Preventing, Insuring, and Surviving Fund Transfer Fraud... and Other Cyber Attacks

Preventing, Insuring, and Surviving Fund Transfer Fraud... and Other Cyber Attacks Nick Merker, CISSP, CIPT Stephen Reynolds, CISSP, CIPP/US Nick Reuhs Attorneys at Ice Miller LLP IceonFire

Fund Transfer Fraud What is It? IceonFire

What is at Risk? IceonFire

How Much is at Risk? The following BEC statistics were reported to the Internet Crime Complaint Center from October 2013 to August 2015: Total U.S. Victims: 7,066 Total U.S. exposed dollar loss: $747,659,840.63 Total Victims: 8,179 Total Exposed dollar loss: $798,897,959.25 These totals, combined with those identified by international law enforcement agencies during this same time period, bring the BEC exposed loss to over $1.2 billion. Source: Internet Crime Complaint Center (IC3), Alert Number I-082715a-PSA IceonFire

Fund Transfer Fraud Threat Vectors IceonFire

Business Email Compromise Source: Internet Crime Complaint Center (IC3) IceonFire

Business Email Compromise Business Email Compromise (BEC) is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. Source: Internet Crime Complaint Center (IC3), Alert Number I-082715a-PSA IceonFire

Fund Transfer Fraud Basic Example IceonFire

Spear Phishing Basic Example IceonFire

Spear Phishing Basic Example IceonFire

Spear Phishing Basic Example examp1e.com IceonFire

What Else Does It Look Like? IceonFire

Spear Phishing Basic Example IceonFire

Fund Transfer Fraud Threat Vectors Vishing SMSishing IceonFire

Funds Transfer Fraud Liability Uniform Commercial Code Article 4A Liability falls to customer if the bank has adopted a commercially reasonable security procedure, and the bank has followed that procedure in good faith. IceonFire

Funds Transfer Fraud Liability What constitutes commercially reasonable? Some courts have looked to industry standards and industry white papers (i.e. Federal Financial Institutions Examination Council Authentication in an Internet Banking Environment) IceonFire

How to Prevent? Security Awareness Inform employees of fund transfer fraud. Avoid presentation style training Identify risk to company with examples Attack your own employees. Third party services Carrot or stick approach IceonFire

How to Prevent? Other Suggestions For Protection Implement banking safeguards. Use a SPAM email gateway that flags emails with extensions that are similar to company email. For example, legitimate email of icemiller.com would flag fraudulent email of icemilller.com. Establish internal processes that require separation of duties (initiation of transfer vs. execution). IceonFire

Email Account Compromise and Ransomeware Stephen Reynolds, CISSP, CIPP/US Attorney at Ice Miller LLP IceonFire

Email Account Compromise Source: Internet Crime Complaint Center (IC3) IceonFire

Email Account Compromise Email Account Compromise (EAC) is a sophisticated scam that targets the general public and professionals associated with, but not limited to, financial and lending institutions, real estate companies, and law firms. The EAC scam is very similar to the Business Email Compromise (BEC) scam, except that it targets individuals rather than businesses. In EAC scams, criminal actors use social engineering or computer intrusion techniques to compromise the email accounts of unsuspecting victims. In many cases, a criminal actor first gains access to a victim s legitimate email address for reconnaissance purposes. The criminal actor then creates a spoofed email account that closely resembles the legitimate account, but is slightly altered by adding, changing, or deleting a character. The spoofed email address is designed to mimic the legitimate email in a way that is not readily apparent to the targeted individual. The criminal actor then uses either the victim s legitimate email or the spoofed email address to initiate unauthorized wire transfers. Source: Internet Crime Complaint Center (IC3), Alert Number I-082715b-PSA IceonFire

What Does It Look Like? Financial/Brokerage Services An individual s email account is compromised by a criminal actor. The criminal actor, who is posing as the victim, sends an email to the victim s financial institution or brokerage firm requesting a wire transfer to a person or account under the control of the criminal actor. An accounting firm s email account is compromised and used to request a wire transfer from a client s bank, supposedly on behalf of the client. Source: Internet Crime Complaint Center (IC3), Alert Number I-082715b-PSA IceonFire

