be prepared to deal with fraud for web
TRANSCRIPT
TBC Forensic Accounting and Business Advisory Services Team
2
Median Fraud Loss?
3
Median Fraud Loss:$145,000
24% were at least $1 million
4
Median Fraud LossMedian Fraud Lossin US:
$100,000
5
6
7
8
9
Median number of months to uncover a
fraud scheme?
10
Median Duration:
11
12
Most Common Detection Method?
13
Most CommonMost CommonDetection Method:
Tips
14
� 42%
� More than twice the rate of anyrate of anyothermethod
15
16
17
Targeted fraud awareness training for employees and managers isemployees and managers is
a critical component
of a well-rounded program for preventing and detecting fraudp g g
18
19
O b k t t t d� Owner open bank statements andperuse cancelled checks
� Publicize rewards and confidentiality for whistleblowers
� Mandatory vacations� Job rotationsJob rotations� Surprise audits
20
Segregation of DutiesSegregation of Duties
Purpose to prevent any one personPurpose – to prevent any one personfrom having too much control over a particular business functionparticular business function
It’s a built in monitoring mechanism –every person’s actions are verified by
21another
External fraud andExternal fraud andfraud prevention
products at banksproducts at banks
22
Internet Fraud and Risk Update
Chris Squier, CISSP CISM
Vice President, Cybersecurity Risk and PCI Services
C
Agenda
Understanding Internet risks and fraud trends
Understanding crimeware, corporate account takeover fraud and the threat it presents
How to protect yourself, and your company
Questions & Answers
2
Disclaimer
3
This presentation is intended for information purposes Customers should contact their Information Technology provider to determine the best way to safeguard the security of their computers and networks Customers should familiarize themselves with their institution’s account agreement and understand their liability for fraud as ACH and Wire transactions are regulated under the Uniform Commercial Code
Attacks - from Back Rooms to Headlines
4
The 21st Century Holdup
5
Dawning of the Information Age… The Internet - 1980
he Internet Today 8 Billion Users and Growing
Radio: 38 years to reach 50 million people Facebook: 2 years to reach 50 million people
North America
Asia
Western Europe
Russia / Eastern Europe
Latest and Greatest: “Man in the Email” Scam
Based on “spoofed” communication (usually email) Email that looks like it’s from long-standing supplier asking to wire payment to alternate account Executive email account is compromised, asks employee to wire funds to an alternate account (sometimes compromised exec email asks financial institution directly to wire funds) Employee has email hijacked, requests invoice payments to fraudster controlled invoice accounts. Attorney Check Scam: fraudster finds real payment dispute, spoofs attorney email to demand payment to account from litigant.
Moral of the story: Email lies.
8
Characteristics (Courtesy IC3) Businesses and personnel using open source e-mail are most targeted. Individuals responsible for handling wire transfers within a specific business are targeted. Spoofed e-mails very closely mimic a legitimate e-mail request. Hacked e-mails often occur with a personal e-mail account. Fraudulent e-mail requests for a wire transfer are well-worded, specific to the business being victimized, and do not raise suspicions to the legitimacy of the request. The phrases “code to admin expenses” or “urgent wire transfer” were reported by victims in some of the fraudulent e-mail requests. The amount of the fraudulent wire transfer request is business specific; therefore, dollar amounts requested are similar to normal business transaction amounts so as to not raise doubt. Fraudulent e-mails received have coincided with business travel dates for executives whose e-mails were spoofed. Victims report that IP addresses frequently trace back to free domain registrars.
9
“Equal Opportunity Cybercrime” If you have something of value, you’re a target. Very inexpensive for Cybercriminal organizations to “Cast a Wide Net.”
How much does it cost to send out 100k, 200k, 500k + emails? Cases involving:
Small business Charity/not-for-profit State/local government Healthcare Practitioners And more…
10
11
Attacks By Size of Organization Source: Symantec
* Data collected by 69 million sensors deployed in 157 countries.
ATM Skimmers
12
Hidden Camera or PIN pad overlay grabs the PIN number
More ATM Skimmers
13
“Carder” Rings..Credit Card Black Market
14
Malware Delivery Disguised as ACH Warning
15
Malware Download
Crimeware infection - Spear Phishing
Automated Income Tax Filing Fraud Social Engineering W2 Forms from HR
17
Screenshot of Fraudster Management Tracking Console
The Fake Anti-Virus Scam
The Key Takeaways
Cybercrime organizations doing their homework, Studying:
How to evade detection by security software and hardware (server-side automation, elaborate rootkits, bypassing “chip and pin” authentication) The financial system as a whole (fraud triggers) The technologies utilized specific to each target.
19
How to Protect Yourself and Your Business “Don’t be scared, just be aware” Review and distribute the M&T Bank - Payment Fraud Risk Management Handbook/Checklist Ensure your internal staff is aware of the risks and operates with safe computing best practices in mind Be aware what your banking sites normally look like Run up-to-date Endpoint/Internet Protection Software Run up-to-date host based firewall software Patch third-party software – Adobe, Java, QuickTime Activate a “pop-up” blocker on Internet browsers to help prevent web-based intrusions 20
Review your credit report/banking transactions regularly Use fraud prevention and detection services offered by M&T Bank: Payee Positive Pay, ACH block, etc. Limit staff Administrative access to privileges on the PC and bank products used to conduct transactional activity Use a stand-alone PC for banking transactions Add “Dual Administration” for money movement applications to reduce internal fraud with better control over user permissions and transaction auditing If you accept credit/debit card payments, become and remain compliant with Payment Card Industry standards
21
How to Protect Yourself and Your Business
Fraud Prevention and Detection Services
ACH Monitor Fraud Review and Approval or ACH Block. With this service, you can choose which ACH debits you want to honor, and which ones you want to return.
