DOCSLIB.ORG

Security Officer and Fraud Prevention Workshop 2019

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Officer and Fraud Prevention Workshop 2019 Security Officer and Fraud Prevention Workshop 2019 Presented by: Jim Rechel, President The Rechel Group, Inc. [email protected] 513-521-1860 I thought my comments were important……. Objectives 1. To challenge how you think about the role of security (physical and financial) today, tomorrow and for the future of your bank. 2. To provide information on the risks and opportunities to address current security issues. 3. To propose a business model that sees your bank in an “advocates role for your customers” when dealing with security issues. 4. To interest you enough today that you do not “doodle”! Protecting the Bank: Convergence of Data Physical Security and Fraud and Prevention Opportunities Russian Funded Hedge Fund / Bank / Finance Co. Russian Aligned Hedge Fund Bank Loan $ 75 $ 125 Million Million Finance Company 6 Small World 7 Your Background Let’s Take Your Pulse (Rank Top 2 Issues at Your Bank in Order: ie 1st and 2nd) Our customers and/or partners lack sufficient We lack the in-house We lack the technology tools awareness to protect expertise to properly detect to properly detect and themselves from socially- and respond. respond engineered fraud schemes. The anti-fraud controls we’ve Today’s fraud schemes evolve We are mired in manual deployed have also proven to too quickly for us to keep processes. impede the online customer pace. experience. Fraudsters have too much Our employees lack sufficient valid customer information at awareness to protect their fingertips, so they get themselves from socially around our controls to engineered fraud schemes prevent account takeover and origination. Rate of Change Challenges What You See Ahead of Your Bank Fraud Detection Anomaly: Looking for abnormal behavior (Transactional) Mistake Normal Abnormal False Positive Fraud? Predictive Analytics: Using historical data patterns to predict fraud (Behavioral) Known Fraud Classify incoming data vs Predictive Model as potential fraud or Non Fraud Samples non-fraud Reported: Using Tip Lines, Cust Service, Branches, Law Enforcement etc. Fraud Reported Investigated Fed into Above Customer/LE etc. For Example: Account Takeovers • Anomaly: Your internal fraud detection system detects deviation in deposit or withdrawal activity based on established parameters. • Predictive Analytics: System establishes normal employee behavior related to customer searches, detects employee viewing abnormal number of customers, potential account takeover predictor. Reported: Customer discovers transactions and is upset when discovered and reported. Customers Higher Risk Customers for Fraud Email Addresses of All Your Customers How Many are on the List of Compromised Emails? https://haveibeenpwned.com/API/v2#AllBreaches Fraudulent Act – Opportunity Missed Debit Card Stolen What the Ripples Look Like Purse Stolen Illinois Bank Branch: Indiana Debit Card Protect the Account…. ….and the Customer! Amazon is Good! Amazon is Bad! “One of the things Amazon does better than us, they are more customer- centric than we are. They really are. And one of my takeaways is that, by God, we're gonna become as customer-centric as Amazon. We're gonna import their passion about that. ……I love the passion these guys have around the customer. They put the customer first in everything they do and think backwards. And — we — we're gonna be the same way. Customer at the Center of Your Processes • Interest of Customers • Recommendations go is Focus of Your Beyond Immediate Efforts Matter Know how Products ie: Amazon and Services Benefit Suggestions Customer Can I Trust Do You You? Care? Customer Do You Do You Know What Want Me You Are Back? Doing? • Advice and • Follow-up with Suggestions are Both Customers Accurate and Comprehensive Immediate and Long term Say What You Will Do and Do What You Say! • Interest of Customers • Recommendations go is Focus of Your Beyond Immediate CustomerEfforts at the Center of Your Processes Matter Know how Products ie: Amazon and Services Benefit Suggestions Customer Can I Trust Do You You? Care? Customer Do You Do You Know What Want Me You Are Back? Doing? • Advice and • Follow-up with Suggestions are Both Customers Accurate and Comprehensive Immediate and Long term Say What You Will Do and Do What You Say! “Can I Trust You?” Your Bank’s Products and Services Does your staff understand the difference between features and benefits of all of your products and services. Develop product and service rollouts with challenge to staff to: • Identify at least 2 features of every product and service • Identify the benefits of the features • Provide understanding of the intended benefits for your customers • Encourage staff to solicit feedback from customers and report Fraud Schemes Criminals place a wedge between the bank and the victim customer over time. Mitigation Steps Your Staff Can Take: Criminal Acts 1. Look out for customer’s best interest 2. Provide understanding of what steps they can take and “Can I 3. Encourage feedback from customers Trust You?” If the crook has compromised your customer: Steps to Take While Interacting with Customer 1. Lead with “I May be wrong, but ….. 