What Does It Look Like? Real Estate A seller s or buyer s email account is compromised through an EAC scam. The criminal actor intercepts transactions between the two parties and alters the instructions for the transfer of funds. A realtor s email address is used to contact an escrow company to redirect commission proceeds to a bank account associated with the criminal actor. A realtor receives a link within an email from an unknown person who is requesting information related to property. When the realtor clicks on the link, the criminal actor is able to access the realtor s email account. The intrusion exposes client information, which the criminal actor then uses to email the clients and attempt to change wire instructions for loan processing proceeds. Source: Internet Crime Complaint Center (IC3), Alert Number I-082715b-PSA IceonFire

What Does It Look Like? Legal A criminal actor compromises an attorney s email account, which results in the exposure of client bank account numbers, email addresses, signatures, and confidential information related to pending legal transactions. The attorney s compromised email account is used to send overlaid wire instructions to a client. A criminal actor compromises a client s email account and uses it to request wire transfers from trust fund and escrow accounts managed by the firm. Source: Internet Crime Complaint Center (IC3), Alert Number I-082715b-PSA IceonFire

What Does It Look Like? IceonFire

How to Prevent? Train Employees to: Not open email messages or attachments from unknown individuals. Be cautious of clicking links within emails from unknown individuals. Be aware of small changes in email addresses that mimic legitimate email addresses. Question any changes to wire transfer instructions by contacting the associated parties through a known avenue. Know your customers. IceonFire

How Else to Prevent? Train Employees to: Look for poor use of the English language in emails such as incorrect grammar, capitalization, and tenses. Roll your cursor over the links received via email and look for inconsistencies. If it is not the website the email claims to be directing you to then the link is to a fraudulent site. Never provide credentials of any sort via email. This includes after clicking on links sent via email. Always go to an official website rather than from a link sent to you via email. Source: Internet Crime Complaint Center (IC3), Alert No. I-011315b-PSA IceonFire

Related Cyber Attacks IceonFire

Ransomware Source: Internet Crime Complaint Center (IC3)

Ransomware Ransomware is a type of malware that restricts access to a computer system that it infects in some way, and demands that the user pay a ransom to the operators of the malware to remove the restriction. The attackers demand payment of a ransom ranging from $100 to $300 to decrypt the files. Source: Wikipedia; Internet Crime Complaint Center (IC3), Alert Dated Oct. 28, 2013

Ransomware Source: McAfee Labs, Threats Report, August 2015

What Does It Look Like?

What Does It Look Like?

How to Prevent? Suggestions For Protection Do not open email messages or attachments from unknown individuals. Be cautious of clicking links within emails from unknown individuals. Implement technical safeguards.

What Do We Do? Mitigation and Risk Transfer Nick Reuhs Attorney at Ice Miller LLP

Mitigation and Risk Transfer 10 12 11 1 2 3 9 8 4 7 6 5

Mitigation 10 12 11 1 2 3 9 8 4 7 6 5

Mitigation 10 12 11 1 2 3 9 8 4 7 6 5

Mitigation 10 12 11 1 2 3 9 8 4 7 6 5

Risk Transfer

Insurance

Data Breach Insurance

Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O First-Party Security Crime Data Restoration Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O First-Party Security Crime Data Restoration Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O First-Party Security Crime Data Restoration Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O First-Party Security Crime Data Restoration Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O First-Party Security Crime Data Restoration Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O First-Party THINK IN TERMS OF LOSS NOT CAUSE Data Security Breach Data Restoration Crime Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion

Basic Cyber or Tech Insurance Third-Party Tech E&O Security First-Party Data Breach Data Restoration Crime Interruption Fraud & FTF Extortion Social Engineering

Mitigation and Risk Transfer EFFECTIVE RISK TRANSFER = MEANINGFULLY READ YOUR POLICY

Questions

Thank You Stephen Reynolds, CISSP, CIPP/US @stereyn Stephen.Reynolds@icemiller.com Nick Reuhs Nick.Reuhs@icemiller.com Nick Merker @nmerker Nick.Merker@icemiller.com Follow Us on Twitter @IceMillerSecure