ct bar association larry selnick, svp, director of sales 9.18.14 fraud awareness seminar:...
TRANSCRIPT
CT Bar AssociationLarry Selnick, SVP, Director of Sales
9.18.14
Fraud Awareness Seminar:
“Protecting Your Escrow Account”
2
AGENDA
Setting the Stage
Types of Fraud
How to Mitigate Risk
Fraud Awareness Case Study
3
SETTING THE STAGE
The number of attacks is now so large and their sophistication so great, that many organizations are having trouble determining which new threats and vulnerabilities pose the greatest risk.
► Attackers may be able to access information, monitor your actions, modify programs, or perform other functions on your computer without being detected.
► Fraud is a “career”
► Estimated that 35 million machines are infected
4
“There has been a shift in the online criminal world from primarily targeting individuals to increased targeting of corporations” (FS-ISAC).
Unlike consumers who enjoy strong federal protection, a business may be liable under Uniform Commercial Code (UCC) rules (FS-ISAC).
AS A BUSINESS YOU SHOULD KNOW…
5
NOT A CASE OF IF, BUT WHEN
Nobody is ever 100% secure.
The threat environment is simply moving too fast.
Rather than bulletproof security, organizations need to focus on ways to make the cost of breaching their security more trouble than the data that could be obtained is worth
► using a layered, risk-based approach to maintain the balance between security and customer experience.
41% of all data breaches are a result of criminal attack
Source: Aite' RSA Study & First Data
6
NOT A CASE OF IF, BUT WHEN
Organized crime rings are responsible for the majority of attacks.
Lone hackers, who are in it for either individual financial gain or the thrill of the chase, still initiate a small percentage of cyberthreats.
Hackivists are individuals who use the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose.
There are still some breaches that appear to be linked to insider activity.
7
Source: 2012 AFP Payments Fraud and Control Survey, Tower Group
• 60% of organizations experienced attempted or actual payments fraud in 2013.
• 27% of survey respondents report that incidents of fraud increased in 2013 compared to 2012.
• Checks were the dominant payment from fraudsters, with 82% of affected organizations reporting their checks had been targeted.
• Among organizations that did suffer a financial loss resulting from payments fraud in 2013, the typical loss was $23,100.
Prevalence of Attempted Fraud in 2013:
Payment ChannelAll
Respondents
Checks 82%
Credit/debit cards 43%
ACH debits 22%
Wire Transfers 14%
ACH Credits 9%
WHERE IS FRAUD OCCURING?
8
CYBER TERMINOLOGY
Term: Definition:
Bot Automated computer program, or robot.
Malware Malicious software designed to infiltrate a computer system without the owner’s knowledge or consent.
PhishingThe process of attempting to acquire sensitive information such as usernames, passwords etc by masquerading as a valid entity in an electronic communication.
WhalingLike phishing – but for the bigger “Fish” – the process of attempting to acquire sensitive information such as usernames, passwords etc from executives.
Man in the BrowserGives the malicious software the ability to lay dormant on a victims computer and spring to life when the victim visits a banking site.
9
Stolen valid online banking credentials► Username, password► Answers to security questions
Theft of valid online banking credentials occurs by social engineering or when business gets infected with malware.
Malware downloaded via email or through a hot linked website► Man in the Browser► Invokes key logging which records key strokes to
capture online banking credentials
Business accounts are accessed and ACH and/or Wires are generated
“Mules” hired to open accounts and forward the funds to international destinations
WHAT IS BUSINESS ACCOUNT TAKE OVER FRAUD?
10
I KNOW YOUR PASSWORD
11
Hacking into a voicemail account can be as easy as 1-2-3-4.
Certain password configurations are very popular showing many people aren’t using random numbers (over 200,000 iPhone users surveyed)
PIN Used Rank
Same digit (0000,1111,etc.) 1
Years (from 1900-2011) 2
ABAB format (1010, 2121, 3131, etc.) 3
1234 4
2580 or 0852 (center of keypad) 5
5683 (spells LOVE) 6
Source: Big Brother Camera Security, Daniel Amitay
EASY TO GUESS PASSWORDS OPEN DOOR TO HACKERS
12
Dedicate a computer or system for online banking, especially EFT (ACH transaction and wire transfers).
