uncovering the faces of fraudc.ymcdn.com/sites/ · 2014-08-22 · uncovering the faces of fraud jay...
TRANSCRIPT
![Page 1: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/1.jpg)
Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC Senior Vice President, Chief Security Officer
![Page 2: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/2.jpg)
Agenda
Understanding the Numbers
Examining How Fraudsters are Attacking Banks & Customers
LIVE DEMO – exploiting computers through website attacks
Preparing and Defending Against these Attacks
The Future State
Q & A
![Page 3: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/3.jpg)
Account Takeover Fraud
Account takeover
Opportunistic & Non-Discriminative
Motivated by financial gain
![Page 4: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/4.jpg)
Check Your Blind Spots
![Page 5: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/5.jpg)
Not you? Then Hu?
![Page 6: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/6.jpg)
By The Numbers
$4.9B reported ATO fraud in 2012
(69% increase)
$585K lost over the next 60 minutes $0
$1
$2
$3
$4
$5
2006 2007 2008 2009 2010 2011 2012 0%
2%
4%
5%
$3.0
$3.6 $3.9
$3.2 $3.1 $2.9
$4.9
0.33% 0.43% 0.52%
0.45% 0.41% 0.36%
0.60%
2013 Identity Fraud Report: Data Breaches Becoming a Treasure Trove for Fraudsters.” Javelin Strategy & Research, February, 2013.
![Page 7: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/7.jpg)
Attack Scenarios
• Sophisticated phishing campaigns • Watering holes leveraging popularly visited sites • Drive-by-downloads via URL redirection
- malware installed (ZeuS, SpyEye, Blackhole, Citadel) - configuration files contain many target banks/providers - polymorphic code used in generating variants
• Compromise OLB account
- keylogging of credentials - stolen persistent HTTP cookies - session hijacking – “web injects”
![Page 8: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/8.jpg)
Malicious Apps?
![Page 9: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/9.jpg)
The Actors
• Suppliers of the malware/Trojan • Hosting providers
- C&C, malicious sites, forums, downloaders - ex RBN, Real Host Ltd – bullet proof hosting - release of the source code/merger changed the model
• Botnet operators • Criminal gangs utilize the malware
- most often the ones arrested/indicted for ATO fraud - Hackers/Harvesters - Cashers - Mules
![Page 10: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/10.jpg)
![Page 11: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/11.jpg)
![Page 12: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/12.jpg)
DDoS Attacks Hit US Banks: Operation Ababil
![Page 13: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/13.jpg)
Socially & Religiously Motivated Attacks
http://www.youtube.com/watch?v=xYVfBNKbfRQ
![Page 14: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/14.jpg)
Politically Motivated Attacks
![Page 15: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/15.jpg)
Post-Compromise: Techniques Being Used
Trojans & DIY toolkits (e.g. ZeuS, KINS, Citadel,
Blackhole)
Watching behavior Spending more time
examining account activity
Exploiting compromised
targets, tunneling traffic through the
victim’s own system Attempting to appear as
originating from the victim
![Page 16: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/16.jpg)
Financially Motivated
Attacking the customer • Phishing and social engineering attacks
continue to rise
• 29% of attacks referenced in the Verizon DBIR were tied to social tactics
• APWG reported that 720 FIs were “targeted” with phishing in Q1-Q2 2013
![Page 17: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/17.jpg)
Abusing the Mules
Please log in to the Internal Management system every morning at 9.00a.m. Monday through Friday to check incoming messages and possible updates in the Document folder.
I have Dr appointment Friday morning at 7:45 am, but I will have my cell phone with me to check the dashboard frequently.
Thank you updates. Please pay extra attention to account number and routing numbers. Call your bank if you are not sure the routing numbers are correct! REMEMBER if this information is incorrect, you won't be able to perform your duties efficiently and we won't be able to pay you your salary on time!
I will withdraw as soon as possible. This job is much more important than my other one.
Ill very quitting this retail job as soon as the holidays are over.
![Page 18: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/18.jpg)
Abusing the Mules
Please complete the assignment today asap.
Walmart rejected my transfer based on her own suspicions. It was ridiculous. She just refused me service. What should I do? Should I western union it instead?
Dear Mary, I'll setup new assignment.
Its.complete via moneygram. I just went to a different walmart. I just sent you all the details.
