Preventing, Insuring, and Surviving Fund Transfer Fraud... and Other Cyber Attacks

Size: px
Start display at page:

Download "Preventing, Insuring, and Surviving Fund Transfer Fraud... and Other Cyber Attacks"

Transcription

1 Preventing, Insuring, and Surviving Fund Transfer Fraud... and Other Cyber Attacks Nick Merker, CISSP, CIPT Stephen Reynolds, CISSP, CIPP/US Nick Reuhs Attorneys at Ice Miller LLP IceonFire

2 Fund Transfer Fraud What is It? IceonFire

3 What is at Risk? IceonFire

4 How Much is at Risk? The following BEC statistics were reported to the Internet Crime Complaint Center from October 2013 to August 2015: Total U.S. Victims: 7,066 Total U.S. exposed dollar loss: $747,659, Total Victims: 8,179 Total Exposed dollar loss: $798,897, These totals, combined with those identified by international law enforcement agencies during this same time period, bring the BEC exposed loss to over $1.2 billion. Source: Internet Crime Complaint Center (IC3), Alert Number I a-PSA IceonFire

5 Fund Transfer Fraud Threat Vectors IceonFire

6 Business Compromise Source: Internet Crime Complaint Center (IC3) IceonFire

7 Business Compromise Business Compromise (BEC) is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. Source: Internet Crime Complaint Center (IC3), Alert Number I a-PSA IceonFire

8 Fund Transfer Fraud Basic Example IceonFire

9 Spear Phishing Basic Example IceonFire

10 Spear Phishing Basic Example IceonFire

11 Spear Phishing Basic Example examp1e.com IceonFire

12 What Else Does It Look Like? IceonFire

13 Spear Phishing Basic Example IceonFire

14 Fund Transfer Fraud Threat Vectors Vishing SMSishing IceonFire

15 Funds Transfer Fraud Liability Uniform Commercial Code Article 4A Liability falls to customer if the bank has adopted a commercially reasonable security procedure, and the bank has followed that procedure in good faith. IceonFire

16 Funds Transfer Fraud Liability What constitutes commercially reasonable? Some courts have looked to industry standards and industry white papers (i.e. Federal Financial Institutions Examination Council Authentication in an Internet Banking Environment) IceonFire

17 How to Prevent? Security Awareness Inform employees of fund transfer fraud. Avoid presentation style training Identify risk to company with examples Attack your own employees. Third party services Carrot or stick approach IceonFire

18 How to Prevent? Other Suggestions For Protection Implement banking safeguards. Use a SPAM gateway that flags s with extensions that are similar to company . For example, legitimate of icemiller.com would flag fraudulent of icemilller.com. Establish internal processes that require separation of duties (initiation of transfer vs. execution). IceonFire

19 Account Compromise and Ransomeware Stephen Reynolds, CISSP, CIPP/US Attorney at Ice Miller LLP IceonFire

20 Account Compromise Source: Internet Crime Complaint Center (IC3) IceonFire

21 Account Compromise Account Compromise (EAC) is a sophisticated scam that targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms. The EAC scam is very similar to the Business Compromise (BEC) scam, except that it targets individuals rather than businesses. In EAC scams, criminal actors use social engineering or computer intrusion techniques to compromise the accounts of unsuspecting victims. In many cases, a criminal actor first gains access to a victim s legitimate address for reconnaissance purposes. The criminal actor then creates a spoofed account that closely resembles the legitimate account, but is slightly altered by adding, changing, or deleting a character. The spoofed address is designed to mimic the legitimate in a way that is not readily apparent to the targeted individual. The criminal actor then uses either the victim s legitimate or the spoofed address to initiate unauthorized wire transfers. Source: Internet Crime Complaint Center (IC3), Alert Number I b-PSA IceonFire

22 What Does It Look Like? Financial/Brokerage Services An individual s account is compromised by a criminal actor. The criminal actor, who is posing as the victim, sends an to the victim s financial institution or brokerage firm requesting a wire transfer to a person or account under the control of the criminal actor. An accounting firm s account is compromised and used to request a wire transfer from a client s bank, supposedly on behalf of the client. Source: Internet Crime Complaint Center (IC3), Alert Number I b-PSA IceonFire

