business fraud presented by robert j. rebhan financial crimes expert

Business FraudBusiness Fraud

Presented by Robert J. RebhanPresented by Robert J. Rebhan

Financial Crimes ExpertFinancial Crimes Expert

Inside Out VulnerabilitiesInside Out Vulnerabilities

Exploiting TrustExploiting Trust

President ObamaPresident Obama::

““I want a kill switch for the Internet.”I want a kill switch for the Internet.”

Richard SkinnerRichard Skinner::

““We can’t protect secrets.”We can’t protect secrets.”

Federal Trade CommissionFederal Trade Commission::

““Shut down access to any system that has Shut down access to any system that has been infected by virus or malware.”been infected by virus or malware.”

MalwareMalware

BotnetsBotnets

DDoS (Distributed Denial of Service AttacksDDoS (Distributed Denial of Service Attacks

BotnetsBotnets

10,000 Bot Servers10,000 Bot Servers

Bot Herders – use exploitsBot Herders – use exploits

Bot WarsBot Wars

Underground EconomyUnderground Economy

BotnetsBotnets

What else can Botnets do with control?What else can Botnets do with control?– Send SpamSend Spam– Store Images & Data on PCs & ServersStore Images & Data on PCs & Servers– Attack Your FinancialsAttack Your Financials

Keystroke CaptureKeystroke Capture

Man-in-the-End-Point AttacksMan-in-the-End-Point Attacks

Man-in-the-Middle AttacksMan-in-the-Middle Attacks

Trend: Hit Small to Mid-Size Trend: Hit Small to Mid-Size BusinessesBusinesses

Case Study: RubbermaidCase Study: RubbermaidAtlanta, GeorgiaAtlanta, Georgia

Loss: $150,000.00 Systems RepairLoss: $150,000.00 Systems Repair

Suspect: Bob Bentley – 17-year-old Suspect: Bob Bentley – 17-year-old FloridianFloridian

Method: Exploited Server VulnerabilityMethod: Exploited Server Vulnerability

Case Study: Hillary MachineryCase Study: Hillary MachineryHouston, TexasHouston, Texas

Loss: $600,000.00Loss: $600,000.00

Suspects: Russians, Estonians and other Suspects: Russians, Estonians and other East EuropeansEast Europeans

Method: Cyber Thieves wire transferred Method: Cyber Thieves wire transferred funds to American accountsfunds to American accounts

Bank’s Position: Their security is Bank’s Position: Their security is commercially reasonablecommercially reasonable

Case Study: Experi-MetalCase Study: Experi-MetalSterling Heights, MichiganSterling Heights, Michigan

Loss: 1.9 MillionLoss: 1.9 Million

Suspects: Russians, Estonians and other Suspects: Russians, Estonians and other East EuropeansEast Europeans

Method: Cyber Thieves monitored Method: Cyber Thieves monitored legitimate email and later “spoofed” a legitimate email and later “spoofed” a demand to renew EMI’s digital certificatesdemand to renew EMI’s digital certificates

Bank’s Position: Their security is Bank’s Position: Their security is commercially reasonablecommercially reasonable

So How Do Cyber Criminals Do It?So How Do Cyber Criminals Do It?

Drive-By DownloadsDrive-By Downloads

Spoofing & TeasingSpoofing & Teasing

NoteNote: 15-20% of home and business : 15-20% of home and business systems are now in the hands of cyber systems are now in the hands of cyber criminalscriminals

NoteNote: 90% of web threats come from trusted : 90% of web threats come from trusted sitessites

Best Practices for Protecting Best Practices for Protecting Your System and AssetsYour System and Assets

Hire a Competent Tech GuyHire a Competent Tech Guy

Update Systems RegularlyUpdate Systems Regularly

Disable USB PortsDisable USB Ports

Stop Employees From Risky BehaviorStop Employees From Risky Behavior

Monitor Bank Accounts Regularly by Monitor Bank Accounts Regularly by TelephoneTelephone

Best Practices for Protecting Best Practices for Protecting Your System and AssetsYour System and Assets

Train StaffTrain Staff

Separate SystemsSeparate Systems

Regulate Personal Devices on PropertyRegulate Personal Devices on Property– Create Personal Use Computer for Create Personal Use Computer for

Employees (Workstation)Employees (Workstation)For Personal EmailsFor Personal Emails

For browsing the Internet without riskFor browsing the Internet without risk

Corporate Incident ResponseCorporate Incident Response

The Team:The Team:– ExecutivesExecutives– Risk ManagerRisk Manager– LegalLegal– HRHR– IT ManagerIT Manager– Chief Information OfficerChief Information Officer– Marketing Officer (Press Release)Marketing Officer (Press Release)

Start a LogStart a Log

Notify the FedsNotify the Feds

Checking AccountsChecking Accounts

Inside-Out AttacksInside-Out Attacks

– CyberCyber– Local CriminalLocal Criminal– Employee EmbezzlementEmployee Embezzlement

Checking AccountsChecking Accounts

Criminals have . . .Criminals have . . .

