DOCSLIB.ORG

A 21St Century Con Game Presenter: Joseph A

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A 21St Century Con Game Presenter: Joseph A A 21st Century Con Game Presenter: Joseph A. Juchniewicz Senior Consultant - Assessment and Compliance agenda About Us Phishing Social Engineering Questions foundationthe we have built TRUSTED ADVISORS: BREADTH OF SERVICE: LONG-TERM CLIENT RELATIONSHIPS: 31 years of experience Eight complementary practice areas with synergistic solutions Focused solutions Privately owned 100+ full-time engineers & a Responsible & flexible No debt or venture capital dedicated Pre-Sales Engineering team Constant performance Stong partner alliances evaluation Enterprise class service without the cost Feedback & insights 21st Century Con Game Phishing and Social Engineering Why are they still thriving today? 21st Century Con Game What is the confidence game and why it still survives § A confidence trick (synonyms include confidence scheme and scam) is an attempt to defraud a person or group after first gaining their confidence, in the classical sense of trust. § A confidence artist (or con artist) is an individual, operating alone or in concert with others, who exploits characteristics of the human psyche such as dishonesty, honesty, vanity, compassion, credulity, irresponsibility, naïveté, or greed. § These cons have been transferred into the cyber world. 21st Century Con Game What we are dealing with today... § Phishing is the act of attempting to acquire sensitive information, such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. The Short Con § Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access in that it is often one of many steps in a more complex fraud scheme. The Long Con Types of Phishing Different types of attacks... § Phishing attempts directed at specific individuals or companies have been termed spear phishing. Attackers may gather personal information about their target to increase their probability of success. § Clone phishing is whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. § Phishing which is directed specifically at senior executives and other high-profile targets within businesses may be referred to as whaling. Phishing Why Phishing Still Exists. § An easy may to lure a large pool of people unsuspecting public Phishing Why Phishing Still Exists: § An easy way to lure a large pool of unsuspecting people § Was considered a victimless crime – now part of most criminal activity § Has developed over time and morphed to meet the changing environment § 1864 Spam message § 1978 DARPA network spam/phishing email § 1987 True phishing email with payload § 1995 AOL - associated with the warez community that exchanged pirated software and the hacking scene § Criminal Elements – buy email addresses, accounts and information Why Phishing Still Works Excuses why this still works..... § Lack of computer system knowledge. § Lack of knowledge of security and security indicators § Visually deceptive text § Images masking underlying text § Lack of attention to security indicators. § Lack of attention to the absence of security indicators. Dhamija, Rachna, Tygar, J.D. and Hearst, Marti “Why Phishing Works.” Conference on Human Factors in Computing Systems, April 2006 Cost of Phishing Impact of Email Cyberthreats... SANS INSTITUTE Allen Paller, Director of Research 2012 VERIZON DATA BREACH INVESTIGATION REPORT Marcus Sanchs, VP National Security Policy CARTNER SURVEY OF US CONSUMERS Consumer behavor impact from phishing Timing of Phishing Events Impact of Email Cyberthreats... 2013 MANDIANT - Annual Threat Report on Advanced Targeted Attacks A FireEye Company Current Costs… 2013 Panda Security Report – The Cyber Crime Black Market: Uncovered Cost of Phishing § Verizon 2013 report - phishing attacks launched globally § 450,000 attacks the current record § USD $5.9 billion estimated loss Criminal Element Specialized frameworks and hacking tools, such as BlackHole 2.0 and others, allow easy setup for host hijacking and phishing. How easy is it? For $700, a three-month license for BlackHole is available online. It includes support! Criminal Element Blackhole Statistics... Criminal Element Blackhole Threads... Criminal Element Blackhole Prefernces... Criminal Element Who needs to pay for it.... § Free tools like the Social Engineering Toolkit is now in: § Backtrack § KALI Criminal Element Criminal Element Criminal Element Criminal Element Criminal Element Criminal Element Part of the Puzzle Limited attack § Can only collect so much info § AV/IDS/Firewalls are getting better § Education/Re-education programs being created Ways to improve the attack § Phishing is part of a larger attack structure § The bad guys are getting better organized Social Engineering Acts of the play… To take a page out of history, the concepts of the con game were brought to life on the big screen by the movie The Sting* where Johnny Hooker (Redford) and Gondorff (Newman) beat the gangsters at their own game. The film is notable for many reasons; one is how the con is actually revealed to the audience. In addition, the film is unique in that it divides the different pieces of the con into several parts, like acts of a play; each part setting the stage for the next act and which ultimately creates the sting. The parts of the con are the Set-up, the Hook, the Tale, and the Sting. * The Sting. Director George Roy Hill. Universal Pictures, 1973. * The Sting. Director George Roy