fraud prevention and awareness an introduction for clients ... · spear phishing e-mails and/or...

Alicia Somers - Financial Wellness RM

Dan Eveloff – FL Treasury Executive

Fraud Prevention and AwarenessAn Introduction for Clients Facing Fraud Concerns

© 2018 Regions Bank.

REGIONS NEXT STEP

This information is general in nature and is not intended to be legal, tax, or financial advice. Although Regions believes this information to be accurate, it cannot ensure that it will remain up to date. Statements or opinions of individuals referenced herein are their own—not Regions'. Consult an appropriate professional concerning your specific situation and irs.gov for current tax rules.

2

This information is general in nature and is not intended to be legal, tax, or financial advice. Although Regions believes this information to be accurate, it cannot ensure that it will remain up to date. Statements or opinions of individuals referenced herein are their own—not Regions'. Consult an appropriate professional

concerning your specific situation and irs.gov for current tax rules.


AGENDA• TODAY WE WILL FOCUS ON THESE BIG QUESTIONS . . .

1.What are the ways fraud can happen to your business?

2.How can you protect your business and yourself?

3


•PROTECTYOURSELF

© 2018 Regions Bank.4

FRAUD IS A PREVAILING THREAT…

NEARLY THREE-FOURTHS OF ORGANIZATIONS HAVE BEEN VICTIMS OF

FRAUD.5


• REVENUE LOSS

• CHECKS MOST

VULNERABLE

• UNDETECTED FOR

18 MONTHS

• LOSSES IMPACT YOURBOTTOM LINE

• INVOLVE EMPLOYEES

Typical loss due to fraud = $20,300


Fraud Prevention 7

High dollar balances in checking accounts

Can move money quickly

• Real-time using Wire Transfer

• “Near” real-time using ACH

Commercial computers represent a target

rich environment for other corporate information

But, why target commercial accounts?

Fraud Prevention 8

Questions to Address

Are your funds and

information being

transferred securely? Are you

losing revenue to

fraud?

Are you receiving phishing

emails and malware

attempts?

Are you keeping

company information

private?

Are you aware of the latest fraud

trends?

Are your vendors

legitimate?

Are your internal controls strong

enough?

Education and Awareness are Key to Prevention

Fraud Prevention 9

Document Protection

Bookkeeper Fraud

Business E-mail Compromise

Traditional Fraud Schemes

Fraud Prevention 10

Arises when full authority has been given to a single employee to issue and reconcile payments, especially associated with checks

85% of all fraud is perpetrated by a trusted employee

Creates bogus accounts payable/vendors and generates payments

Opens bank account in similar name to business and diverts legitimate checks meant for business

Obtains blank signed company checks and fills in inappropriate payees

May also be associated with investment schemes, sales schemes or identity theft

Bookkeeper Fraud

Fraud Prevention 11

Large Company:

• Company payroll was outsourced to CPA firm

• One employee at the firm was assigned to administer it

• She created employee status for herself

• Regular payroll checks were made payable to her

• Over a five year period a loss of $250k occurred

• Suspect was prosecuted and sentenced to federal prison

Examples of Bookkeeper Fraud

Fraud Prevention 12

Living beyond their means

Financial difficulties

Unusually close association with vendors or customers

Excessive control issues

Little vacation taken

Bookkeeper Fraud – Red Flags

•BEST PRACTICES


Fraud Prevention 14

Never sign blank checks

Establish dual control for check issuance and account reconciliation tasks

Make sure all employees are aware of and adhere to internal controls and financial

reporting

Restrict employee access to accounting systems and online functions; audit

periodically

Implement an approval process for new vendors

Preventing Bookkeeper Fraud

Fraud Prevention 15

Payments Fraud

Fraud Prevention 16

Fraud Prevention 17

Business Email Compromise (BEC): 22,000 Victims With Over $3 Billion in Losses

Fraud Prevention 18

1. Executive email intrusion: email compromise resulting in a fraudulent payment request from a company executive

2. Vendor email intrusion: email compromise that results in a fraudulent request to change payment terms or criteria

3. Employee email intrusion: email compromise resulting in fraudulent payment requests being sent to vendors involving a change in payment criteria

Reminders:

• If built in controls don’t exist, employees should stop, question, and investigate before funds are sent.

• Use out of band authentication

• Use Forward instead of Reply

Business Email Compromise

Fraud Prevention 19

Business Email Compromise Timeline

1

2

3 4

Organized crime groups target U.S. and European businesses, exploiting information available online to develop a profile on the company and its executives.

Identify a Target

Grooming

Spear phishing e-mails and/or telephone calls target victim company officials (typically an individual identified in the finance department).

Perpetrators use persuasion and pressure to exploit human nature.

Grooming may occur over a few days or weeks.

The victim is convinced he/she is conducting a legitimate business transaction. The unwitting victim is then provided wiring instructions.

Upon transfer, the funds are steered to a bank account controlled by the organized crime group.*

Exchange of Information

Wire Transfer

* Note: Perpetrators may continue to groom the victim into transferring more funds.

