bank fraud goes low-tech: social engineering, phone fraud, and financial institutions
TRANSCRIPT
![Page 1: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/1.jpg)
2015 Pindrop Security™. Confidential.
BANK FRAUD GOES LOW TECHSOCIAL ENGINEERING, PHONE FRAUD, AND FINANCIAL INSTITUTIONS
David Dewey, Director of Research
Pindrop Security
July 22, 2015
![Page 2: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/2.jpg)
2015 Pindrop Security™. Confidential.
NOTE
These slides are from a webinar held July 29,
2015.
You may view a recording of the webinar at
www.pindropsecurity.com/webcast-archive
![Page 3: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/3.jpg)
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
Physical
THREE WAYS TO ROB A BANK
1995 2010
![Page 4: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/4.jpg)
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
Physical Online
THREE WAYS TO ROB A BANK
1995 2010
![Page 5: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/5.jpg)
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
Physical PhoneOnline
THREE WAYS TO ROB A BANK
1995 2010
![Page 6: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/6.jpg)
2015 Pindrop Security™. Confidential.
PHONE IS THE WEAKEST LINK
• Lack of innovation
![Page 7: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/7.jpg)
2015 Pindrop Security™. Confidential.
PHONE IS THE WEAKEST LINK
• Lack of innovation• Spoofing technology
![Page 8: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/8.jpg)
2015 Pindrop Security™. Confidential.
PHONE IS THE WEAKEST LINK
• Lack of innovation• Spoofing technology• Low barriers to entry
![Page 9: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/9.jpg)
2015 Pindrop Security™. Confidential.
PHONE IS THE WEAKEST LINK
• Lack of innovation• Spoofing technology• Low barriers to entry• Knowledge Based
Authentication
![Page 10: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/10.jpg)
2015 Pindrop Security™. Confidential.
PHONE IS THE WEAKEST LINK
• 4 out of 5 fraud calls are not money transactions
ReconWeapon-ization
Delivery Exploit Install C&C Action
Lockheed Martin Cyber Kill Chain
![Page 11: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/11.jpg)
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
THE THREAT IS GROWING
![Page 12: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/12.jpg)
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
THE THREAT IS GROWING
$0.57average
fraud lossper call
![Page 13: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/13.jpg)
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
THE THREAT IS GROWING
$7.6 millionfraud exposure
$0.57average
fraud lossper call
![Page 14: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/14.jpg)
2015 Pindrop Security™. Confidential.
SOCIAL ENGINEERING
Any act that influences a person to take an action that may or may not be in their best interest
• Authority – Has enough customer information to pass KBA• Charm – “My father was married 3x, can I have extra guesses?”• Anger – “I am one of your biggest customers”
![Page 15: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/15.jpg)
2015 Pindrop Security™. Confidential.
Impersonating legitimate customers to gain control of an account and eventually transfer money out of the account.
• Account Balance –Information later used to authenticate• Contact Information – Real customer doesn’t get notified• Travel Notification – Removes fraud triggers• Password / PIN Change – Access to ATM or online banking
ACCOUNT TAKEOVER
![Page 16: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/16.jpg)
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
METHODOLOGY
PhoneprintingTM
100m+ Enterprise CallsTopic Modeler
45m+ Consumer ComplaintsPhoneypotTM
500k+ Unlisted Numbers
![Page 17: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/17.jpg)
2015 Pindrop Security™. Confidential.2015 Pindrop Security™. Confidential.
LOSS• Packet loss • Robotization • Dropped frames
SPECTRUM• Quantization • Frequency filters• Codec artifacts
NOISE• Clarity• Correlation • Signal-to-noise ratio
147 audio features
UniquePhone
Geo-Location Risk Factors
PHONEPRINTING™
Phoneprint™
Call AudioRequires 15 seconds
of call audio
Risk Score
Call Type
![Page 18: Bank Fraud Goes Low-Tech: Social Engineering, Phone Fraud, and Financial Institutions](https://reader036.vdocument.in/reader036/viewer/2022062711/55cd3994bb61eb36108b460e/html5/thumbnails/18.jpg)
2015 Pindrop Security™. Confidential.
PINDROP SECURITYPhone Fraud Stops Here.
For more information contact [email protected]