Use multifactor authentication with independent mechanism.
Log and monitor key computers or systems.
Segregate EFT controls.
Reconcile EFT transactions daily.
Dedicate clearing accounts using “just in time” deposits.
Use a “run as needed” bootable CD that cannot be contaminated by a virus or malware for the computer accessing online EFT (FDIC recommendation).
Source: Journal of Accountancy
HOW YOU CAN MITIGATE YOUR RISKS?
13
Each Control Provides Security in Layers
Recommend dedicated accounts for receivables, operating and disbursement:
Cash Inflow Information Reporting Cash Outflow
► Post no debits► No ACH or wire
origination capability► Mandatory Alerts
► Check Positive Pay ► ACH Positive Pay► Controlled Disbursement► Daily Review/ reconciliations► Mandatory Alerts► Dual Control/Tiered security
(separate and distinct access)► Limits set to business needs
JIT Funds JIT Funds
Receivable
Account
► (2x) Daily Cash Position► Just in Time (JIT) Transfers► Mandatory Alerts
Disbursement Account
Operating Account
► Separate Account for check and EFT activities► Dedicated PC (segregate from network)► Trusteer required security for devices that access Web-Link
14
Checks cashed at other banks► Checks are matched against the file of issued checks.► If on the file, the Payee Name is also matched against the file of issued
checks.► Exceptions are submitted to Webster Web-Link® daily to be reviewed and
decisioned by the customer.► Enroll for Positive Pay Exception Event Notification to receive an email alert
when you have exceptions to review
Checks cashed at Webster Branches► The teller enters the check information, the system automatically verifies the
check against the issuance information on file. Match – check is cashed No-Match – teller will not cash the check, “refer to maker”
HOW DOES CHECK POSITIVE PAY WORK
15
Webster Check Positive Pay► Your file of issued checks is sent to Webster and compared—by serial
number and amount—against checks presented for payment against your account.
Webster Payee Name Positive Pay► Check Positive Pay takes Positive Pay one step further in that it also
compares the payee line information, serial number and dollar amount against those on your file of issued checks. Payee Name Positive Pay is the more secure option.
Webster ACH Positive Pay and Debit Block► ACH Positive Pay protects your account from fraudulent ACH debit entries
by allowing you to block or filter unauthorized electronic transactions.
PREVENT FINANCIAL LOSS FROM FRAUD
16
Don’t unplug – malware resides in computer’s memory and not the hard drive. Turning off a computer erases the memory, and with it many traces of the hack.
Call in the Pros
Keep a chain of custody – record every time someone touches a compromised computer or server and everything that’s done to it
Stop the bleeding – Figure out how the hacker broke in, and fix that hole.
Find out what they stole
Figure out who to tell
Be apologetic – in your customers minds, its your fault!
WHAT TO DO IF YOU’VE BEEN HACKED
17
Establish “Dual Control” authorizations
Review your limits for ACH and Wire to determine if they suit your business needs
Consider a “stand alone” computer that is used exclusively for online banking
Review your internal controls
Schedule a meeting with your Webster Banker to review your total risk exposure and learn how to mitigate those risks.
WHAT SHOULD YOU DO NEXT? (TODAY!)
18
FRAUD CHECKLIST
Engage your Partners:► Accountants ► Insurance ► Legal► IT Consultant► Banker
19
The true costs to business from threats are far greater than merely the financial implications.
In addition to direct cost there are:► The cost of computer downtime► Plummeting productivity► Lost sales opportunities
VALUE OF YOUR REPUTATION = PRICELESS!
20
QUESTIONS
Internet Fraud Targeting Attorneys
Kim SyropSenior Vice President
Fraud & Loss ManagementWebster Bank
September 18, 2014
Attorney Beware!