23 What Does It Look Like? Real Estate A seller s or buyer s account is compromised through an EAC scam. The criminal actor intercepts transactions between the two parties and alters the instructions for the transfer of funds. A realtor s address is used to contact an escrow company to redirect commission proceeds to a bank account associated with the criminal actor. A realtor receives a link within an from an unknown person who is requesting information related to property. When the realtor clicks on the link, the criminal actor is able to access the realtor s account. The intrusion exposes client information, which the criminal actor then uses to the clients and attempt to change wire instructions for loan processing proceeds. Source: Internet Crime Complaint Center (IC3), Alert Number I b-PSA IceonFire

24 What Does It Look Like? Legal A criminal actor compromises an attorney s account, which results in the exposure of client bank account numbers, addresses, signatures, and confidential information related to pending legal transactions. The attorney s compromised account is used to send overlaid wire instructions to a client. A criminal actor compromises a client s account and uses it to request wire transfers from trust fund and escrow accounts managed by the firm. Source: Internet Crime Complaint Center (IC3), Alert Number I b-PSA IceonFire

25 What Does It Look Like? IceonFire

26 How to Prevent? Train Employees to: Not open messages or attachments from unknown individuals. Be cautious of clicking links within s from unknown individuals. Be aware of small changes in addresses that mimic legitimate addresses. Question any changes to wire transfer instructions by contacting the associated parties through a known avenue. Know your customers. IceonFire

27 How Else to Prevent? Train Employees to: Look for poor use of the English language in s such as incorrect grammar, capitalization, and tenses. Roll your cursor over the links received via and look for inconsistencies. If it is not the website the claims to be directing you to then the link is to a fraudulent site. Never provide credentials of any sort via . This includes after clicking on links sent via . Always go to an official website rather than from a link sent to you via . Source: Internet Crime Complaint Center (IC3), Alert No. I b-PSA IceonFire

28 Related Cyber Attacks IceonFire

29 Ransomware Source: Internet Crime Complaint Center (IC3)

30 Ransomware Ransomware is a type of malware that restricts access to a computer system that it infects in some way, and demands that the user pay a ransom to the operators of the malware to remove the restriction. The attackers demand payment of a ransom ranging from $100 to $300 to decrypt the files. Source: Wikipedia; Internet Crime Complaint Center (IC3), Alert Dated Oct. 28, 2013

31 Ransomware Source: McAfee Labs, Threats Report, August 2015

32 What Does It Look Like?

33 What Does It Look Like?

34 How to Prevent? Suggestions For Protection Do not open messages or attachments from unknown individuals. Be cautious of clicking links within s from unknown individuals. Implement technical safeguards.

35 What Do We Do? Mitigation and Risk Transfer Nick Reuhs Attorney at Ice Miller LLP

36 Mitigation and Risk Transfer

37 Mitigation

38 Mitigation

39 Mitigation

40 Risk Transfer

41 Insurance

42 Data Breach Insurance

43 Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

44 Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

45 Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

46 Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

47 Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

48 Basic Cyber or Tech Insurance Third-Party Tech E&O First-Party Security Crime Data Restoration Interruption Fraud & FTF Extortion

49 Basic Cyber or Tech Insurance Third-Party Tech E&O First-Party Security Crime Data Restoration Interruption Fraud & FTF Extortion

50 Basic Cyber or Tech Insurance Third-Party Tech E&O First-Party Security Crime Data Restoration Interruption Fraud & FTF Extortion

51 Basic Cyber or Tech Insurance Third-Party Tech E&O First-Party Security Crime Data Restoration Interruption Fraud & FTF Extortion

52 Basic Cyber or Tech Insurance Third-Party Tech E&O First-Party Security Crime Data Restoration Interruption Fraud & FTF Extortion

53 Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

54 Basic Cyber or Tech Insurance Third-Party Tech E&O First-Party THINK IN TERMS OF LOSS NOT CAUSE Data Security Breach Data Restoration Crime Interruption Fraud & FTF Extortion

55 Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

56 Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

57 Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

58 Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

59 Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion Social Engineering

60 Mitigation and Risk Transfer EFFECTIVE RISK TRANSFER = MEANINGFULLY READ YOUR POLICY

61 Questions

62 Thank You Stephen Reynolds, CISSP, Nick Reuhs Nick Follow Us on

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

Who s Doing the Hacking?