Hill. Universal Pictures, 1973. The Set-Up Tricks of the trade § The setup is where the con artist tricks or exploits human weaknesses: § Greed § Dishonesty § Vanity § But also virtues like: § Honesty § Compassion § Or a naïve expectation of good faith on the part of the con artist * The Sting. Director George Roy Hill. Universal Pictures, 1973. The Hook… Hooking the mark... • The hook is to get the mark (the person the con is being played against) the hook on the idea/notion that they will get a large return for a minimum amount of effort. • The Hook uses everything from fake franchises, to the "sure things", how-to-get-rich plans, gurus, sure-fire inventions, useless products, fortunetellers, quack doctors, and miracle pharmaceuticals, anything to focus the person attention away from them so they can run the con. * The Sting. Director George Roy Hill. Universal Pictures, 1973. The Tale… Weaving the story... • The tale is where the con artist uses his skills to weave their story and make the con seem more real. • This is where the pieces of the setup and the hood come together and merge into this incredible tale. The con artist injects some variety of “human characteristics” into the story. The Tale… Playing on their character... • These characteristics include: 1) Human flaws 2) Superior people/attitudes 3) Someone is out to get them 4) They need the victim’s help to succeed and they are the only person that can help, or 5) Depending on the scam, using their religious or moral values to help them out. * The Sting. Director George Roy Hill. Universal Pictures, 1973. The Sting… § The sting is where all of the elaborate pieces of the puzzle come together. This is where they get the information, money, etc… § However, when they do have face-to-face contact with their mark, they are usually not caught. Due to playing their playing their part so well, they are nothing but believable. This only happens to people that are not prepared Don’t believe it? Anonymous “Social Engineering” .n.d and www.google.com/search social engineering/pictures Tareq and Michaele Salahi Jan 20, 2011. Security Assessments What is needed to execute a social engineering assessment Our Setup, Hook and Tail § Initial Scoping § What the client is trying to find out § Parameters of the engagement § Reconnaissance § Targets § “Get out of jail free” letter § Assessment § Actual physical/computer attacks § Reporting / Presentation What’s involved Prep Work... § Site observation § Physical / Wireless observation § Phishing § Email § Phone phishing § Social Engineering § Access to perimeter/building § Access to network § Access to systems Social Engineering Tool Kit What tools every social engineer needs... Tools Props • Are • Computer(s) • Cell phone • Badge • Computer cables • Badge holder • Scanning tools/(Hacking tools/ • USB drive Password crackers) • Burn phone • Lock pick set • CigareLe/lighter • Camera • Fake paper or work orders • Fake business cards Engagements Ladies and gentlemen: the stories you are about to hear is true. Only the names have been changed to protect the innocent* § Bank § Hospital § University § US Trucking Company * Dragnet, "Intro," Dragnet, http://www.dvdempire.com/Exec/v4_item.asp?item_id=1510115 Bank Job A regional Texas bank Branches § IT employee with a contractor badge § Used a virus scare to get in (USB tool) § Drop names § Used intimidation on employees – fake form to refuse work Main office • Conducted a phishing assessment • Tailgated an employee in at receiving dock • Followed employees into secure areas § Set up scanning and phone phishing from empty conference room Bank Job Findings... § Policies and procedures not being followed § Training inaccuracy § Issues in physical security processes § Issues in computer security processes Hospital Job
Load more

Recommended publications
  • Scams and Frauds Targeting Residents and Businesses
    May 2015 SCAMBOOK SCAMS AND FRAUDS TARGETING RESIDENTS AND BUSINESSES Tamworth Neighbourhood Watch Don Palmer Community Engagement Co-ordinator. May 2015 Page 1 ‘A CONFIDENCE TRICK or SCAM is an attempt to defraud a person or group after first gaining their confidence’ - Wikipedia While conventional crime is falling, there is an increasing likelihood of becoming a victim of a scam. The offenders range from single individuals to international organised crime groups. Some are very obvious, including spelling mistakes and grammatical errors; others can be extremely convincing. The proceeds are huge. The victims can be anyone, whether elderly, vulnerable, someone caught off guard or short of money, or someone simply responding to a request for help. Keep one step ahead, and don’t be taken in. For further advice and to report any such scams and frauds, contact Action Fraud at; www.actionfraud.police.uk or on 101. For regular alerts and updates from Neighbourhood Watch about scams such as these, and crimes in your area, register your details at; www.owl.co.uk, or via 101. May 2015 Page 2 1. ‘CHINESE INVESTMENT’ SCAM You receive a letter, supposedly from someone working for an investment bank in China or Hong Kong, dealing with the estate of a deceased person with the same surname as you. He wants to use your bank account to pay in the funds (usually millions) and will split 50/50. He urges you to keep it confidential. He needs your bank details, and payments in advance. 2. ‘LOTTERY WINNER’ SCAM You receive a letter or email, suggesting you have won a large amount in a lottery.