![Page 19: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/19.jpg)
Bouncing Transactions
Funds quickly “bounced” thru several FIs and
ultimately out of the country
Open New Accounts • Auto Enrollment
Link to compromised accounts • micro-deposit
verification
Transfer funds • ACH-Debit the
account
![Page 20: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/20.jpg)
Combatting Fraud Attacks
![Page 21: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/21.jpg)
Building a Layered Security Model
Defense-in-depth (“deep” or “elastic”)
Derived from traditional military strategy requires that a defender deploy resources at and
well behind the front line
Reliance on any single control or mitigating factor is not sufficient
Prevents shortfalls in any single defense control
![Page 22: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/22.jpg)
Authentication Controls
Transaction-based Controls
Behavioral-based Controls
Endpoint-centric Controls
Account Activity Controls
Fighting Account Takeover Fraud
![Page 23: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/23.jpg)
Consumer Focus Group: Computer Security
![Page 24: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/24.jpg)
Authentication
![Page 25: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/25.jpg)
Traditional MFA solutions are no longer sufficient
![Page 26: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/26.jpg)
Strong multi-factor authentication
![Page 27: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/27.jpg)
![Page 28: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/28.jpg)
Biometrics Solve 2F Challenges?
“Something You Are” leverage customer behaviors & attributes • Voice printing, Gesture recognition,
human kinetics, heart beat sensors • Cadence of gesture, pattern identification, pressure,
etc.
![Page 29: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/29.jpg)
Transactional-based Controls
![Page 30: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/30.jpg)
Tracking Attempted Fraud in 2013
![Page 31: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/31.jpg)
High risk transactions should require elevated security
![Page 32: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/32.jpg)
Out-of-Band Transaction Authorization
Out-of-band authentication means that a transaction that is initiated via one delivery channel [e.g.. online] must be re-authenticated or verified via an independent delivery channel [e.g.. telephone] in order for the transaction to be completed
Out-of-band authorization is can be extremely effective in protecting customers against financial malware attacks and Trojans
![Page 33: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/33.jpg)
![Page 34: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/34.jpg)
Points of Interest - 2013
Percentage of fraud prevented by controls
22.1 M Fraudulent transactions reported in 2013
0 Sum of account takeover fraud where out-of-band controls were defeated
129 Reported fraud cases in 2013 involving high-risk transactions (314 total)
$ 12:00(Noon) Period of the day when fraudulent activity was most often attempted
93% $ 52%
Percentage of cases where account takeover attacks utilized stolen browser cookies
![Page 35: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/35.jpg)
Behavioral Modeling Machine Learning
![Page 36: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/36.jpg)
30% of revenue is attributed to recommendations
![Page 37: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/37.jpg)
60% of its members viewed recommendations presented to them.
![Page 38: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/38.jpg)
Why not financial institutions?
![Page 39: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/39.jpg)
Detection ≠ Prevention
Detecting fraudulent transactions after the
fact is a reactive approach and is
simply ineffective.
Real-time detection enables institutions to
have the ability to PREVENT the loss
of funds.
Dynamic models can evolve with each user’s behavior and
are effective in identifying anomalies.
![Page 40: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/40.jpg)
![Page 41: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/41.jpg)
Login Behavior
Attributes of Login
Geo-location
Source Address
Transaction Behavior
Transaction Behavioral Models
Dom/Intl Wire, ACH, Payroll, Ext Transfer
Transaction Policies
Recipient Monitoring
Modifications to templates
Endpoint Interrogation
User Agent strings, HTTP headers, Device ID
Reputation Analysis, Malware Detection
Risk & Fraud Analytics
Behavioral Scoring
+ + +
![Page 42: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/42.jpg)
Customer-engagement
![Page 43: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/43.jpg)
Account holders must play a part and participate in fighting fraud
![Page 44: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/44.jpg)
Real-time fraud alerts provide the opportunity for financial institutions and account holders to stand ready
![Page 45: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/45.jpg)
Engaging the Customer
• Users must play a part and participate in fighting fraud
• Real-time alerts delivered to a victim are timely and provide the opportunity to alert the financial institution of activity
• Transactional Alerting ! Ex: creation, authorization
• Changes to profile settings
• Security Event Alerts ! Ex: pwd changes, failed logon attempts
![Page 46: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/46.jpg)
The Future: Frictionless Security
Need transparent and frictionless security models • Best security features are ones the end user
doesn’t see or experience • Continue to build on behavioral analytics
Must begin to remove decision making related to security out of the hands of the end user
![Page 47: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/47.jpg)
Closing Thoughts
Attackers will always modify their approach to maneuver around the
control measures put into place
Establish an effective strategy that employs multiple layers of
protection
Threat landscape is continuing to evolve
Security is NOT perfect – it requires
accountability
Proper assessment of risk is critical!
![Page 48: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/48.jpg)
Risks can NEVER be eliminated…but they CAN be mitigated
![Page 49: Uncovering the Faces of Fraudc.ymcdn.com/sites/ · 2014-08-22 · Uncovering the Faces of Fraud Jay McLaughlin, CISSP | GSEC ... • Botnet operators ... Call your bank if you are](https://reader031.vdocument.in/reader031/viewer/2022022520/5b1e3b7e7f8b9a53738b4faf/html5/thumbnails/49.jpg)
Questions
Declare var $question; Declare var $response; if $question >= ‘1’ then
$response = ‘answer’ else
$response = ‘thankyou’ end if;