Current Fraud TrendsKathy Druckenmiller, CFCI, CIRM, ACT SpecialistApril 29, 2014

4/29/2014

PhishingVishingSmishingHijacked EmailSocial MediaSweetheart ScamsOnline Job Scams

Social Engineering

4/29/2014

Phishing

Using electronic communication to manipulate someone into giving private information

Social Engineering

Phishing

Using electronic communication to manipulate someone into giving private information

4/29/2014

4

Vishing

Utilizing VOIP or traditional telephone lines to trick someone into giving confidential information

Social Engineering

4/29/2014

5

Smishing

Using SMS test messages to obtain sensitive data

Social Engineering

4/29/2014

6

Hijacked Email

Taking over a personal email account and masquerading as the customer

Social Engineering

Hijacked

4/29/2014

7

Social Media

Using social media as resource to obtain your identity or commit fraud against you

Social Engineering

4/29/2014

8

Sweetheart Scams

Fraudsters trolling online dating websites and social media sites, looking for partners that will ultimately send their own funds to the fraudster or will be used to launder stolen funds through their personal accounts

Social Engineering

4/29/2014

9

Online Job Applications

Phony job postings placed on legitimate employment websites that trick applicants into becoming money mules for stolen funds

Social Engineering

4/29/2014

10

Mitigation for Social Engineering Fraud?

Education for Customers – to avoid involvement in scams

Education for Employees – to recognize the signs of transactions that may be the result of social engineering

Social Engineering

4/29/2014

? Amazing mind reader reveals his 'gift' - YouTube.website

11

Current Debit and Credit Card Fraud

Counterfeit “Skimmed” Debit and Credit Cards

Data Breaches

Cybercrime

4/29/2014

12

Counterfeit/Skimmed Cards

SkimmerClone Magnetic stripe dataCapture CVV and CVD codesData can be transferred to card stock or “white

plastic”

Skimming Equipment:Handheld skimmerAlternate skimmers Skimming device placed over legitimate card reader

4/29/2014

13

Skimming Equipment

Handheld Skimmer

Requires human assistance

Requires card to be out of site of customer

Targets restaurant patrons

Information re-encoded onto plastic or sold on internet “carder” sites

4/29/2014

14

Skimming Equipment

Handheld Skimmer

4/29/2014

15

Skimming Equipment

Alternate Skimmers

4/29/2014

16

Skimmed Cards

Reader placed directly over legitimate card reader:

Does not requires human assistance

Does not require card to be out of site of customer

Targets: ATM machines, Gas pumps and readers that are remote and can be tampered with without witnesses.

Information re-encoded onto plastic or sold on internet “carder” sites

4/29/2014

17

ATM Skimming Equipment

ATM Skimmer Examples

4/29/2014

18

ATM Skimming Equipment

ATM Skimmer Examples

4/29/2014

19

EMV (Europay, MasterCard and Visa)

Chip and PIN technology

Fraud liability shift to POS merchants -October 2015, ATMs - October 2016 and Gas Pumps - October 2017

EMV will not affect Data Breaches

4/29/2014

20

EMV (Europay, MasterCard and Visa)

EMV Chip and PIN reader

4/29/2014

21

Data Breaches

Data Breaches

Malware that targets corporate servers

Operation can be completely remote

Mass amounts of data at once

Information sold on internet “carder” sites

EMV removes the magnetic stripe, compromised data cannot be re-encoded onto card

4/29/2014

QUESTIONS ?

4/29/2014