© 2015 Association of Certified Fraud Examiners, Inc.
Developing an Anti-Fraud Program to Defend
Against Emerging Social Engineering
Schemes
Steve Morang, CFE, CIA, CRMA
Frank, Rimerman + Co. LLP certified public accountants
4A: Developing an Anti-Fraud Program
to Defend Against Emerging Social
Engineering Schemes
Steve C. Morang, CFE, CIA, CRMA
Copyright Steve C. Morang, All rights reserved.
Frank, Rimerman + Co. LLP certified public accountants
Presentation Overview
• Introduction (5 min) • Changing Threat Landscape (5 min) • Social Engineering (15 min) • The Link to Social Media (15 min) • The Link to the Deep Web / Dark Net (10 min) • Developing a Framework (20 min) • Wrap-up / Q&A (10 min)
Frank, Rimerman + Co. LLP certified public accountants
Introduction Learning objectives in this session include:
• Gain an understanding of the links between cybercrime,
fraud, social media and the Deep Web • Prevent, detect and investigate the latest social
engineering fraud schemes • Develop a framework to address social engineering risks • Assess the risks to an organization and develop an
appropriate policy with regard to social media
Frank, Rimerman + Co. LLP certified public accountants
Where is this road heading ?
“Things are going to get interesting!” - A well known IT security Guru!
Frank, Rimerman + Co. LLP certified public accountants
“The future is already here, just not evenly distributed to everyone!” “Criminals and fraudsters have always been early adopters of technology.”
Where is this road heading ?
Frank, Rimerman + Co. LLP certified public accountants
The internet is getting an upgrade from IPv4 to IP6. It will increase by: a) 10% b) 200% c) 4,000% d) I don’t know
Answer: It will increase by a factor of 356,000,000!
First Question – Put on your thinking caps!
Frank, Rimerman + Co. LLP certified public accountants
In other words the internet infrastructure will increase from the size of:
Frank, Rimerman + Co. LLP certified public accountants
An excellent read about the future of cybercrime…..
Frank, Rimerman + Co. LLP certified public accountants
Current and Emerging Fraud Threats
Cybercrime • Has continued to increase year over year - Estimated
at $445 billion in 2014! • More frequent and larger attacks are expected for
2015 • Social Engineering Schemes such as Spear Phishing
are on the rise and pose significant new threats • The consensus approach has moved from prevention
to acceptance and proactive response
Frank, Rimerman + Co. LLP certified public accountants
What is social engineering ?
According to Wikipedia, Social Engineering: “in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.”
Frank, Rimerman + Co. LLP certified public accountants
Social Engineering
Seven Prevalent Social Engineering Scams 1. USB drive left in parking lot or lobby 2. Phishing emails 3. Spear Phishing 4. Phone calls to work or home 5. Email account hijacking 6. Physical office security breakdown 7. Microsoft Technical Support Call 8. Social Media Scam - LinkedIn
Frank, Rimerman + Co. LLP certified public accountants
Social Engineering
Social Engineering Schemes increasing and becoming more sophisticated
• State sponsored corporate espionage – IP Theft • Targeted Spear Phishing for
• Asset Misappropriation • Insider trading • IP Theft • PII Theft
Frank, Rimerman + Co. LLP certified public accountants
Social Engineering
Phishing/ Spear Phishing • Over 30 million malicious URLs • 18% of phishing email recipients click link! • Over 80% of employees are unable to detect the
most common and frequently used phishing scams • Newest trend is to monitor email communications
and then to replicate “original” senders writing style. • Domain names closely resemble companies or
vendors – for example [email protected] instead of [email protected]
Frank, Rimerman + Co. LLP certified public accountants
Social Engineering
Social Engineering Levers* 1. Reciprocation: When people are provided with
something, they tend to feel obligated and subsequently repay the favor.
2. Scarcity: People tend to comply when they believe something is in short supply.
3. Consistency: Once targets have promised to do something, they usually stick to their promises because people do not wish to appear untrustworthy or unreliable.
*3/3/2015 Computerworld.com/Intel
Frank, Rimerman + Co. LLP certified public accountants
Social Engineering
Social Engineering Levers* 4. Liking: Targets are more likely to comply when the social engineer is someone they like. 5. Authority: People tend to comply when a request comes from a figure of authority. 6. Social validation: People tend to comply when others are doing the same thing.
*3/3/2015 Computerworld.com/Intel
Frank, Rimerman + Co. LLP certified public accountants
Part 2: How is social engineering evolving with the increased presence of social media?
