combating email fraud
play

Combating Email Fraud Maitham Al Lawati, CISSP, CISM, CRISC, CCSP, - PowerPoint PPT Presentation

Jun 12, 2023 •177 likes •298 views

Combating Email Fraud Maitham Al Lawati, CISSP, CISM, CRISC, CCSP, CEH, ISO27001 LI General Manager Risk, Compliance & MSS ISO27001:2013 u2 Do you know that the bad guys can send spoofed emails on behalf your domain name and they can

  1. Combating Email Fraud Maitham Al Lawati, CISSP, CISM, CRISC, CCSP, CEH, ISO27001 LI General Manager – Risk, Compliance & MSS ISO27001:2013

  2. u2 Do you know that the bad guys can send spoofed emails on behalf your domain name and they can be reached to your partners, customers and maybe even to your own staff?

  3. Slide 2 u2 user, 11/4/2017

  4. Organizations Problems with Email 1 .…Fraud email is sent to customers & business partners.. ‐ 100 billion spam messages globally per day ‐ 2.1 million phishing messages per day ‐ 73% of data breaches begin with a fraudulent email 2 It is difficult to identify fraudulent email. ‐ Phishing emails have a 70% open rate ‐ 50% of users to open phishing email will open the URL or attachment

  7. Fraud Email is the Start of a Data Breach • 73% of data breaches begin with fraudulent email. The below scenarios are common methods to breach consumers devices or employee’s “bring your own devices”. User Credential Compromise • URL to website to capture login credentials • Compromised username & password often reused across websites Malware Installation Fraud Expenses • Email often spoofs YourCompany.com, YourCompamy.com, Brand Erosion or other trusted domain Untrusted Emails

  8. Difficult for Companies to Identify Emailers • Outsourcing companies send email spoofing FROM:@company.com from their own IP addresses. Good Subject: “New Benefits Website” Outsourced Business Services Server? From: company.com ‐ HR To: customer@Gmail.com ‐ Recruiting ‐ Benefits administrators Bad ‐ Operations Subject: “10% Off” Server? ‐ Customer Service Center From: company.com To: customer@Gmail.com ‐ IT ‐ Marketing Email campaigns ‐ Sales Partners Good ‐ (…) Subject: “Account is Locked” Server? From: company.com To: customer@Gmail.com The IT needs to distinguish fraud emails senders vs. outsourced senders.

  10. DMARC Benefits for Financial Services Gain 24/7/365 Email Spoofing Visibility Leverage DMARC Authentication to Strengthen Email Security & Brand Protection Decrease Fraudulent Email Delivery to by Over 99% Restore Trust with Consumers via email communication

  11. How well does it work?

  12. Summary of DMARC Recommendations Establish Monitoring with DMARC DMARC Declare Increase Configure Policy Goal: DMARC DMARC ‘quarantine’ SPF & DKIM Policies Security or ‘reject’ Recommendations 1) Have a DMARC policy goal for each domain and sub‐domain 2) Create a DMARC policy on each sub‐domain to detour spoofing 3) Predefine the advancement criteria from p=none to p=quarantine to p=reject 4) Ensure DMARC pass rate of 98% ‐ 100% before advancing the DMARC policy 5) Advance all parked domains to p=reject as a final state

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Combating Drivers License Fraud By Owen McShane Director of Investigations New York State

Combating Drivers License Fraud By Owen McShane Director of Investigations New York State

Combating Drivers License Fraud By Owen McShane Director of Investigations New York State Department of Motor Vehicles Combating Drivers License Fraud Facial Recognition Name Matching Software Document Scanning Workstations

518 views • 23 slides
Combating Fraud While Protecting Aid for True Students May 21, 2014 The webcast will begin at

Combating Fraud While Protecting Aid for True Students May 21, 2014 The webcast will begin at

Combating Fraud While Protecting Aid for True Students May 21, 2014 The webcast will begin at the top of the hour. There is no audio being broadcast at this time. If you need assistance, contact Blackboard Collaborate: 866-388-8674.