Who s Doing the Hacking? Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from

More information

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference

Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference Cybercrime and Identity Theft: Awareness and Protection 2015 HLC Conference Christopher T. Van Marter Senior Deputy Prosecuting Attorney Chief White Collar Crime Unit Department of the Prosecuting Attorney

More information

Information Security Field Guide to Identifying Phishing and Scams

Information Security Field Guide to Identifying Phishing and Scams Information Security Field Guide to Identifying Phishing and Scams 010001010100101010001010011010101010101010101 01000101010011010010100101001010 1 Contents Introduction Phishing Spear Phishing Scams Reporting

More information

Collateral Effects of Cyberwar

Collateral Effects of Cyberwar Your texte here. Collateral Effects of Cyberwar by Ilia Kolochenko for Geneva Information Security Day 9 th of October 2015 Quick Facts and Numbers About Cybersecurity In 2014 the annual cost of global

More information

Business Email Compromise Scam

Business Email Compromise Scam Business Email Compromise Scam The FBI has issued a warning about a significant spike in victims and dollar losses stemming from an increasingly common scam in which crooks spoof communications from executives

More information

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table

More information

OCIE Technology Controls Program

OCIE Technology Controls Program OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview

More information

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May 2014. TrustInAds.org. Keeping people safe from bad online ads

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May 2014. TrustInAds.org. Keeping people safe from bad online ads Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams May 2014 TrustInAds.org Keeping people safe from bad online ads OVERVIEW Today, even the most tech savvy individuals can find themselves

More information

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,

More information

Don t Fall Victim to Cybercrime:

Don t Fall Victim to Cybercrime: Don t Fall Victim to Cybercrime: Best Practices to Safeguard Your Business Agenda Cybercrime Overview Corporate Account Takeover Computer Hacking, Phishing, Malware Breach Statistics Internet Security

More information

Best Practices Guide to Electronic Banking

Best Practices Guide to Electronic Banking Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

The SMB Cyber Security Survival Guide

The SMB Cyber Security Survival Guide The SMB Cyber Security Survival Guide Stephen Cobb, CISSP Security Evangelist The challenge A data security breach can put a business out of business or create serious unbudgeted costs To survive in today

More information

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 Cybersecurity: A Growing Concern for All Businesses RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 RLI Design Professionals is a Registered Provider with The American

More information

Safeguard your business against fraud.

Safeguard your business against fraud. Safeguard your business against fraud. 1 Corporate fraud What is in this document? 1 Corporate fraud 3 What is in this document? How to use this document? 2 Social Engineering or CEO fraud 4 What is it?

More information

Payment Fraud and Risk Management

Payment Fraud and Risk Management Payment Fraud and Risk Management Act Today! 1. Help protect your computer against viruses and spyware by using anti-virus and anti-spyware software and automatic updates. Scan your computer regularly

More information

Visa CREDIT Card General Guidelines

Visa CREDIT Card General Guidelines Visa CREDIT Card General Guidelines General Account Information Phone Numbers and Addresses It is very important to keep us up-to-date with your correct address and phone number. Card reissues/replacements

More information

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

More information

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have

More information

Remote Deposit Quick Start Guide

Remote Deposit Quick Start Guide Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you

More information

Protecting your business from fraud

Protecting your business from fraud Protecting your business from fraud KEY TAKEAWAYS > Understand the most common types of fraud and how to identify them. > What to do if you uncover fraudulent activity or suspect you are a victim of fraud.

More information

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014

Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA

More information

Online Cash Manager Security Guide

Online Cash Manager Security Guide Online Cash Manager Security Guide You re the One who can protect your business from the threat of a Corporate Account Takeover. 102 South Clinton Street Iowa City, IA 52240 1-800-247-4418 Version 1.0

More information

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information

Questions You Should be Asking NOW to Protect Your Business!

Questions You Should be Asking NOW to Protect Your Business! Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional

More information

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank Fraud Detection and Prevention Timothy P. Minahan Vice President Government Banking TD Bank Prevention vs. Detection Prevention controls are designed to keep fraud from occurring Detection controls are

More information

How To Help Protect Yourself From Identity Theft

How To Help Protect Yourself From Identity Theft How To Help Protect Yourself From Identity Theft January 20, 2015 Bryan Strong Senior Vice President and Director Information Security This complimentary interactive webinar is sponsored by Zions Bank

More information

Cybersecurity Awareness. Part 1

Cybersecurity Awareness. Part 1 Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat

More information

Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements

Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements 9 April 2013 Facilitator: Dr. Sheau-Dong Lang, Coordinator Master of Science in Digital Forensics University

More information

Cybersecurity and Privacy 2015: Presentation to Institute of International Bankers