    [Show full text]
  • File Complaint About Internet Money Fraud
    File Complaint About Internet Money Fraud Inscrutable and napping Rourke always buds matrimonially and democratizing his tranquilization. Christie remains nonbelligerent after Ike cold-chisel episodically or organized any picker. Sometimes plastics Nevin devitalizing her fledgeling usward, but surreal Averil gip spinelessly or desilverize haphazardly. You may file a complaint online with the Michigan Attorney General's Consumer. If we can be compensated, product at atms and emails may take to exploit vulnerabilities with cybercrime case fake profile for assistance where appropriate. You amend a product online on an auction site having similar level receive an offer it another user of repair site. Emails might sometimes people about fraud complaint with complaints filed in your computer systems, filing fraudulent loans or username or which helps international certified financial frauds? Scam artists in the United States and strain the world defraud millions of people even year. Do business with companies you know or that come recommended by those you trust. You can provide a phone number where creditors can reach you to verify your identity before they proceed. Investment fraud can involve stocks bonds notes commodities currency or. Please enter your comment! In 2019 650570 or 20 percent of all complaints were related to identity theft. Protect business and Medicare against row by reviewing your Medicare claims for errors and reporting anything suspicious. Finally, be sure to probe what services will and provided, you can the one to consult is free transfer a lot fee through each county with state Bar Association. The credit reporting company you contact will automatically report the fraud alert to the other credit reporting companies.
    [Show full text]
  • Chapter 2: Nature, Prevalence and Economic Impact of Cyber Crime
    2 Nature, Prevalence and Economic Impact of Cyber Crime Introduction 2.1 This chapter addresses the nature, prevalence and economic impact of cyber crime. 2.2 The problem of cyber crime crosses many traditional technical, conceptual and institutional boundaries, and, due to its prevalence, has real and increasing social and economic impacts on all Australians. The chapter concludes that because of the inter-related nature of the different aspects of cyber crime, a more holistic and strategic approach must be taken to its prevention. Nature of cyber crime 2.3 This section demonstrates that cyber crime is highly complex, self- reinforcing, technologically advanced, geographically widespread and indiscriminate by examining the history, tools, industrial nature, perpetrators and victims of cyber crime. 10 HACKERS, FRAUDSTERS AND BOTNETS: TACKLING THE PROBLEM OF CYBER CRIME Cyber crime and the Internet 2.4 Mr Peter Watson, Microsoft Pty Ltd, told the Committee that the Internet, by its very design, is an inherently vulnerable network which has enabled cyber crime to flourish in a new virtual ‘Wild West’ environment.1 2.5 The Internet originated from a relatively basic network set up to share information between trusted people and organisations for military and academic purposes, with no view to the security of the computers attached to these networks, nor the information stored on these computers.2 2.6 Today, this open and insecure system has evolved into a world wide network, directly connecting in excess of one billion users, and is employed
    [Show full text]
  • Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used
    Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations that send unsolicited bulk e-mail address. Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software. Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least. Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation.