666 views • 55 slides
WHAT YOU ARE UP AGAINST COMBATING FRAUD Garry W.G. Clement, CFE,CAMS, AMLP President and CEO

WHAT YOU ARE UP AGAINST COMBATING FRAUD Garry W.G. Clement, CFE,CAMS, AMLP President and CEO

WHAT YOU ARE UP AGAINST COMBATING FRAUD Garry W.G. Clement, CFE,CAMS, AMLP President and CEO Clement Advisory Group 905-355-1066, fax:905-355-3210 cell:905-375-5076 gclement@clementadvisorygroup.ca www.clementadvisorygroup.ca We are what we

857 views • 49 slides
Combating Click Fraud Using Premium Clicks Sid Stamm , RavenWhite Inc. and Indiana University

Combating Click Fraud Using Premium Clicks Sid Stamm , RavenWhite Inc. and Indiana University

Combating Click Fraud Using Premium Clicks Sid Stamm , RavenWhite Inc. and Indiana University Joint Work With Ari Juels , RSA Laboratories, RSA/EMC Corp Markus Jakobsson , RavenWhite Inc. Research Performed at RavenWhite Inc. 1 Click

600 views • 46 slides
Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention

Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention

Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention Case Studies Our Commitment Spring ISD Source: ACFE & Fraud Overview What Is Fraud? Fraud is any intentional act or

405 views • 18 slides
The European Anti-Fraud Office Duan STERLE dusan.sterle@ec.europa.eu OLAFs MANDATE The

The European Anti-Fraud Office Duan STERLE dusan.sterle@ec.europa.eu OLAFs MANDATE The

The European Anti-Fraud Office Duan STERLE dusan.sterle@ec.europa.eu OLAFs MANDATE The mission of OLAF is threefold: l To protect the financial interests of the European Union by combating fraud, corruption and any other illegal

263 views • 22 slides
Fraud Prevention: The Prevention and Detection of Fraud Begins with You Takeaways What is

Fraud Prevention: The Prevention and Detection of Fraud Begins with You Takeaways What is

Fraud Prevention: The Prevention and Detection of Fraud Begins with You Takeaways What is fraud? Definition Facts Four factors Fraud risk assessment Four evaluation criteria Common fraud schemes Case studies

707 views • 60 slides
What is Fraud ? The Fraud Act 2006 defines fraud as . Headed by Investigations Manager

What is Fraud ? The Fraud Act 2006 defines fraud as . Headed by Investigations Manager

Points to cover Leicester City Council Revenues & Benefits Investigation Team What is Fraud? Fraud Awareness Key issues for the Team Audit and Risk Committee Referrals & Investigation Process Sanctions &

69 views • 4 slides
The Fraud Indicator in the UK Professor Mark Button Centre for Counter Fraud Studies Outline of

The Fraud Indicator in the UK Professor Mark Button Centre for Counter Fraud Studies Outline of

The Fraud Indicator in the UK Professor Mark Button Centre for Counter Fraud Studies Outline of Presentation General measures of fraud Past measurement of fraud The annual fraud indicator and fraud Theres no fraud here, Ive

684 views • 26 slides
09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud

09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud

09/28/2005 Shalendra Chhabra MS Thesis Defense - Fighting Spam, Phishing and Email Fraud University of California, Riverside Acknowledgements Grateful to: UCR, My Advisor Dimitrios Gunopulos, My Mentors William S Yerazunis and Bhiksha Raj

572 views • 43 slides
Prioritising the Fight Against Fraud: A Strategic Approach The Association of Certified Fraud

Prioritising the Fight Against Fraud: A Strategic Approach The Association of Certified Fraud

Prioritising the Fight Against Fraud: A Strategic Approach The Association of Certified Fraud Examiners (ACFE) is an international, professional organization dedicated to fighting fraud and white-collar crime . As fraud becomes increasingly more

373 views • 24 slides
Definition of Fraud Fraud is an intentional deception made for personal gain Fraud Triangle

Definition of Fraud Fraud is an intentional deception made for personal gain Fraud Triangle

MMTCTA Fraud Internal Controls Presented By Ron Smith & Greg Chabot, RHR Smith & Co. May 14, 2015 About RHR Smith & Company: RHR does approx 130 of Maines 500 Municipalities In the past year RHR has Investigated 23+

506 views • 39 slides
The Role of Internal Controls in the Fight Against Fraud A Tale of Fraud! Payroll manager

The Role of Internal Controls in the Fight Against Fraud A Tale of Fraud! Payroll manager

The Role of Internal Controls in the Fight Against Fraud A Tale of Fraud! Payroll manager makes $2.25MM disappear! It must be Magic! Fraud Statistics 5% of GWP lost to employee fraud & abuse More than $3.5 Trillion per year

559 views • 44 slides
Medicare ACOs: Fraud and Abuse Perspectives This webinar is brought to you by the Fraud &

Medicare ACOs: Fraud and Abuse Perspectives This webinar is brought to you by the Fraud &

Medicare ACOs: Fraud and Abuse Perspectives This webinar is brought to you by the Fraud & Abuse (Fraud) Practice Group and the Accountable Care Organization Task Force (ACO TF) (a joint endeavor of the Antitrust; Fraud and Abuse; Health

408 views • 26 slides
Fraud in the NHS Iain Flinn Counter Fraud Specialist March 2011 Areas Susceptible to Fraud