Cybersecurity and Privacy 2015: Presentation to Institute of International Bankers Cybersecurity and Privacy 2015: Presentation to Institute of International Bankers Sue Ross Senior Counsel Norton Rose Fulbright US LLP October 27, 2015 Speaker Sue Ross Senior Counsel Norton Rose Fulbright

More information

How To Protect Your Online Banking From Fraud

How To Protect Your Online Banking From Fraud DETECT MONITORING SERVICES AND DETECT SAFE BROWSING: Empowering Tools to Prevent Account Takeovers SUMMARY The Federal Financial Institutions Examination Council (FFIEC) is planning to update online transaction

More information

Cybersecurity Risks, Regulation, Remorse, and Ruin

Cybersecurity Risks, Regulation, Remorse, and Ruin Financial Planning Association of Michigan 2014 Fall Symposium Cybersecurity Risks, Regulation, Remorse, and Ruin Shane B. Hansen shansen@wnj.com (616) 752-2145 October 23, 2014 Copyright 2014 Warner Norcross

More information

Cybersecurity for the C-Level

Cybersecurity for the C-Level Cybersecurity for the C-Level Director Glossary of Defined Cybersecurity Terms A Active Attack An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources,

More information

CKAHU Symposium Cyber-Security

CKAHU Symposium Cyber-Security CKAHU Symposium Cyber-Security Scott Logan Technical Director of Security Position: Technical Director of Security Employment: NetGain Technologies (6+ years) NetGain is a Regional partner with 7 locations

More information

Common Data Breach Threats Facing Financial Institutions

Common Data Breach Threats Facing Financial Institutions Last Updated: February 25, 2015 Common Data Breach Threats Facing Financial s Although exact figures are elusive, there is no question that the number of data security breaches both reported and unreported

More information

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training

The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training The Security Rule of The Health Insurance Portability and Accountability Act (HIPAA) Security Training Introduction The HIPAA Security Rule specifically requires training of all members of the workforce.

More information

Cyber Threats Views from the FBI. Special Agent Keith Custer Federal Bureau of Investigation Baltimore Division

Cyber Threats Views from the FBI. Special Agent Keith Custer Federal Bureau of Investigation Baltimore Division Cyber Threats Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation Baltimore Division Overview Cyber Threat Overview Cyber-enabled Fraud Types of Cyber-enabled Fraud Business Email

More information

WHITE PAPER. The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks

WHITE PAPER. The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks WHITE PAPER The Cost of Phishing: Understanding the True Cost Dynamics Behind Phishing Attacks A Cyveillance Report October 2008 EXECUTIVE SUMMARY How much do phishing attacks really cost organizations?

More information

CYBERSECURITY HOT TOPICS

CYBERSECURITY HOT TOPICS 1 CYBERSECURITY HOT TOPICS Secure Banking Solutions 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance CISSP, CISA, CRISC www.protectmybank.com

More information

Cybersecurity Workshop

Cybersecurity Workshop Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153

More information

Advanced Security Methods for efraud and Messaging

Advanced Security Methods for efraud and Messaging Advanced Security Methods for efraud and Messaging Company Overview Offices: New York, Singapore, London, Tokyo & Sydney Specialization: Leader in the Messaging Intelligence space Market focus: Enterprise,

More information

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud

Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud Glenn Gizzi Senior Stakeholder Liaison Marc Standig Enrolled Agent What is tax-related identity theft? Tax-related identity

More information

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP 2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,

More information

CAPITAL PERSPECTIVES DECEMBER 2012

CAPITAL PERSPECTIVES DECEMBER 2012 CAPITAL PERSPECTIVES DECEMBER 2012 MITIGATING PAYMENT FRAUD RISK: IT S A WAR ON TWO FRONTS Payment fraud continues to be one of the biggest risk management challenges facing corporate treasury managers

More information

EMERGING TRENDS IN FRAUD: CRIMINALS HAVE FOUND THE WEAKEST LINK

EMERGING TRENDS IN FRAUD: CRIMINALS HAVE FOUND THE WEAKEST LINK EMERGING TRENDS IN FRAUD: CRIMINALS HAVE FOUND THE WEAKEST LINK Fraud Investigations Division: Global Security & Investigations Ed Cook Executive Director Regional Investigations Objectives: Provide a

More information

September 20, 2013 Senior IT Examiner Gene Lilienthal

September 20, 2013 Senior IT Examiner Gene Lilienthal Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank

More information

Is There Such a Thing as Internet Privacy?