2. Provide third party resource information • Interest of Customers • Recommendations go is Focus of Your Beyond Immediate Efforts Matter Customer at the Center of Your Processes (Including Fraud Issues) Know how Products ie: Amazon and Services Benefit Suggestions Customer Can I Trust Do You You? Care? Customer Do You Do You Know What Want Me You Are Back? Doing? • Advice and • Follow-up with Suggestions are Both Customers Accurate and Comprehensive Immediate and Long term Say What You Will Do and Do What You Say! Do You Care? • Interest of Customers • Recommendations go is Focus of Your Beyond Immediate Efforts Matter Customer at the Center of Your Processes (Including Fraud Issues) Know how Products ie: Amazon and Services Benefit Suggestions Customer Can I Trust Do You You? Care? Customer Do You Do You Know What Want Me You Are Back? Doing? • Advice and • Follow-up with Suggestions are Both Customers Accurate and Comprehensive Immediate and Long term Say What You Will Do and Do What You Say! • Interest of Customers • Recommendations go is Focus of Your Beyond Immediate Efforts Matter Customer at the Center of Your Processes (Including Fraud Issues) Know how Products ie: Amazon and Services Benefit Suggestions Customer Can I Trust Do You You? Care? Customer Do You Do You Know What Want Me You Are Back? Doing? • Advice and • Follow-up with Suggestions are Both Customers Accurate and Comprehensive Immediate and Long term Say What You Will Do and Do What You Say! Cyber Security is a Shared Responsibility 35 Fraud Rings ID Thieves Hijacked Devices Social Engineering Who are Your Adversaries? Synthetic ID Thieves In Front of Your Bank…..One of Your Adversaries Fraud Today is Like an Amoeba …a type of cell or organism which has the ability to constantly alter its shape,… Your Fraud Detection System May Be Looking for the Wrong Type of Fraud I recently came across an interesting post on one of the many underground They Know criminal websites I monitor daily. Us Better It is advice intended for fraud managers Than We but posted for fraudsters to read so Know Us they might understand what fraud managers are taught to look for in their work In other words, fraudsters read what the good guys are looking for to stop fraud and adjust their techniques accordingly. View of Fraud in 2018 *SMG 2018 Faces of Fraud Survey Cyber Crimes & Email Compromises: Consumer and Business Imperative 44 What is Cybercrime? …crime that involves the internet, a computer system or computer technology. The computer may have been used in the commission of a crime, or it may be the target. Source: https://en.wikipedia.org/wiki/Cybercrime 45 The Cost of Cybercrime Cyber-crime Costs are Unprecedented @ $22 Million per Year Organized criminals are exceptionally well- 90,909 NFL Quarterbacks funded; the cost of cybercrime 48,000 miles cost $499B in 2016 dollars is expected to reach $2 trillion this year. Could replicate 4x over with cyber losses Source: http://www.gartner.com/newsroom/id/2828722; https://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#47a242633a91 Photo: sportingnews.com By SPUI - National Atlas, Public Domain, https://commons.wikimedia.org/w/index.php?curid=945257 46 Who is Behind Cybercrime? ....What are Their Motivations? Org Crime/Fraudsters Hacktivists Nation-States Theft Disruption Destruction 47 Social Media 48 Issues You Face Online Identity Threats are More Regulations Education Theft Sophisticated 49 50 Identity Fraud Reached an All-time High in 2017… Continued in 2018 16.7 8% # of identity fraud victims in the U.S. MILLION For the first time ever, SSNs (35%) were compromised more 35% than credit card numbers (30%) in breaches $16.8 Amount stolen from U.S. consumers due to identity fraud BILLION Business Wire - Identity Fraud Hits All Time High With 16.7 Million U.S. Victims in 2017, According to New Javelin Strategy & Research Study: https://www.businesswire.com/news/home/20180206005363/en/Identity-Fraud-Hits-Time-High-16.7-Million This Photo by Unknown Author is licensed under CC BY-NC-ND This Photo by Unknown Author is licensed under CC BY-SA-NC 51 2017 Cybersecurity Timeline Yahoo! reveals breach impacted all 3 billion of its users NotPetya Equifax credit ransomware attack bureau announces Uber disclosed 2016 Apache Struts emerges globally; data breach impacting breach and payment to remote code execution total losses could 143 million consumers; hackers to delete vulnerability reported exceed $1B Apache Struts is cause stolen data JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC WannaCry Honda motor plant Blueborne KRACK WiFi ransomware worm first shutdown due to Bluetooth vulnerabilities $600 billion struck; most notably WannaCry vulnerabilities first disclosed; enables forcing some UK disclosed; exposed attackers to bypass lost to cybercrime hospitals to shut down.