    [Show full text]
  • The Fashion Industry As a Slippery Discursive Site: Tracing the Lines of Flight Between Problem and Intervention
    THE FASHION INDUSTRY AS A SLIPPERY DISCURSIVE SITE: TRACING THE LINES OF FLIGHT BETWEEN PROBLEM AND INTERVENTION Nadia K. Dawisha A dissertation submitted to the faculty of the University of North Carolina at Chapel Hill in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Department of Communication in the College of Arts and Sciences. Chapel Hill 2016 Approved by: Patricia Parker Sarah Dempsey Steve May Michael Palm Neringa Klumbyte © 2016 Nadia K. Dawisha ALL RIGHTS RESERVED ii ABSTRACT Nadia K. Dawisha: The Fashion Industry as a Slippery Discursive Site: Tracing the Lines of Flight Between Problem and Intervention (Under the direction of Dr. Patricia Parker) At the intersection of the glamorous façade of designer runway shows, such as those in Paris, Milan and New York, and the cheap prices at the local Walmart and Target, is the complicated, somewhat insidious “business” of the fashion industry. It is complicated because it both exploits and empowers, sometimes through the very same practices; it is insidious because its most exploitative practices are often hidden, reproduced, and sustained through a consumer culture in which we are all in some ways complicit. Since fashion’s inception, people and institutions have employed a myriad of discursive strategies to ignore and even justify their complicity in exploitative labor, environmental degradation, and neo-colonial practices. This dissertation identifies and analyzes five predicaments of fashion while locating the multiple interventions that engage various discursive spaces in the fashion industry. Ultimately, the analysis of discursive strategies by creatives, workers, organizers, and bloggers reveals the existence of agile interventions that are as nuanced as the problem, and that can engage with disciplinary power in all these complicated places.
    [Show full text]
  • Cyber Frauds, Scams and Their Victims 1St Edition Pdf, Epub, Ebook
    CYBER FRAUDS, SCAMS AND THEIR VICTIMS 1ST EDITION PDF, EPUB, EBOOK Mark Button | 9781138931206 | | | | | Cyber Frauds, Scams and their Victims 1st edition PDF Book Defamation Invasion of privacy Intrusion on Seclusion False light Breach of confidence Abuse of process Malicious prosecution Alienation of affections Criminal conversation Seduction Breach of promise. Big Data Saswat Sarangi author Apart from fraud, there are several related categories of intentional deceptions that may or may not include the elements of personal gain or damage to another individual:. While the precise definitions and requirements of proof vary among jurisdictions, the requisite elements of fraud as a tort generally are the intentional misrepresentation or concealment of an important fact upon which the victim is meant to rely, and in fact does rely, to the harm of the victim. Given the international nature of the web and ease with which users can hide their location, obstacles to checking identity and legitimacy online, and the variety of hacker techniques available to gain access to PII have all contributed to the very rapid growth of Internet fraud. April Cyber security officials in the UK begin to worry as the BBC demonstrates how easy it is to purchase fraudulent rail tickets via the dark web. A year-old-boy was arrested in Northern Ireland for attempting to purchase a Soviet era submachine gun on the dark web. Retrieved 18 September Compounding Malfeasance in office Miscarriage of justice Misprision Obstruction Perjury Perverting the course of justice. Beyond laws that aim at prevention of fraud, there are also governmental and non-governmental organizations that aim to fight fraud.
    [Show full text]
  • Genres of Financial Capitalism in Gilded Age America
    Reading the Market Peter Knight Published by Johns Hopkins University Press Knight, Peter. Reading the Market: Genres of Financial Capitalism in Gilded Age America. Johns Hopkins University Press, 2016. Project MUSE. doi:10.1353/book.47478. https://muse.jhu.edu/. For additional information about this book https://muse.jhu.edu/book/47478 [ Access provided at 28 Sep 2021 08:25 GMT with no institutional affiliation ] This work is licensed under a Creative Commons Attribution 4.0 International License. Reading the Market new studies in american intellectual and cultural history Jeffrey Sklansky, Series Editor Reading the Market Genres of Financial Capitalism in Gilded Age America PETER KNIGHT Johns Hopkins University Press Baltimore Open access edition supported by The University of Manchester Library. © 2016, 2021 Johns Hopkins University Press All rights reserved. Published 2021 Printed in the United States of America on acid-free paper Johns Hopkins Paperback edition, 2018 2 4 6 8 9 7 5 3 1 Johns Hopkins University Press 2715 North Charles Street Baltimore, Maryland 21218-4363 www.press.jhu.edu The Library of Congress has cataloged the hardcover edition of this book as folllows: Names: Knight, Peter, 1968– author Title: Reading the market : genres of financial capitalism in gilded age America / Peter Knight. Description: Baltimore : Johns Hopkins University Press, [2016] | Series: New studies in American intellectual and cultural history | Includes bibliographical references and index. Identifiers: LCCN 2015047643 | ISBN 9781421420608 (hardcover : alk. paper) | ISBN 9781421420615 (electronic) | ISBN 1421420600 [hardcover : alk. paper) | ISBN 1421420619 (electronic) Subjects: LCSH: Finance—United States—History—19th century | Finance— United States—History—20th century.