Altered ChecksAltered Checks

Counterfeited ChecksCounterfeited Checks

Stolen BlanksStolen Blanks

Checking AccountsChecking Accounts

Employees have . . .Employees have . . .

Written Checks to Phantom EmployeesWritten Checks to Phantom Employees

Received Kickbacks on Vendor OverpaysReceived Kickbacks on Vendor Overpays

Altered Returned ChecksAltered Returned Checks

Checking AccountsChecking Accounts

When Reordering, or Opening New Accts:When Reordering, or Opening New Accts:

Use Initials (Gender Mysterious) Use Initials (Gender Mysterious)

P. O. BoxP. O. Box

Remove SSN, B.D., Phone, Etc.Remove SSN, B.D., Phone, Etc.

Pick up Checks at the BankPick up Checks at the Bank

Upgrade to Safe ChecksUpgrade to Safe Checks

Checking AccountsChecking Accounts

When Hand Writing a Check (At Home or in When Hand Writing a Check (At Home or in Business):Business):

Use Gel Ink 9 or Uniball 207 (Never Felt Use Gel Ink 9 or Uniball 207 (Never Felt Tip)Tip)Perfect SignaturesPerfect SignaturesNo Spaces Between Text and DigitsNo Spaces Between Text and DigitsOnly Use to Pay a Reputable EntityOnly Use to Pay a Reputable EntityCheck Balance Frequently by TelephoneCheck Balance Frequently by Telephone

Checking AccountsChecking Accounts

Suggestions:Suggestions:

Remote Deposit Capture – Reject It! Remote Deposit Capture – Reject It! (Vulnerabilities)(Vulnerabilities)Stop Pay Shelf LifeStop Pay Shelf LifeUse Laser Printer For TextUse Laser Printer For TextWatch Your Ink Temperatures – Cool vs. Watch Your Ink Temperatures – Cool vs. HotHotPrint Text in Size 14 FontPrint Text in Size 14 Font

Checking AccountsChecking Accounts

Suggestions (continued…)Suggestions (continued…)

Test Checks used to Verify the Accuracy of Your Printer Test Checks used to Verify the Accuracy of Your Printer Should be Voided and Shredded ImmediatelyShould be Voided and Shredded Immediately– Keep in mind copiers and PDAs have memoryKeep in mind copiers and PDAs have memory

Keep Check Stock Locked in a Vault or Other Secure Keep Check Stock Locked in a Vault or Other Secure LocationLocation– If forger gets blank stock, you can be held liable even If forger gets blank stock, you can be held liable even

with Pos Pay and blank stockwith Pos Pay and blank stock

Have Bank Statements Mailed to a Secure LocationHave Bank Statements Mailed to a Secure Location– HomeHome

Checking AccountsChecking Accounts

Suggestions (continued…)Suggestions (continued…)

Separate Tasks:Separate Tasks:

– Do not allow the person who prints or writes the checks Do not allow the person who prints or writes the checks to reconcile the accountto reconcile the account

Closed Accounts . . .Closed Accounts . . .

– Can be reactivated by simply depositing a discarded Can be reactivated by simply depositing a discarded checkcheck

– Solution: Shred the old checksSolution: Shred the old checks

Employee Background Checks on Accounting & Mailroom Employee Background Checks on Accounting & Mailroom Staff and Anyone Handling Increased Corp. ResponsibilityStaff and Anyone Handling Increased Corp. Responsibility

Checking AccountsChecking Accounts

Suggestions (continued…)Suggestions (continued…)

Mailroom Procedures and Personnel should be Mailroom Procedures and Personnel should be Monitored (Charity)Monitored (Charity)

Use Positive PayUse Positive Pay

Set Up Wire Transfers – “Deposit Only”Set Up Wire Transfers – “Deposit Only”

Move Funds to Secure Accounts Not Linked to Move Funds to Secure Accounts Not Linked to WebWeb

Report Break-Ins ImmediatelyReport Break-Ins Immediately

Monitor Accounts DailyMonitor Accounts Daily

Checks Checks

Security Features:Security Features:

Desolving InkDesolving InkChemical Sensitive PaperChemical Sensitive PaperMicro PrintingMicro PrintingThermochromatic InkThermochromatic InkExpiration DateExpiration DateToner AnchorToner AnchorWarning BandWarning BandPantographs, Holograms, Watermarks, etc.Pantographs, Holograms, Watermarks, etc.