Load more

Recommended publications
  • Acid-H1-2021-Report.Pdf
    AGARI CYBER INTELLIGENCE DIVISION REPORT H1 2021 Email Fraud & Identity Deception Trends Global Insights from the Agari Identity Graph™ © Copyright 2021 Agari Data, Inc. Executive Summary Call it a case of locking the back window while leaving the front door wide open. A year into the pandemic and amid successful attacks on GoDaddy1, Magellan Health², and a continuous stream of revelations about the SolarWinds “hack of the decade,” cyber-attackers are proving all too successful at circumventing the elaborate defenses erected against them³. But despite billions spent on perimeter and endpoint security, phishing and business email compromise (BEC) scams continue to be the primary attack vectors into organizations, often giving threat actors the toehold they need to wreak havoc. In addition to nearly $7.5 billion in direct losses each year, advanced email threats like the kind implicated in the SolarWinds case⁴ suggest the price tag could be much higher. As corroborated in this analysis from the Agari Cyber Intelligence Division (ACID), the success of these attacks is growing far less reliant on complex technology than on savvy social engineering ploys that easily evade most of the email defenses in use today. Sophisticated New BEC Actors Signal Serious Consequences Credential phishing accounted for 63% of all phishing attacks during the second half of 2020 as schemes related to COVID-19 gave way to a sharp rise in payroll diversion scams, as well as fraudulent Zoom, Microsoft and Amazon alerts targeting millions of corporate employees working from home. Meanwhile, the state- sponsored operatives behind the SolarWinds hack were just a few of the more sophisticated threat actors moving into vendor email compromise (VEC) and other forms of BEC.
    [Show full text]
  • The Nutshell Studies of Unexplained Death Stephanie Witt
    School of Graduate and Professional Studies 100 Campus Circle, Owings Mills, Maryland 21117 1-877-468-6852 accelerate.stevenson.edu STEVENSON UNIVERSITY FORENSICS JOURNAL VOLUME 4 EDITORIAL BOARD EDITOR-IN-CHIEF Carolyn Hess Johnson, Esq. PUBLISHER Carolyn Hess Johnson, Esq. EDITORS Abigail Howell Stephanie Witt COVER PHOTO Bruce Goldfarb Assistant to the Chief Medical Examiner, Maryland DESIGN & LAYOUT Chip Burkey Cassandra Bates Stevenson University Marketing and Public Relations Office Copyright © 2013, author(s) and Stevenson University Forensics Journal. No permission is given to copy, distribute or reproduce this article in any format without prior explicit written permission from the article’s author(s) who hold exclusive rights to impose usage fee or royalties. FORENSICS JOURNAL Welcome to our fourth annual Stevenson University Forensics Journal. This year, as always, we bring fresh voices and perspectives from all aspects and areas of the field. I am pleased to note that a new section has been added this year, highlighting the process of library research in the vast field of Forensic Studies. Our Stevenson University librarians bring the research pro- cess into the twenty-first century by showcasing a variety of on-line resources available to researchers. Also of note is the connection between our cover photo and the interview conducted with Dr. David Fowler, Chief Medical Examiner for the State of Maryland. Assistant Editor Stephanie Witt joins the Journal as a contributor to explain the fascinating Nutshell Series of Unexplained Deaths. We are privileged this year to have the Honorable Lynne A. Battaglia providing her insights into the Court’s perspective on the prominent role of forensic evidence in modern litigation.