    [Show full text]
  • Downloaded from Elgar Online at 09/27/2021 05:11:36PM Via Free Access
    JOBNAME: Barker PAGE: 1 SESS: 5 OUTPUT: Fri Nov 17 12:14:20 2017 Bibliography Abdelal, Rawi, ‘Sovereign Wealth in Abu Dhabi’ (2009) 14 Geopolitics 317. Abner, David J, The ETF Handbook: How to Value and Trade Exchange- Traded Funds (Chichester: John Wiley & Sons, 2010). Acharya, Viral V, Hahn, Moritz and Kehoe, Conor, ‘Corporate Govern- ance and Value Creation: Evidence from Private Equity’ (2009) at http://ssrn.com/abstract=1324016. Acharya, Viral V, Kehoe, Conor and Reyner, Michael, ‘Private Equity vs PLC Boards in the U.K.: A Comparison of Practices and Effectiveness’ (ECGI Working Paper, 2008). Achleitner, Ann-Kristin, Betzer, André and Gider, Jasmin, ‘Do Corporate Governance Motives Drive Hedge Funds and Private Equity Activ- ities?’ (2009) at http://ssrn.com/abstract=1292896. Achleitner, Ann-Kristin, Lutz, Eva, Herman, Kerry and Lerner, Josh, ‘New Look: Going Private with Private Equity Support’ (2009) at http://ssrn.com/abstract=1120230. Admati, Anat R and Pfleiderer, Paul, ‘The “Wall Street Walk” and Shareholder Activism: Exit as a Form of Voice’ (2009) 22 Review of Financial Studies 2645. Adrian, Tobias, Begalle, Brian, Copeland, Adam and Martin, Antoine, ‘Repo and Securities Lending’ (2011) http://ssrn.com/abstract=1976 327. Aggarwal, Reena, Bai, Jennie and Laeven, Luc, ‘The Securities Lending Market and the Collateral Channel of Monetary Policy Transmission’ (2016) at http://ssrn.com/abstract=2692251. Agarwal, Vikas, Gay, Gerald D and Ling, Leng, ‘Window Dressing in Mutual Funds’ (2014) at http://ssrn.com/abstract=1804939. Aggarwal, Reena, Erel, Isli and Starks, Laura T, ‘Influence of Public Opinion on Investor Voting and Proxy Advisors’ (2014) at http:// papers.ssrn.com/sol3/papers.cfm?abstract_id=2447012.
    [Show full text]
  • TBJ Internet Scam Article Ellen Pitluk+Clean
    Is The Confidence Man Your Client? Con artists excel on the internet at making lawyers their marks. The conditions of anonymity, confusion and an increase in movable wealth (paper currency) during the antebellum decades (1815-1860) of New York City fostered an opportunity for the likes of one genteel gentleman named William Thompson to approach complete strangers on the streets, engage them in pleasant conversation, and then walk away with their watches, which they voluntarily “loaned” him while mistaking Mr. Thompson for a trustworthy acquaintance.1 The New York Herald announced the “Arrest of the Confidence Man” in the Police Intelligence section of its July 8, 1849 newspaper.2 Hence the moniker, “con man” (or “con artist” for any gender) was coined. At the time, New York City was a growing urban society in some ways similar to today’s growing global society. What once was possible for Mr. Thompson among the pedestrians on the streets of New York is now possible among sophisticated con artists in the traffic on the internet. Both provide anonymity, confusion and moveable currency. The confidence game (also known more colorfully as the con, bamboozle, flim flam, swindle, grift, hustle, gaffle and scam) involves the con artist and his or her accomplices, known as shills.3 Its marks (or victims) are from all walks of life, including educated professionals.4 Lawyers have become victims of increasingly sophisticated fake clients, who sometimes use shills, fake websites, and identity theft to legitimize their scams.5 At the heart of the scam is an unsolicited e-mail from a prospective, and typically, foreign client who needs what appears to be legitimate legal help, such as paying or collecting a debt, settling a contract dispute, or obtaining a divorce.6 The lawyer and fake client enter into an agreement for legal services and attorney’s fees.