EmployeeEmployee

Embezzlement Prevention Starts With . . .Embezzlement Prevention Starts With . . .

If you like mysteries, read one; don’t hire If you like mysteries, read one; don’t hire one one

Employee Employee

New Hire Application Research:New Hire Application Research:

Get WaiverGet WaiverSearch Social Networking SitesSearch Social Networking SitesBackground Checks – Criminal & CivilBackground Checks – Criminal & CivilPhone All ReferencesPhone All ReferencesSolicit Explanation of Anomalies Solicit Explanation of Anomalies

EmployeeEmployee

Once Hired . . .Once Hired . . .

Notice – Handbook Customized for Notice – Handbook Customized for PositionPosition

MonitorMonitor

VerifyVerify

AuditAudit

Quick Tips For Safer FinancialsQuick Tips For Safer Financials

Tell your staff about “social engineering.” Tell your staff about “social engineering.” This method of gleaning confidential This method of gleaning confidential information about staff, systems, and information about staff, systems, and operations, can occur by phone, in person, operations, can occur by phone, in person, or computer phishing.or computer phishing.

Quick Tips For Safer Financials Quick Tips For Safer Financials

Clean Desk PolicyClean Desk PolicyLock All FilesLock All FilesRestrict Cleaning Crew AccessRestrict Cleaning Crew AccessRecord Copier Counter NumberRecord Copier Counter Number

Quick Tips For Safer FinancialsQuick Tips For Safer Financials

Shred all discarded confidential Shred all discarded confidential information, including all invoices and information, including all invoices and statements. For ID thieves, office trash statements. For ID thieves, office trash bags and bins are favored hunting bags and bins are favored hunting grounds.grounds.

Radio Frequency I.D.Radio Frequency I.D.

R.F.I.D.R.F.I.D.Radio Frequency IdentificationRadio Frequency Identification

Active DevicesActive Devices

Passive DevicesPassive Devices

The technology permits issuing every The technology permits issuing every

object on the planet a unique object on the planet a unique

identification numberidentification number

R.F.I.D. - SizeR.F.I.D. - SizeSeedSeed

R.F.I.D. - SizeR.F.I.D. - Size

WaferWafer

R.F.I.D. - SizeR.F.I.D. - Size

TicksTicks

R.F.I.D. – Can Be Found InR.F.I.D. – Can Be Found In

Credit Cards “Blink”Credit Cards “Blink”Speed PassSpeed PassLibrary BooksLibrary BooksPassportsPassportsStore MerchandiseStore MerchandiseTiresTiresAnimalsAnimals– LivestockLivestock– FishFish– HorsesHorses– PetsPets

HumansHumans– MedicalMedical– Secure Location AccessSecure Location Access

R.F.I.D. – ApplicationsR.F.I.D. – Applications

Inventory ControlInventory Control

Identifying Lost PetsIdentifying Lost Pets

Security AccessSecurity Access

Toll Road BillingToll Road Billing

SpyingSpying

R.F.I.D. – The DownsideR.F.I.D. – The Downside

A hacker can make a reader for $20.00A hacker can make a reader for $20.00

A bomb can be rigged to go off when a A bomb can be rigged to go off when a certain person goes bycertain person goes by

Individual rights can be abused by tracking Individual rights can be abused by tracking a person’s movementa person’s movement

It has been broken by hackersIt has been broken by hackers

ATM SecurityATM Security

ATM OverlayATM Overlay

Bank PIN PadBank PIN Pad

ResourcesResources

ResourcesResources

What to Read:What to Read:

2600 magazine2600 magazine

RSS feedsRSS feeds

ResourcesResources

What to Listen to:What to Listen to:

The Tech Guy – Leo LaPortThe Tech Guy – Leo LaPort

Kim KomandoKim Komando

ResourcesResources

Develop Relationships With:Develop Relationships With:

Local Law EnforcementLocal Law Enforcement

FedsFeds

ResourcesResources

What to Join:What to Join:

InfragardInfragard

IAFCIIAFCI

ResourcesResources

Create a Position:Create a Position:

Asset ProtectionAsset Protection

Info Tech Assistant – Employee or KinInfo Tech Assistant – Employee or Kin

Robert J. RebhanRobert J. Rebhan

Financial Crimes ExpertFinancial Crimes Expert

Founder IPFCFounder IPFCInstitute for the Prevention of Financial CrimesInstitute for the Prevention of Financial Crimes

www.ipfc.us

www.robertrebhan.com

(818) 991-4546(818) 991-4546