Frank, Rimerman + Co. LLP certified public accountants
The Evolution of Social Engineering • Advances in technology and the wide-spread adoption of
social media has created new opportunities for fraudsters
• Fraudsters are by nature early adopters of technology
and are using the rise in social media to their advantage
• Information shared on social media sites such as Facebook, LinkedIn and Twitter can be used to improve social engineering schemes
• Fraudsters are also using “hacked” online profiles as well as fictitious profiles to build connections to targets
Frank, Rimerman + Co. LLP certified public accountants
The Evolution of Social Engineering • Fraudsters are also using “hacked” online profiles as well
as fictitious profiles to build connections to targets • Over 600k FB accounts are hacked every day.
Information gathered includes passwords, names, birthdays, addresses, employer details, travel plans, access to friends etc.
• LinkedIn accounts contain important information to be used in Spear Phishing attacks including: organization, title, photograph, coworkers, email syntax, education and work history, certifications, birthdates, work anniversaries, publications, interests etc.
Frank, Rimerman + Co. LLP certified public accountants
The Evolution of Social Engineering Example 1 – Benefits Provider • Company was well-known to be growing through multiple
acquisitions of competitors • Finance and accounting staff were identifiable through
their LinkedIn profiles • CEO used twitter account to share international travel
plans • Fraudsters used “similar” domain name to impersonate
the CEO and order a URGENT wire transfer for upcoming acquisition
• Wire transfer was prepared but stopped by CFO before final approval
Frank, Rimerman + Co. LLP certified public accountants
The Evolution of Social Engineering Example 2 – Pharmaceutical Company • Key members of a clients staff were identifiable through
LinkedIn profiles • Fictitious LinkedIn profiles were used to connect to
company Management • Targeted Spear Phishing used to install malware onto
company network and gain access to email servers • Fraudsters were able to monitor confidential emails
regarding financial reporting and make illegal trades • Company suffered reputational damages as well as facing
potential litigation and fines
Frank, Rimerman + Co. LLP certified public accountants
Part 3: How is Social Engineering connected to the “Deep Web / Dark Net”?
Frank, Rimerman + Co. LLP certified public accountants
Dark Net and Deep Web Link to Social Engineering Schemes • Dark net allows fraudsters to anonymously trade
confidential information (Tor Network / Bitcoin) • Tools used for specific social engineering attacks can be
bought in the Deep Web – For example, fake LinkedIn profiles, company email register, passwords, etc.
• Information stolen from an organization whether IP, confidential or customer/vendor data will be traded on the Dark Net.
• Most common items includes credit card/debit card numbers, birthdates, social security numbers
Frank, Rimerman + Co. LLP certified public accountants
Part 4: How do I develop a framework and an appropriate policy to protect my organization against the emerging social engineering threat landscape?
Frank, Rimerman + Co. LLP certified public accountants
Developing the Framework
Changing the Organization Culture
Conducting a Fraud Risk Assessment
Development of Policies and Procedures
Implementation of Training
Monitoring and Response
Continuous Improvement
Frank, Rimerman + Co. LLP certified public accountants
Developing the Framework
Changing the Organization Culture 1. Communicate the risks to the organization at
all levels. 2. Communicate that the risk associated with
social engineering fraud 3. Strive to create a risk adverse culture within
the organization
Frank, Rimerman + Co. LLP certified public accountants
Developing the Framework
Conducting a Fraud Risk Assessment 1. Update your Fraud Risk Assessment (FRA) on a
regular basis 2. Hold FRA workshops with multi-disciplinary
teams 3. Review controls for potential Gaps 4. Consider utilizing an anonymous balloting
technology such as Resolver
Frank, Rimerman + Co. LLP certified public accountants
Developing the Framework
Development of Policies and Procedures 1. Develop policies and procedures appropriate
to your organizational culture while addressing the risks of social engineering
2. Communication and training will be the key elements of compliance with P&P
Frank, Rimerman + Co. LLP certified public accountants
Developing the Framework
Implementation of Training 1. Training should be interactive, practical and
ongoing 2. Training module should address the risks 3. Regular updates of emerging threats 4. Consider a “Help Line” function
Frank, Rimerman + Co. LLP certified public accountants
Developing the Framework
Monitoring and Response 1. Consider dedicated resources to monitor
compliance 2. Develop an action plan how to respond
Frank, Rimerman + Co. LLP certified public accountants
Developing the Framework
Continuous Improvement 1. Be prepared to adapt framework often 2. Consider future growth and needs
Frank, Rimerman + Co. LLP certified public accountants
Wrap-up / Q & A
Final Thoughts / Key take-aways
• CyberFraud and social engineering are expected to grow exponentially in the years to come
• The successful organizations are going to be the ones
who both accept this threat, and understand that it is not a question of “if” they will be attacked, but “when” they will be attacked, and will have an appropriate response already prepared.
Frank, Rimerman + Co. LLP certified public accountants
Thank you! Contact Information: Steve C. Morang, CFE CIA CRMA [email protected] www.frankrimerman.com (Cell) 415-781-9173 @sfacfe