cyber and fraud prevention is better than cure
play

Cyber and Fraud Prevention is better than cure Kent County Council - PowerPoint PPT Presentation

Dec 16, 2022 •339 likes •664 views

Cyber and Fraud Prevention is better than cure Kent County Council Schools Finance Information Group Gill Pegrum October 2018 This presentation aims to assist to minimise the impact of fraud on your business. However, relying on the

  1. Cyber and Fraud Prevention is better than cure Kent County Council Schools Finance Information Group Gill Pegrum October 2018 This presentation aims to assist to minimise the impact of fraud on your business. However, relying on the information in this presentation, although it may help to reduce the risk of fraud, will not eliminate it, nor does it guarantee that fraud will not occur. The content of this document is classified as PUBLIC

  2. Welcome – today we will discuss the following topics Threat Landscape Social Engineering Online Banking Security Bogus Boss Fraud Invoice re-direct fraud Help & Support Questions 2 The content of this document is classified as PUBLIC

  3. Prevention is better than cure “ Fraud undermines the credibility of the economy, ruins businesses and causes untold distress to people of all walks of life. For too long, there has been too little understanding of the problem and too great a reluctance to take ” steps to tackle it. Theresa May, 2016 3 The content of this document is classified as PUBLIC

  4. Threat Landscape 4 The content of this document is classified as PUBLIC

  5. Government View ‘…the scale of the threat is significant: one in three small firms, and 65% of large businesses are known to have experienced a cyber breach or attack in the past year. Of those large firms breached, a quarter were known to have been attacked at least once per month.’ ‘ My message today is clear: if you’re not concentrating on cyber, you are courting chaos and catering to criminals .’ Matt Hancock, former Minister for Digital and Culture March 2017 5 The content of this document is classified as PUBLIC

  6. Social Engineering Noun (In the context of information security) ‘the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.’ Oxford Living Dictionaries, 2016 6 The content of this document is classified as PUBLIC

  7. Social engineering • Never r give your full online Vishing banking details or card reader contact is made codes over the telephone, even by telephone. if the caller claims to be from Caller will purport the bank or police to be from your • The caller ID displayed on your bank, the police, phone can be easily spoof ofed ed, a fraud agency or don’t rely on it to verify the any other trusted caller organisation. • Unexpected or suspicious call? Purpose is to get you to reveal Always ys verify the caller using an information they independently verified number need 7 The content of this document is classified as PUBLIC

  8. Social Engineering Smishing contact is made by text message. Sender impersonates well known companies – often banks. May refer to suspicious activity on an Suspicious text message? account. Purpose is to get Please forward it to us at: you to click on a link or phone a 88355 telephone number ! No UK bank will send an email or text message containing a link to their online banking service ! 8 The content of this document is classified as PUBLIC

  9. Social Engineering • Update software and your browser – these fix security bugs and loopholes Malware • Only connect devices you trust malicious software to your computer such as Trojans or • Anti-virus and firewall software viruses. alone is not enough Downloaded from • Trusteer Rapport – provided phishing emails, illegal websites, ad by IBM banners. Financial malware sits quietly in the background until you access a UK online banking service 9 The content of this document is classified as PUBLIC

  10. Social Engineering Phishing contact is made by email. Sender impersonates well known companies or a colleague / friend. Purpose is to get you to click on a link or open an attachment ! No UK bank will send an email or text message containing a link to their online banking service ! Please forward suspicious emails to us – phishing@natwest.com • phishing@rbs.co.uk • phishing@ulsterbank.com • 10 The content of this document is classified as PUBLIC

  11. Data breaches • 6.5m accounts in 2012 • 167m accounts in 2016 • LinkedIn only aware when hacker tried to sell the stolen credentials • Data included un-encrypted security questions and answers (mother’s maiden name, first school etc.) • Five bitcoins - $2,300USD 11 The content of this document is classified as PUBLIC