    [Show full text]
  • Behind the “From” Lines: Email Fraud on a Global Scale Ten Cybercriminal Organizations Unmasked
    AGARI CYBER INTELLIGENCE DIVISION REPORT Behind the “From” Lines: Email Fraud on a Global Scale Ten Cybercriminal Organizations Unmasked © Copyright 2019 AGARI Data, Inc. Executive Summary Nigerian Scammers Target American Businesses Over the course of the past 10 months, using responsible active defense “ Since I can't send techniques, Agari captured 78 criminal email accounts, belonging to 10 criminal more money, maybe organizations, and containing 59,652 unique email messages. Agari analyzed the I'm of no use to you contents of these email accounts to investigate the tactics, targets and identities now. I certainly feel of the criminals. And now, that analysis enables stronger defensive strategies and like that could be measures. the deal here...A realtor is coming over What’s more, Agari has used this analysis to warn financial institutions about tomorrow to help accounts being used for criminal activity, and to provide evidence to law me list my house for enforcement. Agari has also warned victims, and in at least once case, quick action sale. I'm talking to an helped a company recover its money. attorney now about how to keep the One of the more interesting findings from this analysis was that while much of the collection agencies high-profile cybersecurity news of the past year has involved state sponsors like away and protect my Russia and North Korea, American businesses and individuals are far more likely to kids. All this time, I'm be targeted by Nigerian scam artists. wondering if I've heard Nigerian scam artists, traditionally associated with implausible get-rich-quick from you for the last schemes and other scams of individuals, have become more sophisticated and time.
    [Show full text]
  • Are You the Next Phishing Victim?
    Are you the next Phishing Victim? Organisations today are faced with increasing threats coming from the cyberspace, ones which could significantly damage their operation and reputation. As all industries shift towards IT-oriented infrastructures, the same is being undertaken by malicious users and organisations as they are aware that the weakest links in Security are users. 90% of data breaches occurred as a result of phishing, resulting in an average cost of $3.86 for organisations. IBM - Phishing and Email Fraud Statistics in 2019 Email phishing is a form of social engineering where malicious emails are designed to deceive recipients into providing sensitive information, or clicking links or file attachments that install malware (e.g. ransomware). Phishing attacks can target mass amounts of users or be part of a specific targeted campaign (spear-phishing). In each of the cases the atack can result in the compromising of internal & client sensitive data, loss of productivity, loss of client trust, and expensive response costs. Countermeasures Although security awareness training for employees helps users to recognise malicious emails, phishing scams evolve and are becoming highly sophisticated so it is difficult to gauge whether the organisation will suffer a successful phishing attack. The PwC Phishing Simulation Campaign consists of an effective and practical exercise to assess how likely it is for one or more employees to fall for a phishing email and how far they will go: clicking a link; opening an attachment; divulging information; etc. Types of phishing simulation campaigns PwC Service Offerings Tier 1 Tier 2 Tier 3 A basic campaign An campaign with An advanced campaign with minimal or no manually tailored to which is developed based customisation.
    [Show full text]
  • Q1-2020-Report.Pdf
    AGARI CYBER INTELLIGENCE DIVISION REPORT Q1 2020 Email Fraud & Identity Deception Trends Global Insights from the Agari Identity Graph™ © Copyright 2020 Agari Data, Inc. Executive Summary Why attack hardened computer systems when it’s so much easier to hack human nature? The tactics employed in phishing attacks, business email compromise (BEC) scams, and other advanced email threats continue to shape shift, pummeling US businesses with attacks that lead to more than $700 million in losses each month. As the latest quarterly analysis from the Agari Cyber Intelligence Division (ACID) affirms, the success of these attacks is growing less dependent on technical prowess, and more on sophisticated forms of identity deception and advanced social engineering techniques. As infuriating as it may be, the brilliantly simple, expertly-crafted email messages used to dupe corporate employees into surrendering sensitive information, revealing login credentials, or paying for fraudulent invoices or gift cards grow more effective by the day. 62% of BEC Scams Target Gift Cards During the Holiday Season Gift cards continue to be the preferred cash-out method in BEC scams, accounting for 62% of such attacks from October through December 2019. Possible seasonal patterns have emerged in the types of gift cards requested. Google Play narrowly retained its status as the #1 most requested gift card, dropping from 27% share to 16%, while cards from Target, BestBuy, Sephora, and other retailers saw major increases in demand. Attackers may be capitalizing on office gift giving to launder stolen cards through physical goods rather than through traditional channels such as cryptocurrency exchanges. During the last two weeks of the year, BEC attacks were also 63% lower than the average seen during the rest of the quarter—indicating scammers go on holiday, too.