Fraud Prevention 20

Thief claims to be an executive, internal or external

Sends email and request employees’ W-2

Targets unsuspecting members of payroll staff

Victims include several high profile companies

Best Practices to Avoid these Schemes:

Implement dual authentication when sending personal information

Provide employee training and awareness

Avoid replying directly to emails regarding payment terms

W-2 Fraud Schemes – BEC

CYBER ATTACKS

TOP 10 CYBER ATTACKS IN 2018


CYBER ATTACKS

METHODS OF ATTACK

• Phishing emails

• Banner Ads

• Social Networking

• Probing


Fraud Prevention 23

Ringleaders and Malware authors are in Russia and Ukraine

Software is for sale on the Darknet (underground internet) – DHS/FBI says darknet is 90% of the Internet

Command and Control servers along with botnet servers are for rent

These are used to disperse the malware

The actual thief may be in the house or office next door

Where are the bad guys?

Fraud Prevention 24

Phishing emails with malicious links or attachments – Spear Phishing in BEC, shipping documents to compromise e-mail system

Banner ads on prominent surf engines and news sites –“Malvertising.” Increased 200% to 209,000 incidents, 12.4 billion malicious advertisements

Social networking sites (your friends may not be your friends)

Probing for un-patched, vulnerable machines and attacking directly

Immediate goal may be ransomware or theft of intellectual property, not attack of bank accounts

What are their methods of attack?

Fraud Prevention 25

Command and

Control Server

Root Kit


• User opens email or clicks banner ad and the malware’s root kit is installed.

Client

Fraud Prevention 26

Command and

Control Server

Root Kit


• Root kit installs itself deep within the client’s operating system.

• Root kit “phones home” across the internet to a Command and Control server. It tells the Command and Control server “I am here. Send me the rest of the malware payload.”

Client

Fraud Prevention 27


• Malware disables anti-virus software. (The indicator in the system tray isn’t necessarily affected, so the user doesn’t know that anti-virus has been disabled.)

Client

Fraud Prevention 28


• The malware waits for the user to connect to a financial institution. As soon as that happens, an instant message is sent out to the criminal, alerting him that the user is online.

Client

• User enters logon credentials and token pin if used

• Malware executes a “man in the browser” attack

• Code is injected onto the user’s web page with a message such as “bank app is down; please try again in 15 minutes”

• Key logging software in the malware has captured the login credentials which are sent via Instant Messaging to the bad guy.

Fraud Prevention 29


• Before the 60 second expiration of the one time token pass code, the criminal logs on to the banking app.

• He now has the ability to do everything that the user is entitled to do.

Fraud Prevention 30


• Money is usually sent to mules, who are recruited to accept Wire Transfers and/or ACH payments. The mules then withdraw the funds and wire the money outside the US.

$

Fraud Prevention 31

Securing Your Data

Fraud Prevention 32

Fraud Prevention 33

Cyber Incident Response

› Step #1: Know Who to Involve in Your Initial Response

› Leadership Team › Should include Executive Management or have backing of executive

management› What departments need to be notified and develop procedures to conduct

business

› Consider Third Party Support

› Outside legal council › assists with risk and remediation procedures such as compliance

requirements, data breach disclosure laws, industry standards, federal and state laws

› Third party forensic company› Helps contain data breach and collects sensitive electronic data

(evidence) in a forensically sound manner, help mitigate, remediate and provide assistance in investigating the compromised internal workings for your network

Fraud Prevention 34

Cyber Incident ResponseStep #2 Containing the Problem While Investigating the Incident

› Determine the nature of the incident› Identify and close the assess point used by the hackers› Determine if the attack is ongoing, hours or days old› Network Topology – Provide a current and functional understanding

of your organization’s network and flow of data› Security setup and configuration (IDS, Logs servers, router

configurations, etc.)› Brief overview of inventory of computer systems and network

components› Access control – who has access to your systems and by what

means

Fraud Prevention 35

Cyber Incident Response

Step #3 Collecting and Reporting the Facts

› Successful prosecution hinges on locating and capturing evidence of the crime and documenting this in a forensically sound manner

› Log Management System › Key to determining what happened› Chain of custody of all evidence must be established

and preserved

Fraud Prevention 36

Fraud Prevention 37

Dual Control for transaction initiation

• Wire and ACH

• E-mail Alerts for Approvals

Daily Reconcilement

Secure Environment

• Dedicated PC and/or limit web surfing

• Firewall, Anti-virus, Anti-malware, Anti-spyware

Use strong passwords and protect them

• No birthdays or pet names

• Change every 60 days

Don’t click on links in suspicious e-mails

Internet Banking

Best Practices for Emerging Cyber Protection

Fraud Prevention 38

Counterfeit checks are by far the most prevalent check fraud mechanism

Check Fraud Forgery

• Unauthorized maker’s signature – produced manually or via fax• Unauthorized endorsements/payee claims