Fraud in the NHS Iain Flinn Counter Fraud Specialist March 2011 Areas Susceptible to Fraud

Fraud in the NHS Iain Flinn Counter Fraud Specialist March 2011 Areas Susceptible to Fraud Procurement Qualifications Sickness / Attendance / Time Recording Ghosts Salary payments Prescriptions Health Tourists

619 views • 9 slides
The Work of the New Zealand Serious Fraud Office White Collar Crime and Serious Fraud Conference

The Work of the New Zealand Serious Fraud Office White Collar Crime and Serious Fraud Conference

The Work of the New Zealand Serious Fraud Office White Collar Crime and Serious Fraud Conference AUCKLAND 2 JULY 2010 WHAT IS THE SERIOUS FRAUD OFFICE? SFO: An Overview Mandate investigate and prosecute serious or complex fraud Part 1 -

421 views • 13 slides
no no-more more UseCases NoMore ApS | Nytorv 3. 1 st floor, 1450 Copenhagen, Denmark |

no no-more more UseCases NoMore ApS | Nytorv 3. 1 st floor, 1450 Copenhagen, Denmark |

nomore no no-more more UseCases NoMore ApS | Nytorv 3. 1 st floor, 1450 Copenhagen, Denmark | CVR: 37549223 | E: info@nomorehours.com | +45 78 76 25 00 | www.nomorehours.com When youre in a workshop From workshop c From works

568 views • 28 slides
Product Management from Facebook to GitHub: Using data to understand users & build products

Product Management from Facebook to GitHub: Using data to understand users & build products

Product Management from Facebook to GitHub: Using data to understand users & build products Identify Define Creating Opportunities Success Experiences Who am I? Cristina Fernndez Counsyl (genetics) GitHub Facebook Identify Define

745 views • 42 slides
Corporate integrity in turbulent times EY Forensic & Integrity Services 9 July 2020

Corporate integrity in turbulent times EY Forensic & Integrity Services 9 July 2020

Corporate integrity in turbulent times EY Forensic & Integrity Services 9 July 2020 Restriction of use and liability EY Global Integrity Report 2020 Spotlight on India The COVID-19 crisis has magnified the risk of unethical conduct in

985 views • 7 slides
Anomaly-based Bot Server (and more!) Detection Jim Binkley jrb@cs.pdx.edu Portland State

Anomaly-based Bot Server (and more!) Detection Jim Binkley jrb@cs.pdx.edu Portland State

Anomaly-based Bot Server (and more!) Detection Jim Binkley jrb@cs.pdx.edu Portland State University Computer Science outline background experimental flow tuples botnet server mesh detection botnet client mesh detection

364 views • 23 slides
HELLO Dr Jonathan Mitchell Non-Executive Chair, CIO Practice Harvey Nash plc THE HARVEY

HELLO Dr Jonathan Mitchell Non-Executive Chair, CIO Practice Harvey Nash plc THE HARVEY

HELLO Dr Jonathan Mitchell Non-Executive Chair, CIO Practice Harvey Nash plc THE HARVEY NASH/KPMG CIO SURVEY IS THE LARGEST IT LEADERSHIP STUDY IN THE WORLD $1/4 Trillion 82 countries Almost 3,400 revenue 18 years of history respondents

787 views • 46 slides
www.prestwoodva.org.uk 26/04/2017 Prestwood Village Association 1 Agenda 7.30pm Annual

www.prestwoodva.org.uk 26/04/2017 Prestwood Village Association 1 Agenda 7.30pm Annual

www.prestwoodva.org.uk 26/04/2017 Prestwood Village Association 1 Agenda 7.30pm Annual General Meeting 7:50pm Four years down the line 8.00pm Around Prestwood Speakers Future plans for Prestwood schools Amanda Cook,

500 views • 48 slides
in Georgia Georgia Milestones Assessment The States Rationale for Change Development of a

in Georgia Georgia Milestones Assessment The States Rationale for Change Development of a

A Parents Guide to Standardized Testing in Georgia Georgia Milestones Assessment The States Rationale for Change Development of a comprehensive assessment system rather than a series of tests CRCT , Writing Assessment, End of

409 views • 13 slides
Using Non-Redundant Mutation Operators and Test Suite Prioritization to Achieve Efficient and

Using Non-Redundant Mutation Operators and Test Suite Prioritization to Achieve Efficient and

Using Non-Redundant Mutation Operators and Test Suite Prioritization to Achieve Efficient and Scalable Mutation Analysis Ren Just 1 , 2 & Gregory M. Kapfhammer 3 & Franz Schweiggert 2 1 University of Washington, USA 2 Ulm University,

1.18k views • 85 slides

More recommend