    [Show full text]
  • Human Hacking As Social Engineering Carina Franca Posted on April 25, 2013 08:00
    Human Hacking as Social Engineering Carina Franca posted on April 25, 2013 08:00 Knowledge is power. This is especially true when you are trying to keep personal information safe in a cyber-world where human hacking and social engineering have become the norm. Social engineering as an act of psychological manipulation had previously been associated with the social sciences, but its usage has caught on among computer professionals.1 In the context of security, social engineering is understood to be the art of manipulating people into performing actions or divulging confidential information.2 While it is similar to a confidence trick or simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or computer system access. In most cases the attacker never comes face-to-face with the victims. For the most part, people are trusting and tend to give others the benefit of the doubt before they make judgments of people they meet but do not know. Because of their trusting nature, cyber-criminals take advantage of individuals. Cyber-attacks can come from a variety of methods, such as in person, through an email system, and over the phone. As an example, imagine a hacker has targeted your business. His reason could be for financial gain, data extraction, or something else. Since the hacker cannot gain physical access into your facility, he chooses to download a virus onto a USB flash drive. He then puts dozens of them in your company parking lot. He patiently waits for one employee, with a curious mind, to pick up the USB drive, take it inside, and insert it into a computer.
    [Show full text]
  • Secureworks State of Cybercrime Report 2017
    REPORT State2017 of Cybercrime Exposing the threats, techniques and markets that fuel the economy of cybercriminals Contents Foreword 3 Introduction 4 Key Findings 5 Cybercrime 1. Business Email Compromise 7 2. Ransomware 9 3. Banking Malware 12 4. Mobile Malware 20 Criminal Landscape 5. Organized Cybercrime 22 6. Diverse Roles 23 7. Gap Between Criminality and Nation-States 25 8. Money Muling 27 Online Crime — A Market Economy 9. Commodities 30 10. Spam Botnet Usage 34 11. Exploit Kit Activity Decline 37 Conclusion 39 Glossary of Terms 40 About Secureworks 41 2 © 2017 Secureworks, Inc. All rights reserved. Foreword Foreword Secureworks has been tracking cybercrime activity for more than 10 years and, as we monitor this activity to protect our clients, we collect a large amount of data on both the criminals and their infrastructure and systems. This annual report presents an overview of the cybercrime landscape and trends we observed primarily from the period of mid-2016 to May 2017, in addition to a handful of other trends ranging from 2015 to 2016. The unique and valuable intelligence shared in this report stems from the visibility gained from our thousands of clients, the machine learning and automation from our industry-leading Counter Threat Platform™, and the actionable insights from our team of elite Counter Threat Unit™ (CTU) researchers, analysts and consultants. We call this the Network Effect, and it is the unparalleled power and protection of this Network Effect which enables us to prevent security breaches, detect malicious activity in real time, respond rapidly and predict emerging threats. Secureworks’ goal in publicly sharing this report’s findings is to help all organizations better protect themselves from current and emerging cyber threats; to help make them become Collectively Smarter.
    [Show full text]
  • Wire Fraud in Real Estate Transactions
    Wire Fraud in Real Estate Transactions Craig Goldenberg Senior Division President Craig Goldenberg Senior Division President – Direct Operations in ME, NH, NY, NJ, MD, DC, VA Division President of New York Direct Operations CIO of Stewart Title Insurance Company Email: [email protected] Phone: 212.922.0050 Why are we talking about it? Maryland, August 2017: The FBI says fraudsters used fake emails to fool a settlement company into wiring them the proceeds of the sale of a couple’s home. Amount lost: $411,548 New York, June 2017: A judge trying to sell her apartment received an email she thought was from her real estate lawyer telling her to wire money to an account. Amount lost: $1 million. Washington, D.C., May 2017: The homebuyers sued the title company for the lost money, but also close to $5 million for an alleged violation of the RICO Act. The title company, which denies it had anything to do with the money going missing, said that it immediately contacted the FBI when the attack was discovered. Amount lost: $1.57 million. Why are we talking about it? Colorado, March 2017: A couple, who lost their life savings while trying to buy their dream retirement home, has filed suit alleging that none of the companies involved in the transaction—including a title company—did enough to protect sensitive financial information. Amount lost: $272,000 Minneapolis, September 2016: A retired couple hoping to buy a townhouse to be closer to their grandchildren received an email that looked like it came from the title company with instructions to wire money before the closing.
    [Show full text]