft Windows, Microsoft Office, Web browsers and Adobe products

• Install, use and maintain email SPAM filters• Install, use and automatically update “always on”

real-time anti-virus, anti-spyware and desktop firewall systems


Protect: Enhance Corporate Processes

• Implement dual controls for creating and approving ACH batches and wire transfers using multiple users and computers. Please note: some systems have a “Security Administrator” function which should not be used for routine daily business

• Review and reduce ACH and wire transfer transaction limits to the lowest acceptable dollar amounts for routine transactions and temporarily raise them for exceptional transactions


Protect: Responsibilities & Liabilities

• Become familiar with your bank’s account agreement

• Be aware of your liability for fraud under the agreement and the Uniform Commercial code (UCC) in your jurisdiction


Detect: Monitoring and Awareness• Monitor or reconcile accounts at least once a day• Be on the alert for computer performance

changes such as:– Dramatic loss of speed– Changes in the way things appear– Lock-ups, shut downs or restarting– Unexpected password or token code requests– Unusual or unexpected pop-up messages, toolbars or

icons• Pay attention to anti-virus warnings and contact

your IT professional immediately


Detect: Monitoring and Awareness

• Be on the alert for rogue email:– Please note: Be wary of unsolicited email from any

source containing warnings, alerts, reports or requests for information, and containing links or attachments. Please forward suspicious email to [email protected]

– If someone says they received an email from you that you did not send, you probably have malware on your computer


Respond

• If you suspect suspicious activity, immediately:– Cease all online activity– Remove any computer that may be compromised

from the network, but leave it turned on– Make sure employees know how and to whom to

report suspicious activity– Maintain a written chronology of what happened


Respond: Contact your bank

• Contact your bank so that the following actions may be taken:

– Disable online access and change passwords– Review transactions and account access– Take other measures as needed to protect your

accounts


Summary, Questions & Comments• A continuous “cat and mouse” game is being “played” with

cyber criminals from around the world• No single preventative control or procedure can ever be

100% effective. What works today, may not work tomorrow

• As presented in the federal guidance, a “layered approach,” using more than one protective control to reduce the risk of a threat, is more effective than a single preventative control

• Please review this federal guidance with your board of directors, management & IT staff or advisors to determine what controls may be appropriate for your environment

• THANK YOU! Questions or Comments?


Documents

Jon ppoint