Is There Such a Thing as Internet Privacy? Is There Such a Thing as Internet Privacy? April 13, 2015 Danielle Graff & Kristél Kriel Western Canada s Law Firm Click Agenda to edit Master title style What is Internet Privacy? Why does it matter?

More information

OIG Fraud Alert Phishing

OIG Fraud Alert Phishing U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION Washington, D.C. 20507 Office of Inspector General Aletha L. Brown Inspector General July 22, 2005 OIG Fraud Alert Phishing What is Phishing? Phishing is a

More information

Presentation Objectives

Presentation Objectives Gerry Cochran, IT Specialist Jennifer Van Tassel, Associate Examiner Office of the State Comptroller Thomas P. DiNapoli State & Local Government Accountability Andrew A. SanFilippo Executive Deputy Comptroller

More information

Perspectives on Cybersecurity in Healthcare June 2015

Perspectives on Cybersecurity in Healthcare June 2015 SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright

More information

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering

More information

How to Identify Phishing E-Mails

How to Identify Phishing E-Mails How to Identify Phishing E-Mails How to recognize fraudulent emails and avoid being phished. Presented by : Miguel Fra, Falcon IT Services (miguel@falconitservices.com) http://www.falconitservices.com

More information

DATA BREACH COVERAGE

DATA BREACH COVERAGE THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000

More information

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA IT TRENDS AND FUTURE CONSIDERATIONS Paul Rainbow CPA, CISA, CIA, CISSP, CTGA AGENDA BYOD Cloud Computing PCI Fraud Internet Banking Questions The Mobile Explosion Mobile traffic data in 2011 was nearly

More information

Protect Your Personal Information. Tips and tools to help safeguard you against identity theft

Protect Your Personal Information. Tips and tools to help safeguard you against identity theft Protect Your Personal Information Tips and tools to help safeguard you against identity theft Trademark of Visa International Service Association; Visa Canada Association is a licensed user. What is Identity

More information

location of optional horizontal pic Corporate and Investment Banking Business Online Information Security

location of optional horizontal pic Corporate and Investment Banking Business Online Information Security location of optional horizontal pic Corporate and Investment Banking Business Online Information Security Business Online Information Security Risk reduction: Ensuring your sensitive information is secure

More information

DISCLAIMER AND NOTICES

DISCLAIMER AND NOTICES DISCLAIMER AND NOTICES The opinions expressed in this presentation are those of the author and presenter alone. They do not represent the views of any other entity. Nothing in this presentation should

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

Simplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls

Simplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls Simplifying Security & Compliance Innovating IT Managed Services Data Security Threat Landscape and IT General Controls Audit Standards and IT General Controls General IT controls discussed in AUC Section

More information

FACT SHEET: Ransomware and HIPAA

FACT SHEET: Ransomware and HIPAA FACT SHEET: Ransomware and HIPAA A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000

More information

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015

Cybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015 Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated

More information

ecommercial SAT ecommercial Security Awareness Training Version 3.0

ecommercial SAT ecommercial Security Awareness Training Version 3.0 ecommercial SAT ecommercial Security Awareness Training Version 3.0 Welcome The goal of this training course is to provide you with the information needed to assist in keeping your online banking account

More information

FBI: Taking down Botnets - Testimony

FBI: Taking down Botnets - Testimony FBI: Taking down Botnets - Testimony Joseph Demarest Assistant Director, Cyber Division Federal Bureau of Investigation Statement Before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism

More information

current and previous addresses name/ssn Medical Insurance info UNCLASSIFIED credit info family info phone & fax #

current and previous addresses name/ssn Medical Insurance info UNCLASSIFIED credit info family info phone & fax # Personal Identifiable Information current and previous addresses name/ssn credit info family info Medical Insurance info professional & personal relationships email address phone & fax # 1 Implications

More information

Social Media and Cyber Safety

Social Media and Cyber Safety Social Media and Cyber Safety Presented to the National Association of REALTORS by Andrew Wooten Safety and Security Consultant andrew@justbesafe.com Social Media and Cyber Safety Our instructor today

More information

WHEREAS the Federal Trade Commission regulations include utility companies in the definition of creditor;

WHEREAS the Federal Trade Commission regulations include utility companies in the definition of creditor; CITY OF STATE OF GEORGIA ORDINANCE NO: AN ORDINANCE TO AMEND THE CODE OF ORDINANCES, CITY OF, GEORGIA TO PROVIDE A NEW ARTICLE, IDENTITY THEFT PREVENTION PROGRAM; TO COMPLY WITH FEDERAL REGULATIONS RELATING

More information

Avoid completing forms in email messages that ask for personal financial information.