Authorize certain entities to debit your accounts while blocking all others Receive emails to alert you to any debits not matching a preapproved authorization Make pay or return decisions on any received debits that do not match an existing pre-authorization
Payee Positive Pay. This valuable service verifies checks presented to the bank against the checks you authorized for payment.
Bank will report checks and payee names that do not match your list of authorized normally online Review and return any suspect checks you determine to be unauthorized
ACH Account Number Masking (UPIC). Enables your organization to collect ACH payments without distributing sensitive account numbers. You will receive bank account identifiers that you can publish and distribute in place of your sensitive banking information
Check Block. Helps protect your cash concentration account by returning all presented checks, while allowing you to send and receive electronic payments or deposits from that same account
22
Questions, Answers and Useful links
23
• browsercheck.qualys.com • www.ic3.gov • www.mtb.com/fraud
� Allegation or signs of fraud – full facts unknown or unclear
� Fraud Response Plan� Fraud Response Plan� Necessary actions
C i t t d h i� Consistent and comprehensive manner
23
� Reporting Protocols� A response team to conduct initialA response team to conduct initial
assessment� Factors used to decide on the course of� Factors used to decide on the course of
action
24
� Litigation hold procedures� Principles for documenting the responsePrinciples for documenting the response
plan� A fraud incident report log template or� A fraud incident report log template or
form
25
� Legal counselg� Management representative� Certified Fraud Examiner� Certified Fraud Examiner� Finance Director� Internal Auditor� Audit Committee member� IT personnel� Human Resources
26
� Human Resources
A ti t th t� Activate the response team.� Engage legal counsel, if necessary.� Consider contacting the insurance
provider.p� Address immediate concerns.� Conduct an initial assessment� Conduct an initial assessment.� Document the initial response.
27
� Preserve all relevant documents� Employee might want to hide or destroy� Employee might want to hide or destroy� Suspend record retention policy
L l l t i liti ti h ld� Legal counsel to issue a litigation hold� Lockdown access to emails or digital files
28
� Forensic IT� Recover evidence a non-expert cannotp� Recover deleted files� Details about computer’s usersp� Data related to use of computer, what is or
has been stored on it� Proper seizure and examination of digital
evidence
29
� Act of intentionally or negligently destroying documents relevant to litigation.� Monetary fines and sanctions� Adverse inference jury instruction
sanctions� Dismissal of claims or defenses
30
Don’t tip off the fraudster or others suspected of misconduct.
Maintain confidentialityMaintain confidentiality
W k di tl ith t di ti thWork discreetly without disrupting thenormal course of business
31
Fraud Examination:Fraud Examination:� establish what happened
id tif th ibl� identify the responsibleparty
� provide recommendations� provide recommendations
�General to specific
32
Legal CounselLegal Counsel
P t t fid ti lit f i ti tiProtect confidentiality of investigationunder attorney-client privilege and the
k d t d t iwork product doctrine.
33
�How serious? $$$?�Participate in p
investigation?�Financial crime unit?Financial crime unit?�Not accountants
34
�Access to third party documentsAccess to third party documents�Control of company documents/evidenceDuration of time to resolve�Duration of time to resolve�Expert report
35
Criminal prosecution: cases referred-median loss $200 000; not referred-median loss of $75 000
36
$200,000; not referred median loss of $75,000.
75% resulted in perpetrators being found guilty.
3721% of those not prosecuted had private settlement.
38
39
� Civil and criminal tax penalties can be imposed for:p� nonfiling of returns � nonpayment of taxnonpayment of tax� filing of a false and fraudulent return
40
� Duty to see that returns are filed and� Duty to see that returns are filed andtaxes paid and willfully fail to do soIf ti f il t i tit t� If a corporation fails to instituteadequate and reasonable internal
t l t i th t t idcontrols to insure that taxes are paidand returns filed, it may be vicariously li bl f th t f it ffi dliable for the acts of its officers andagents.
41
� FIT FICA FUTA and various state tax� FIT, FICA, FUTA and various state taxwithholdings
Li bilit t di h bl i b k t� Liability not dischargeable in bankruptcy� “responsible persons”
“ illf l f il ”� “willful failure”
42
� Timely notice� Coverage - $$ and triggerCoverage $$ and trigger� Bias
E t id� Expert paid� Less restitution
43
� Plea (but not to amount or specifics)� Intent- mental stateIntent mental state
�Prove intent to defraud the organization for pecuniary benefit oforganization for pecuniary benefit ofthe employee
I iti ll l iti t b i th t� Initially legitimate business purpose thatultimately goes sour
44
45
Pamela D Wickes, CPA, CFE, CFF, ABVDirector of Forensic Accounting Services518-456-6663 x108
T l B k & Chi t CPA P C (TBC)
The Forensic Lady blog:htt // tb / t /th Teal, Becker & Chiaramonte, CPAs, P.C. (TBC)
is an accounting and advisory firm located inAlbany, NY. The firm was founded in 1971.
With all of our clients, our mission is to provide
http://www.tbccpa.com/category/the-forensic-lady/
46
With all of our clients, our mission is to providehigher standards of excellence in the quality ofour relationships and in the quality of our work.