    [Show full text]
  • Observed COVID-19 Fraud Schemes
    Cotton & Company Observed COVID-19 Fraud Schemes OBSERVED COVID-19 FRAUD SCHEMES The following table lists the titles of observed Coronavirus Disease 2019 (COVID-19) fraud schemes, organized by fraud risk categories.1 To access a summary of the fraud scheme and source, please click on the title listed in the table below. Title of Observed COVID-19 Fraud Scheme Bribery and Corruption Landlord Faces Sexual Harassment Lawsuit Health Care Executive Charged in Scheme to Defraud Investors and Health Care Benefit Programs Commodities Fraud Buffalo Women Spits on Postal Employee St. Petersburg Man Indicted For Threatening To Spread COVID-19 U.S. Department of the Interior Top Management Challenges - Pandemic Response Education OIG Coronavirus Relief Oversight Plan Oversight of USAID's Response to COVID-19 Advisory Notice - Key Questions To Inform USAID's COVID-19 Response Top Oversight Challenges Facing the Department of Commerce to Ensuring That Pandemic Funds Are Timely and Appropriately Spent How to Spot, Avoid, and Report Imposter Scams COVID Mask Exemption Cards are Not From the Government Coronavirus: Scammers Follow the Headlines Utility Company Calling? Don’t Fall for It Scammers Impersonate the FTC, Too Scammers are Using COVID-19 Messages to Scam People Avoiding SSA Scams during COVID-19 Grandparent Scams in the Age of Coronavirus How to Avoid COVID-19 Government Imposter Scams What Do COVID-19 Scams Look Like in Your State? COVID-19 Scam Reports, by the Numbers Make your Coronavirus donations count Avoid scams while finding help during quarantine Whack-a-mole: Well-connected line jumpers force states to rethink vaccine distribution Forged and Fake Vaccination Certificates and Negative COVID-19 Test Results Cyber Fraud Email Phishing Scams Related to Coronavirus COVID-Themed Web Sites 1 Fraud risk categories align to those presented in the Association of Certified Fraud Examiners (ACFE) September 2020 edition of the Fraud in the Wake of COVID-19: Benchmarking Report, located at https://www.acfe.com/covidreport.aspx.
    [Show full text]
  • Examinations of Email Fraud Susceptibility: Perspectives from Academic Research and Industry Practice
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by CLoK 80 Chapter 5 Examinations of Email Fraud Susceptibility: Perspectives From Academic Research and Industry Practice Helen S. Jones University of Dundee, UK John Towse Lancaster University, UK ABSTRACT The internet provides an ever-expanding, valuable resource for entertainment, communication, and commerce. However, this comes with the simultaneous advancement and sophistication of cyber-attacks, which have serious implications on both a personal and commercial level, as well as within the criminal justice system. Psychologically, such attacks offer an intriguing, under-exploited arena for the understand- ing of the decision-making processes leading to online fraud victimisation. In this chapter, the authors focus on approaches taken to understand response behaviour surrounding phishing emails. The chapter outlines how approaches from industry and academic research might work together to more effectively understand and potentially tackle the persistent threat of email fraud. In doing this, the authors address alternative methodological approaches taken to understand susceptibility, key insights drawn from each, how useful these are in working towards preventative security measures, and the usability of each ap- proach. It is hoped that these can contribute to collaborative solutions. INTRODUCTION In 2016, the rate of malicious emails being sent to users was at its highest in five years. For example, in relation to one specific type of phishing, approximately 1 in every 131 emails contains malware (Verizon, 2017). Despite efforts from experts in the field, email fraud remains one of the most pertinent cyber security threats. The persistence of this threat indicates a need for reconsideration of mitigation methods DOI: 10.4018/978-1-5225-4053-3.ch005 Copyright © 2018, IGI Global.
