16-17th October, 2014, Frankfurt

Stay calm and hang up on fraud! A case study about the dynamics of telephone

fraud and how Lithuanian banking industry tackles it

2

These days everyone seems to be afraid of them, right?

3

Another Attack of Cyber Criminals!FEARS are growing for the UKs financial security after cyber thieves hacked into a major European bank's computer, stealing thousands of pounds in savings.

Online criminals have targeted a top European bank, stealing more than £400,000.

The attack, which took place at the beginning of the year, compromised more than 190 personal accounts.

The thieves used a Trojan programme to hide dangerous information inside innocuous-seeming software.

This intercepted data and allowed the criminals to transfer money without the bank or its customers becoming aware.

It appears most of the victims were from Turkey and Italy with some customers losing over €39,000

Details about which bank has been attacked have not been released, or whether any UK customers have had any money stolen.

This latest attack is sure to send shock waves through the banking sector as it proves how vulnerable modern day technology is to attack from criminals.

THE DAILY NEWSwww.dailynews.com THE WORLD’S FAVOURITE NEWSPAPER - Since 1879

4

What is Telephone Fraud?

“It’s me, mother/grandmother! Help me!” fraud

5

Variation 1 > 2010

Not a perfect crime

# Limited gain

# Limited range of potential victims

# Requires physical contact / time

# Difficult to recruit couriers

6

“Hi, I’ve a job for you” fraud

7

Variation 2 ~ 2010

“Hello, I’m a police investigator…” fraud

8

Variation 3 > 2010

Online Banking Facility

9

Password Card

10

Houston, we’ve a problem!

11

# Everyone’s a potential target

# Significantly increases fraudsters’ gains

# No physical contact with the victims / requires less time

# Abundance of money mules

Telephone Fraud Statistics from SEB Bank

12

No. of Victims

Total Loss / LTL

Pay day Loans / LTL

No. of Money Mules

2012 97 428 000,00 144 000,00 89

2013 273 1 467 588,00 252 484,00 340

2014 (IIIQ) 43 192 717,00 37 475,00 48

Total 413 2 088 305,00 433 959,00 477

NB! One EUR = 3,46 LTL

Police Statistics on Telephone Fraud in 2012

# 816 telephone fraud reports

# Estimated loss: 2 782 000,00 LTL

# Cost of investigations: 1 236 000,00 LTL

# Number of confiscated phones in prisons – 7 884

(Source: Lietuvos Rytas , 15th of May, 2013)13

14

95 per cent of fraudulent phone calls originate in Lithuanian prisons

(Source: Respublika, 12 th of March, 2012)

15

16

Profile of a Victim• The majority of victims – 95 per cent - are women • Average age - 55 years old• Average loss – 5 376,00 LTL• Surprisingly, many victims had been aware about

telephone fraud and its modus operandi (Suzuki, K., 2010)

• In addition to financial loss, victims often suffer loss of self esteem, because they blame themselves for having been ‘so stupid’

• The society contributes to this social stigma by labeling victims as gullible or plain stupid (University of Exeter, 2009)

• In other words, it is the victim’s fault or as the old adage has it - ‘A fool and his money are soon parted’

• Additionally, this type of fraud undermines confidence general public has in public and private institutions and erodes sense of security in everyday life (Suzuki, K., 2011)

Stupid cow!How on earthcould I fall for that!?

Anyone can become a victim

17

‘He [the bank manager] spent a long time trying to persuade both of us that this was a scam, and in the end I said that the money was mine and I had a right to it. The bank manager with a sigh said “Yes” and

sent me back to the teller’4th June, 2014, BBC,

19

Profile of a Money Mule

# The average age of a money mule is 28-30 years old

# Often these individuals are unemployed recipients of social benefits from the state

# Most of them know that their involvement facilitates criminal activity

# However, when one bank closes their accounts, they open a new one in another bank and continue to assist telephone fraudsters

The Fake President Fraud

20

Victim

Fraudster 1 Fraudster 2

21

# Lithuanian banks aren’t directly affected since they do not compensate losses to the victims of fraud

# However, since this type of fraud targets users of electronic banking, some customers might stop or be reluctant to use this products, and this might have some impact on the long term plans of the banking industry

# Additionally, fraudsters might start targeting SMEs or invent new and more elaborate fraudulent schemes

# Finally, if the incidence of telephone fraud continues to increase, the regulator might step in and introduce new rules

Implications for the Banking Industry

How do we tackle telephone fraud?

22

23

How do we tackle telephone fraud? (cont’d)

# Training staff to identify customers who are at higher risks, so they could provide customers with relevant advise on risk mitigation techniques

# Advising staff on how to identify potential money mules# Raising customers awareness through communication campaigns in

the news media, etc.# Reduction of daily transfer limits for customers who do not want to

replace password cards with TAN generators# Employing an internally developed monitoring software that detects and

suspends suspicious transactions# Addressing this issue to various stakeholders – police, prosecutor’s

office, Ministry of Justice, department of prisons, telecommunication companies, etc.

# In addition, telecommunication companies have started to proactively block pre-paid GSM cards allegedly being used in fraudulent activities

Is the State Liable for Damages of Telephone Fraud?

24

Remaining Challenges# Banks are reluctant to exchange fraud statistics# Banks do not exchange data on fraudsters and money mules# Banking legislation doesn’t provide clear guidance on how banks

should tackle fraud # Police do not compile comprehensive statistics on telephone

fraud# ‘It’s your own fault’ attitude is still prevalent towards victims of

telephone fraud# Co-operation between stakeholders could be improved# Fraudsters are always one or two steps ahead; therefore, they

eventually come up with new variations or target new products/channels (e.g. Germany, Latvia and Estonia (Source: Lietuvos Rytas, 5th of August, 2013)

25

Cross -border Crime

26

27

Variations of Telephone Fraud in Other Countries

Courier Fraud (UK) Ore-Ore Sagi / Furikome Fraud (Japan)

Variations of Telephone Fraud in Other Countries (cont’d)

28Voice Phishing Fraud (South Korea) Tелефонные Mошенники (Russia)

29

If this particular type of fraud is of further interest:

• Use Google to find out more variations around the world:– Voice Phishing (South Korea)– Virtual Kidnapping / Telephone Extortion (South America)– Courier Fraud / Vishing (United Kingdom)– Ore-ore Sagi / Furikome Fraud (Japan)– Jamaican Lottery (USA)– Telefon Betrug / Schockanrufen (Germany)– Tелефонные Mошенники (Russia)– Faux Neveu / Faux président (France, Switzerland)– Metoda Accidentul (Romania)– Grandparents Scam (North America)– And many many more…

30

Thank you for your attention!

If you’re interested in this topic, you’re welcome to get in touch with me through

32