Avoid completing forms in email messages that ask for personal financial information. INTERNET FRAUD Online scams and viruses are constantly evolving and they threaten the security of computers worldwide. As criminals evolve their tactics, you need to keep your PC's security software (virus

More information

SPEAR-PHISHING ATTACKS

SPEAR-PHISHING ATTACKS SPEAR-PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM WHITE PAPER RECENTLY, THERE HAS BEEN A RAPID AND DRAMATIC SHIFT FROM BROAD SPAM ATTACKS TO TARGETED EMAIL-BASED-PHISHING CAMPAIGNS THAT

More information

EXHIBIT A Identity Theft Protection Program. Definitions. For purposes of the Policy, the following definitions apply (1);

EXHIBIT A Identity Theft Protection Program. Definitions. For purposes of the Policy, the following definitions apply (1); EXHIBIT A Identity Theft Protection Program Definitions. For purposes of the Policy, the following definitions apply (1); A. City means: the City of Troy, Montana B. Covered Account means: An account that

More information

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014 A Small Business Approach to Big Business Cyber Security Brent Bettis, CISSP 23 September, 2014 1 First, a Video http://www.youtube.com/watch?v=cj8wakqwlna 2 3 Agenda Threat Landscape Strategic Initiatives

More information

Red Flags in International Payments and Trade. Presented by Paul Warfield and Despina Margiori

Red Flags in International Payments and Trade. Presented by Paul Warfield and Despina Margiori Red Flags in International Payments and Trade Presented by Paul Warfield and Despina Margiori Red Flags on International Payments Financial Crimes Enforcement Network (FinCEN) alerts that Criminal organizations

More information

Cybersecurity A Clear and Present Danger

Cybersecurity A Clear and Present Danger Cybersecurity A Clear and Present Danger Thomas J. DeMayo, CISSP, CISA, CIPP, CEH, CHFI, MCSE Director IT Audit and Consulting Services TDeMayo@odpkf.com Objectives Gain an understanding of current cyber

More information

Top Ten Fraud Risks That Impact Your Financial Institution. Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC.

Top Ten Fraud Risks That Impact Your Financial Institution. Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC. Top Ten Fraud Risks That Impact Your Financial Institution Presented by Ann Davidson - VP Risk Consulting Allied Solutions LLC Agenda Education on understanding the fraud risk Take away.. Education to

More information

Presented By: Corporate Security Information Security Treasury Management

Presented By: Corporate Security Information Security Treasury Management Presented By: Corporate Security Information Security Treasury Management Is Your Business Prepared for a Cyber Incident? It s not a matter of if, it s a matter of when Cyber Attacks are on the Rise; Physical

More information

Anatomy of a Social Engineering Attack Exploiting Human Behaviors

Anatomy of a Social Engineering Attack Exploiting Human Behaviors www.pwc.com Anatomy of a Social Engineering Attack Exploiting Human Behaviors April 14, 2016 Introductions Wendy Frank PwC, Principal (818) 397-3040 wendy.l.frank@pwc.com Brian Lee PwC, Manager (213) 663-0337

More information

IBM Security Strategy

IBM Security Strategy IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office

Identity Theft. CHRISTOS TOPAKAS Head of Group IT Security and Control Office Identity Theft CHRISTOS TOPAKAS Head of Group IT Security and Control Office Agenda Identity Theft Threats and Techniques Identity Theft Definition and Facts Identity Theft & Financial Institutions Prevention

More information

INTERNET BANKING SYSTEM AGREEMENT

INTERNET BANKING SYSTEM AGREEMENT INTERNET BANKING SYSTEM AGREEMENT Agreement - This Agreement, which includes the Fee Schedule and Enrollment Form, is a contract which establishes the rules which cover your electronic access to your accounts

More information

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference

More information

Security Tips You are here: Home» Security Tips

Security Tips You are here: Home» Security Tips Security Tips You are here: Home» Security Tips Click on a the Security Icon to view detailed information on: Responsibility of the Bank Password Policy Guide Online Security Internet Security Tips Scam