Attorneys nationwide have become the targets of sophisticated email scams.
Con artists located overseas forward seemingly credible requests for legal representation to unsuspecting lawyers.
The scammers rely on fake cashier’s checks to bilk their targets before the checks come bouncing back.
Confirmed losses from this type scam are well over $1 billion.
Arrests are unlikely since the suspects are located overseas in locales such as Asia and Africa.
Anatomy of a Scam
Initial Contact► Attorney receives email from someone who claims to be
working in a foreign country who needs help with a legal problem “in your jurisdiction”
The Legal Problem► The sender of the email needs help collecting on a judgment,
a contract, or a divorce settlement Bad Grammar
► Note that the email usually contains grammatical errors, though not always
Easy Work► The debt is described as being easy to collect by simply
sending a demand letter► In some cases, the debtor has already agreed to pay and the
lawyer’s job is simply to serve as the intermediary
Anatomy of a Scam
Quick Payment► As predicted by the client, the opposing party quickly pays the
money owed with a large bank or cashier’s check► The purported cashier’s check will look legitimate, and may
contain little or no clues as to its fraudulent nature ► The check is made out to the lawyer, to be deposited into trust► The lawyer will then take his own fees from the trust account
transaction, and pay the balance to the clientFunds Wired to Overseas Account
► Client makes immediate and repeated requests to wire out the funds
► The attorney sees that the deposit has posted to his trust account, presumes the funds have cleared, and wires the money to the client’s bank account
Anatomy of a Scam
Bad News► A few more days pass and the attorney gets some bad news:
the check has bounced and the money has been debited out of the lawyer’s trust account
► In most cases, the check was a counterfeit► The client has vanished, and the account that the lawyer
wired the money to has closed, or at least no longer has any funds in it
► The lawyer’s trust account is either overdrawn or at least is substantially depleted of hundreds of thousands of dollars
Available vs. Cleared Funds
► Individuals wrongly assume that after several days the check they deposited must be good, absent hearing otherwise from the bank.
► They may even contact the bank and hear the phrase “the funds are available” and interpret that to mean the check has cleared as good.
► This statement from the bank merely means that the funds are available, not that the check is good.
► The Expedited Funds Availability Act (12 USC Section 4001-4010) requires that deposits of various funds must be made available to a bank’s customers even before the funds have technically been cleared.
Steps to Avoid Becoming a Victim
Carefully scrutinize unsolicited email/phone calls from individuals or entities with whom you have no prior dealings requesting your services, particularly if the email/phone calls originate from a foreign country.Take steps to independently verify the information provided by your “client”.If possible, take steps to identify and verify “client” information.Be suspicious of a solicitation that offers a relatively large fee or commission for little or no work or that appears outside of your usual practices areas.Educate your staff to be on the lookout for these types of schemes.Periodically review law enforcement websites for information on current fraud schemes.
Steps to Avoid Becoming a Victim
If you have doubts concerning the validity of a check you receive, contact the institution on which the check is drawn to request confirmation. When contacting the bank, DO NOT use the telephone number provided on the check, as this number is generally not associated with the financial institution but rather with the scammer. Locate the issuer’s phone number from another source. You can locate a bank’s contact information at the FDIC website.
Never be in a rush to disperse funds by wire transfer, particularly from your trust account.
New Email Scam
Email phishing attack targeting attorneys
Random email advising that your IOLTA account has “insufficient funds” to pay an outstanding check
Sender claims to be National Bankruptcy Services LLC of Dallas
All versions refer to a check of approximately $19,000
A .zip file attachment purportedly containing additional information is presumed to contain malware.
