new internet fraud and risk update · 2016. 2. 26. · internet fraud is a big and growing business...
TRANSCRIPT
![Page 1: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/1.jpg)
Internet Fraud and Risk Update
John Walp
Administrative Vice President
M&T Bank Corporate Information Security Officer
Member FDIC
![Page 2: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/2.jpg)
Agenda • Understanding Internet risks and fraud trends
• Understanding crimeware, ransomware and
email/web/mobile/social-media threats
• Understanding the threat from account takeover fraud
• How to protect yourself, and your company
• Questions & Answers
2
![Page 3: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/3.jpg)
Disclaimer
• This presentation is intended for information purposes
• Customers should contact their Information Technology
provider to determine the best way to safeguard the
security of their computers and networks
• Customers should familiarize themselves with their
institution’s account agreement and understand
their liability for fraud as ACH and Wire transactions are
regulated under the Uniform Commercial Code
3
![Page 4: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/4.jpg)
Bank Robbery 2014
4
![Page 5: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/5.jpg)
Trojan Horse 2014
5
![Page 6: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/6.jpg)
Internet fraud is a big and growing business
• 2008 - RBS WorldPay – Hackers steal $9 million in
12 hours from 2,100 ATMs in 280 cities worldwide
• 2009 - Heartland Payment Systems - 130 million
payment cards stolen by hacker Albert Gonzalez
• 2011 - Fidelity National Information Services –
Hackers steal $13 million in 24 hours using 22 stolen
debit cards and unauthorized network access
• 2013 – FBI is investigating more than 400 cases of
Corporate Account Takeover Fraud (ACH/Wire)
6
![Page 7: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/7.jpg)
Social Media Risk in 2014
7
![Page 8: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/8.jpg)
Social Media Risk – Employees
8
![Page 9: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/9.jpg)
Social Media Risk – Employees
9
![Page 10: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/10.jpg)
Social Media Risk - Markets
10
![Page 11: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/11.jpg)
“Own the email and you own the person”
11
![Page 12: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/12.jpg)
Example of Social
Engineering techniques
used in wide-spread
spear phishing attacks
Nov. and Dec. 2012
12
![Page 13: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/13.jpg)
Spear Phishing Attack
13
![Page 14: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/14.jpg)
Ransomware Infection
14
![Page 15: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/15.jpg)
Fake Anti-Virus Scam
15
![Page 16: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/16.jpg)
BlackHat SEO
16
![Page 17: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/17.jpg)
Mobile Threats Are Also On The Rise
17
![Page 18: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/18.jpg)
Account Takeover Threat
18
![Page 19: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/19.jpg)
How to Protect Yourself and Your Business
• Awareness: Review M&T Bank - Payment Fraud
Risk Management Handbook/Checklist
• Ensure your internal staff is aware of the risks and
operates with safe computing best practices in mind
• Be aware what your banking sites normally look like
• Verify emails containing payment instructions
• Run up-to-date Anti-Virus/Spyware
• Run up-to-date host based firewall software
• Patch third-party software – Adobe, Java, Quicktime
• Activate a “pop-up” blocker on Internet browsers to
help prevent web-based intrusions
19
![Page 20: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/20.jpg)
• Review your credit report/banking transactions regularly
• Use fraud prevention and detection services offered by
M&T Bank: Payee Positive Pay, ACH block, etc.
• Limit staff Administrative access to privileges on the PC
and bank products used to conduct transactional activity
• Use a stand-alone PC for banking transactions
• Add “Dual Administration” for money movement
applications to reduce internal fraud with better control
over user permissions and transaction auditing
• If you accept credit/debit card payments, become and
remain compliant with Payment Card Industry standards
How to Protect Yourself and Your Business
20
![Page 21: New Internet Fraud and Risk Update · 2016. 2. 26. · Internet fraud is a big and growing business • 2008 - RBS WorldPay – Hackers steal $9 million in 12 hours from 2,100 ATMs](https://reader034.vdocuments.mx/reader034/viewer/2022052104/603f5588f02d9907505352c6/html5/thumbnails/21.jpg)
Questions, Answers and Useful links
• browsercheck.qualys.com
• www.ic3.gov
21