    [Show full text]
  • A Closer Look at Cyberattacks and Wire Fraud a GUIDE to COMMON CYBERTHEFT SCHEMES TARGETING BUSINESSES TODAY
    A Closer Look at Cyberattacks and Wire Fraud A GUIDE TO COMMON CYBERTHEFT SCHEMES TARGETING BUSINESSES TODAY Fall 2019 A CLOSER LOOK AT CYBERATTACKS 2 Cybercrime: More common Email Fraud Succeeds Every Day Email fraud, already one of today’s biggest cyberthreats, shows no than you might think. signs of letting up. That’s the sobering conclusion to Proofpoint’s Unfortunately, cybercrime is a reality for businesses today. While research into this growing category of cyberattacks. “Attackers the online world brings added efficiency and convenience, it are sending more fraudulent emails. They’re impersonating more also offers cyberthieves ways to penetrate an organization’s people. And they’re targeting more recipients.” defenses or trick employees into falling for costly scams. In fact, Email fraud is a broad category. It includes business email over 80% of organizations were targets of actual or attempted compromise (BEC), a type of wire fraud, and other threats in which payments fraud in 2018.1 the attacker uses some form of identity deception that seeks to exploit people. They all involve impersonation tactics to pose as trusted colleagues and business partners. Email fraud affects 82% 3 73% 74% 78% organizations of every size, across every industry. 60% 62% A Cyberthief’s Toolbox Today, cybersecurity isn’t just the IT or operations department’s issue; it’s every employee’s issue. As such, it’s important to note 2013 2014 2015 2016 2017 2018 that, in general, a cyberthief’s tools can only work when someone on your staff takes the bait and clicks on the wrong email, the wrong link, or the wrong attachment.
    [Show full text]
  • Seven Ways to Defend Against Business Email Compromise and Email Account Compromise with Proofpoint
    SOLUTION BRIEF Seven Ways to Defend Against Business Email Compromise and Email Account Compromise with Proofpoint KEY BENEFITS Overview • Detect and stop BEC/EAC attacks by Email fraud comprises two main threats: addressing all attack tactics. • Business email compromise (BEC), in which attackers pretend to be you • Accelerate threat response and save time • Email account compromise (EAC), in which attackers essentially become you by automating detection and remediation. • Reduce exposure by educating end users BEC and EAC are complex, multi-faceted problems. Attackers use a wide variety of tactics to identify deception tactics. and channels to conduct these types of attacks. They target your employees’ corporate • Improve security and operational and personal email, cloud apps and even your supply chain. effectiveness with an integrated, These scams have become the top concern of companies of all sizes. Nearly 90% of end-to-end solution. organizations have faced BEC and spear phishing attacks that could have led to account • Get visibility into the human attack compromise in 20191. The FBI reported that BEC and EAC scams have cost businesses surface, so you can deploy adaptive more than $26B since 20162. And financial losses associated with these scams continue to controls such as isolation and security rise. In fact, Gartner predicts that through 2023, BEC attacks will continue to double each awareness training. year to over $5 billion and lead to large financial losses for enterprises3. Because BEC and EAC are intertwined, you need to address them both at the same time. Only a comprehensive solution that addresses all attackers’ tactics, automates detection and remediation, and provides visibility into your BEC/EAC risk will succeed.