More information

Corporate Account Take Over (CATO) Guide

Corporate Account Take Over (CATO) Guide Corporate Account Take Over (CATO) Guide This guide was created to increase our customers awareness of the potential risks and threats that are associated with Internet and electronic- based services,

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

IDENTITY THEFT PREVENTION PROGRAM COUNTY OF DUPLIN, NORTH CAROLINA

IDENTITY THEFT PREVENTION PROGRAM COUNTY OF DUPLIN, NORTH CAROLINA IDENTITY THEFT PREVENTION PROGRAM COUNTY OF DUPLIN, NORTH CAROLINA TO ESTABLISH AN IDENTIFY THEFT PREVENTION PROGRAM; TO COMPLY WITH FEDERAL REGULATIONS RELATING TO ADDRESS DISCREPANCIES; TO COMPLY WITH

More information

This notice contains important information about the data breaches announced by Home Depot, Kmart and Dairy Queen.

This notice contains important information about the data breaches announced by Home Depot, Kmart and Dairy Queen. RECENT DATA BREACHES This notice contains important information about the data breaches announced by Home Depot, Kmart and Dairy Queen. Data security is a number one priority at Northwest. We take every

More information

LIGC-ACC Presentation November 9, 2015

LIGC-ACC Presentation November 9, 2015 Bryan Frank, DDIS Info Sec Corp, panelist Jennifer M. Mone, Deputy General Counsel, Hofstra University, panelist Keith J. Frank, Partner, Forchelli, Curto, Deegan, Schwartz, Mineo & Terrana,. LLP, moderator

More information

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations

More information

Acceptable Use Policy

Acceptable Use Policy Introduction This Acceptable Use Policy (AUP) sets forth the terms and conditions for the use by a Registrant of any domain name registered in the top-level domain (TLD). This Acceptable Use Policy (AUP)

More information

SEC-GDL-005-Anatomy of a Phishing Email

SEC-GDL-005-Anatomy of a Phishing Email Technology & Information Services SEC-GDL-005-Anatomy of a Phishing Email Author: Paul Ferrier Date: 07/11/2014 Document Security Level: Document Version: PUBLIC 0.98 Document Ref: SEC-GDL-005 Document

More information

SPEAR-PHISHING ATTACKS: REELING IN CORPORATE AMERICA. August 2015. Sponsored by:

SPEAR-PHISHING ATTACKS: REELING IN CORPORATE AMERICA. August 2015. Sponsored by: SPEAR-PHISHING ATTACKS: REELING IN CORPORATE AMERICA August 2015 Spear-Phishing Attacks: Reeling in Corporate America Executive Summary Criminals often find the task of exploiting a person easier than

More information

Cyber Liability Insurance: It May Surprise You

Cyber Liability Insurance: It May Surprise You Cyber Liability Insurance: It May Surprise You Moderator Eugene Montgomery, President & CEO Community Financial Insurance Center Panelists Antonio Trotta, Senior Claim Counsel, CNA Specialty William Heinbokel,

More information

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS $ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security

More information

Cyber Security. Securing Your Mobile and Online Banking Transactions

Cyber Security. Securing Your Mobile and Online Banking Transactions Cyber Security Securing Your Mobile and Online Banking Transactions For additional copies or to download this document, please visit: http://msisac.cisecurity.org/resources/guides 2014 Center for Internet

More information

Preventing Corporate Account Takeover Fraud

Preventing Corporate Account Takeover Fraud Preventing Corporate Account Takeover Fraud Joe Potuzak Senior Vice President Payment Solutions Risk Manager Member FDIC 1 About Our Speaker Joe Potuzak is the Risk Manager for BB&T s Payment Solutions

More information

Insuring Innovation. CyberFirst Coverage for Technology Companies

Insuring Innovation. CyberFirst Coverage for Technology Companies Insuring Innovation. CyberFirst for Technology Companies TECHNOLOGY IS EVERYWHERE. SO ARE THE THREATS. protection that goes well beyond a traditional general liability policy. CyberFirst CyberFirst is

More information

3 day Workshop on Cyber Security & Ethical Hacking

3 day Workshop on Cyber Security & Ethical Hacking 3 day Workshop on Cyber Security & Ethical Hacking 1 st day-highlights-hands On Phishing Attack Hammad Mashkoor Lari Freelancer What is Cyber Security? What is Ethical hacking? What is Computer Science?

More information