Alteration• Change to face or back of checks• Results in non-conforming payments instructions/endorsements

Counterfeit• Illegal, unauthorized printing of checks

Improper/missing endorsements• Endorsement is missing or doesn’t confirm to the way check was drawn

Non-negotiable check copy• Photocopy of check processed as an original check

Traditional Check Fraud

Regions Corporate Banking Example Presentation 39Regions Treasury Management

39

Goals:

• Ascertain current fraud protection strategies and risk management policies• Identify internal control gaps and potential risks to prevent loss• Establish an integrated approach to protect against internal and external fraud exposure• Integrate fraud prevention strategies into current treasury management processes, and

exercise industry practices for online security, paper-based and electronic processes • Leverage solutions to ensure early risk detection to prevent fraud before losses can occur • Automate reconciliation processes and online account activity monitoring• Implement alert and notification services • Protect accounts with dual control or custody for online payment processes and self-

administered transactions such as ACH and Wire transactions• Replace paper-based processes with more secure electronic processes where possible• Facilitate employee education regarding financial fraud in all forms

Fraud Protection and Risk Mitigation


In addition to the safeguards integrated into Regions Treasury Management services, we offer an arrayof advanced fraud protection solutions that work in tandem to substantially reduce your organization’srisk and exposure.

Goals:Reduce fraud

Exposure &Mitigate

Risk

• Regions ACH Alert

• Positive Pay Services

• Account Reconcilement

• Commercial Check Imaging

• Commercial Card

• Skylight ONE Card

• Cash Concentration/ZBA

• EDI Services



Regions Positive Pay ServicesEnsure your company is protected against unnecessary loss due to paper-based fraud

As payments fraud continues to increase, it is essential to have established safeguards to protect your company from the risk ofloss inherent with paper-based fraud. Positive Pay services are among the strongest and most immediate controls available to detect and prevent fraud. If your company issues checks, you should be using Positive Pay.

Regions gives you the power of choice. No industry is exempt from check fraud. That is why Regions offers a variety of Positive Pay service options to accommodate your specific fraud prevention goals and risk mitigation policies. Plus, Regions provides a Same Day Positive Pay option.

• Next Day Positive Pay• Same Day Positive Pay

• Reverse Positive Pay

• No Check Positive Pay



Regions ACH Alert®Minimize risk and reduce exposure to ACH fraud through early detection.

Regions ACH Alert provides a low-cost, effective safeguard for preventing unauthorized Automated Clearing House (ACH) debits. ACH Alert automatically monitors ACH debit activity and notifies you of any unauthorized or potentially fraudulent transactions based on the parameters you elect. Simply select suspect items for return using the online tool provided. There is no charge for returning unauthorized items, and ACH Alert will maintain a record of all ACH debit activity and return decisions for ease of future research.

Key Benefits:• Complete online management to monitor and control all ACH debit transactions

• Helps minimize risk associated with unauthorized ACH transactions reducing exposure to ACH fraud

• Customizable alerts allow you to select the transactions and parameters for alert notifications

• Transaction preauthorization enables the alert function to be bypassed online with no paperwork required

• You have complete control — early detection of suspect transactions enables potentially fraudulent ACHdebits to be rejected

If you leverage the ACH Network for payments, Regions ACH Alert will provide advanced fraud protection, safeguardingyour organization from potential ACH debit fraud, minimizing overall risk.


WHAT CAN YOU DO WITHIN THE NEXT 24 HOURS TO HELP PROTECT YOUR BUSINESS FROM FRAUD?


REGIONS FINANCIAL WELLNESS PROGRAM

44

REGIONS FINANCIAL WELLNESS SEMINARS

FINANCIAL EDUCATION CURRICULUM • Wise Use of Credit• Protect Yourself From Identity Theft• The Importance of Saving• Managing Your Money• Building Your Financial Know-How • Your Road to Home Ownership• Your Credit Report• Banking Basics for Students• Protect Your Small Business From Fraud• Energize Yourself Financially • Financial Tips for Your Small Business• 10 Ways To Simplify Your Life Using Banking Technology• Tips and Tools for Helping Seniors Avoid Financial Exploitation• Maximize Your Personal Wealth• Counterfeit Money Awareness and Cash Handling Tips

45


CONGRATULATIONS

• The ways fraud can happen to your business

• How you can protect your business and yourself

Thank you.

• TODAY, YOU WILL LEAVE WITH:

46

MEETING YOUR FINANCIAL GOALSMake an appointment with a Regions banker:• Call the Regions Green Line at 1-800-REGIONS• Go to regions.com and click “Make an Appointment”• Visit any Regions branch

Visit the Next Step Financial Learning Center for free, online interactive videos: Regions.com/learn

Use our online resources including articles, videos, and calculators:

Regions.com/nextstep

1

LEARN MORE ABOUT

23

47

https://www.regions.com/

https://www.regions.com/learn

https://www.regions.com/nextstep

fraud prevention and awareness an introduction for clients ... · spear phishing e-mails and/or...

Documents