    [Show full text]
  • 2021 Payments Fraud and Control Survey Report
    2021 AFP® PAYMENTS FRAUD AND CONTROL SURVEY REPORT Comprehensive Results Underwritten by: We are proud to sponsor the AFP Payments Fraud and Control Survey for the 13th consecutive year and share the 2021 report. Results from this survey reflect data for 2020, a year marked by the COVID-19 pandemic and its ensuing global disruption. Many businesses like yours had to adapt quickly and transition employees to remote environments almost overnight. There was a high degree of uncertainty over whether these changes—while necessary to limit the spread of the virus—would leave organizations more vulnerable to payments fraud. One silver lining is that AFP-reported incidents of attempted or actual payments fraud decreased overall last year. However, fraudsters are becoming savvier and more relentless with certain schemes. Business Email Compromise (BEC), for example, increased in 2020, with more than three fourths of companies saying they were targeted. We should not let up on addressing these key areas of fraud through employee education and product innovation. J.P. Morgan continues to invest heavily in fraud prevention technology, solutions and expertise to help protect our clients. We hope this report informs you of the progress organizations have made in the fight against fraud—as well as the challenges that remain. Let’s continue to face them together. With best regards, Sue Dean Bob St Jean Jessica Lupovici Winston Fant Hubert JP Jolly Alec Grant Managing Director Managing Director Managing Director Managing Director Managing Director Managing Director J.P. Morgan J.P. Morgan J.P. Morgan J.P. Morgan J.P. Morgan J.P.
    [Show full text]
  • Behind the “From” Lines: Email Fraud on a Global Scale Ten Cybercriminal Organizations Unmasked
    Behind the “From” Lines: Email Fraud on a Global Scale Ten Cybercriminal Organizations Unmasked Executive Summary: Nigerian Scammers Target American Businesses “Nobody can hurt me without my permission.” Mahatma Gandhi Over the course of the past 10 months, using responsible active defense techniques, “ Since I can't send more Agari captured 78 criminal email accounts, belonging to 10 criminal organizations, and money, maybe I'm of no use containing 59,652 unique email messages. Agari analyzed the contents of these email to you now. I certainly feel accounts to investigate the tactics, targets and identities of the criminals. And now, that like that could be the deal analysis enables stronger defensive strategies and measures. here...A realtor is coming What’s more, Agari has used this analysis to warn financial institutions about accounts being over tomorrow to help me used for criminal activity, and to provide evidence to law enforcement. Agari has also warned list my house for sale. I'm victims, and in at least once case, quick action helped a company recover its money. talking to an attorney now about how to keep the One of the more interesting findings from this analysis was that while much of the high-profile cybersecurity news of the past year has involved state sponsors like Russia and North Korea, collection agencies away American businesses and individuals are far more likely to be targeted by Nigerian scam artists. and protect my kids. All this time, I'm wondering if I've Nigerian scam artists, traditionally associated with implausible get-rich-quick schemes heard from you for the last and other scams of individuals, have become more sophisticated and a significant threat time.
    [Show full text]
  • 13 Email Threat Types to Know About Right Now How Inbox Defense Protects Against Increasingly Sophisticated Attacks
    May 2020 13 email threat types to know about right now How inbox defense protects against increasingly sophisticated attacks 13 email threat types to know about right now • US 1.1 • Copyright 2020 Barracuda Networks, Inc. • 3175 S. Winchester Blvd., Campbell, CA 95008 • 408-342-5400/888-268-4772 (US & Canada) • barracuda.com Barracuda Networks and the Barracuda Networks logo are registered trademarks of Barracuda Networks, Inc. in the United States. All other names are the property of their respective owners. Table of Contents Introduction: Radically reduce susceptibility to targeted email attacks 1 Fighting increasingly complex email attacks 3 Spam 5 Malware 8 Data Exfiltration 12 URL Phishing 15 Scamming 18 Spear Phishing 22 Domain Impersonation 26 Brand Impersonation 30 Extortion 34 Business Email Compromise 38 Conversation Hijacking 42 Lateral Phishing 46 Account Takeover 49 Strengthening your email security posture with API-based inbox defense 53 Conclusion: Effectively protecting against evolving email threats 56 Barracuda • 13 EMAIL THREAT TYPES TO KNOW ABOUT RIGHT NOW Introduction: Radically reduce susceptibility to targeted email attacks A cyberattack can affect your business in many ways, depending on its nature, scope, and severity. According to the FBI’s Internet Crime Complaint Center (IC3), cybercrime cost $3.5 billion in losses in 2019 alone, with business email compromise (BEC) causing the most damages. That doesn’t include unreported losses, which are significant. IC3 received 467,361 complaints last year—more than 1,300 per day—with phishing responsible for 93 percent of email breaches. There can be a variety of indirect and intangible costs from attacks, too, such as legal fees, regulatory fines, operational disruptions, a damaged brand reputation, and other severe consequences.
    [Show full text]