Text of Fraudulent Email
Questions
Webster Bank Case Studies
Title bar 33
Case Study #1
Overseas Divorce Assistance
Initial Contact
The Story
The Divorce Decree
The Retainer Agreement
The Payment
The Payment
The Check
Payment Confirmation
Title bar 42
Case Study #2
Overseas Collection Request
The Story
The Story
The Story
Instructions
Instructions
The Payment
The Payment
The Check
Payment Confirmation
Scam Email Examples
Overseas Collection Request
Overseas Divorce Assistance #1
Overseas Divorce Assistance #2
Dying Charitable Benefactor
Dying Charitable Benefactor
Business Collection Request
United States of Americav.
Emmanuel Ekhator, et al
Kim SyropSenior Vice President
Fraud & Loss Management Webster Bank
September 18, 2014
Portrait of a Fraudster
Emmanuel Ekhator
Member of Nigerian internet fraud syndicate
42 years of age
Married
Masters Degree from University of Bradford, West Yorkshire
Residences in Canada and Nigeria
The Indictment
The Indictment
The Indictment
The “Collection” Scam
A co-conspirator contacts a law firm, usually via email, and claims to be a foreign citizen or a representative of a foreign company.
The co-conspirator represents that he is attempting to collect funds from a North American individual or entity owing monies from a transaction such as a real estate transaction, a divorce settlement, or a tort settlement.
The co-conspirator represents that he is seeking legal representation from the victim law firm to collect monies.
After agreeing to provide legal representation, the victim law firm is contacted by another co-conspirator posing as a representative of the entity purportedly owing the monies. This individual agrees to make payment on the monies owed.
The “Collection” Scam
A co-conspirator purporting to be a representative of the entity owing the monies then mails a check that appears to be legitimate to the victim law firm via Canada Post, U.S. Mail, or a private courier such as FedEx or UPS.
The information on the check was stolen from legitimate companies, with the amount, payee name, and phone number altered.
If the victim law firm contacts the fraudulent phone number printed on the check, a co-conspirator answers the call and fraudulently verifies the amount to the check and its validity.
The victim law firm deposits the check into a trust account and waits until it appears the check has cleared.
The “Collection” Scam
Following instructions from the initial co-conspirator, the victim law firm then wires funds to a bank account, usually located in Asia.
Typically, the fraud is detected when the check is returned because it is counterfeit.
“Collection” Scam Terminology
Catcher – an individual who contacts the victim lawyer or law firm and initiates the purported attorney/client relationship.
Runner – an individual who coordinates bank accounts and obtains checks from the individuals who create the counterfeit checks.
The Players
Emmanuel Ekhator – the main facilitator of the fraud responsible for transmitting information, usually via e-mail, between “catchers” and “runners” and coordinating counterfeit check activity. He resided in Canada.
► Arrested in Nigeria and extradited to the United States► Pled guilty to criminal conspiracy to commit mail fraud and wire
fraud► Sept 2013 - Sentenced to 100 months in federal prison, over $11
million in restitution, and forfeiture of properties in Canada and several bank accounts in Nigeria
Yvette Mathurin – responsible for purporting to be a bank employee and falsely validating the amount of the check and its authenticity when a victim law firm called. She resides in Canada.
► Arrested and awaiting extradition from Canada
The Players
Kingsley Osagie – responsible for coordinating bank accounts to launder the proceeds of the fraud and coordinating the wire activity to foreign bank accounts. He resides in Nigeria.
► Arrested as he arrived in the Atlanta area from Nigeria► Awaiting trial in the Middle District of Pennsylvania
Maxwell Nosa Omorere – responsible for coordinating money laundering activities and wire activities; providing co-conspirators the wording used in communications to victim law firms; and providing co-conspirators victim information. He resides in Nigeria.
► Active INTERPOL arrest warrant
The Players
Nicholas Jonah Uangbaoje – responsible for providing co-conspirators with verification of deposits and wire transfers to accounts used to receive fraud proceeds. He resides in Nigeria.
► Active INTERPOL arrest warrant
Ezeh Matthew Okechukwu – responsible for maintaining bank accounts in Korea used to receive the proceeds of fraud. He resides in Korea.
► Active INTERPOL arrest warrant
Press Release