  12. haveibeenpwned.com 12 The content of this document is classified as PUBLIC

  13. haveibeenpwned.com 13 The content of this document is classified as PUBLIC

  14. Bogus boss fraud Malware 14 The content of this document is classified as PUBLIC

  15. Malware in action Fraudster’s view Customer’s view 15 The content of this document is classified as PUBLIC

  16. Malware in action Fraudster’s view Customer’s view 16 The content of this document is classified as PUBLIC

  17. Malware in action Fraudster’s view Customer’s view 17 The content of this document is classified as PUBLIC

  18. Malware – In summary Money sent Fraudster creates a Log-on details new payment captured Smartcard Request Delay challenge code intercepted experienced given 18 The content of this document is classified as PUBLIC

  19. Online banking – best practices Restrict payments to Use $tR0n 0ng g p@zzw zwOr Ords ds that certain countries are changed regularly Limit payment values Do not allow employees to share their credentials Introduce dual authorisation of payments Regularly review user roles and profiles Limit access to only those who really need it Disable access for absent staff Keep log-on details safe and secure 19 The content of this document is classified as PUBLIC

  20. Social engineering – What can you do? Your bank will never ask you to transfer funds to protect you from fraud • Understand your bank’s process – when will they not ask for PIN and password details? • Be cautious of requests to download screen-sharing or remote control software • Don’t trust caller ID and if you receive a sus pious call – use an independent number to call your • bank back Do not reply to unsolicited text messages • Do not log on to your bank’s online service via a link in a text message • • Verify any phone numbers you have been prompted to call Report any suspicious contact • Ensure websites are secure – look for the ‘https’ and a locked padlock or unbroken key symbol • Install a firewall and up-to-date anti-virus software • • Keep your browser and other software up to date. Suppliers regularly release updates to fix security bugs Be aware of what you connect to your computer. • Be suspicious of unsolicited or unexpected emails, even if they appear to originate from a • trusted source Be alert to emails sent from an internet account such as Yahoo!, Hotmail or Gmail • Don’t click on a link unless you’re sure it is genuine and never enter sensitive information into a • link from an email Be aware of attachments in emails – they could contain malware • 20 The content of this document is classified as PUBLIC

  21. Bogus boss fraud 21 The content of this document is classified as PUBLIC

  22. Bogus Boss fraud • Criminal spoofs or hacks senior executives email address • Urgent payment request is made • Urgent language may create pressure • Purpose is to get you to make the payment without question 22 The content of this document is classified as PUBLIC

  23. Bogus Boss fraud – What can you do? FROM: sajid.singh@yourcompany..com TO: hazel.murphy@yourcompany.com SENT: 28 September 2016 16:48 • Check for irregularities SUBJECT : Urgent payment • Consider the language used Hazel, • Always contact the sender I’m stuck in a meeting and need you to make an urgent payment. • Use independently sourced Pay new supplier £35,000, quoting reference ‘ N ew Contract’. contact details Sort code: 111111, Account number: 22222222 • Follow laid down procedures Let me know when the payment has been processed. Sajid. 23 The content of this document is classified as PUBLIC

  24. Invoice re-direct fraud 24 The content of this document is classified as PUBLIC

  25. Invoice re-direct fraud • Change of bank details instruction is given – sometimes by phone • This could be followed by a fax or e- mail ‘confirmation’ • Headed paper and genuine details within the instruction • Purpose is to get you to change the details payments are made to 25 The content of this document is classified as PUBLIC

  26. Invoice re-direct fraud – What can you do? Limited • Contact the supplier using an independently sourced number × • Confirm the correct details before a payment is made • Undertake a review of recent and pipeline requests • Speak with other employees responsible for this type of × request 26 The content of this document is classified as PUBLIC

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fraud Prevention: The Prevention and Detection of Fraud Begins with You Takeaways What is

Fraud Prevention: The Prevention and Detection of Fraud Begins with You Takeaways What is

Fraud Prevention: The Prevention and Detection of Fraud Begins with You Takeaways What is fraud? Definition Facts Four factors Fraud risk assessment Four evaluation criteria Common fraud schemes Case studies

707 views • 60 slides
CYBER FRAUD Presented by: JACK R. SUDOL, MBA Cyber Fraud FBI Announcement Between October

CYBER FRAUD Presented by: JACK R. SUDOL, MBA Cyber Fraud FBI Announcement Between October

CYBER FRAUD Presented by: JACK R. SUDOL, MBA Cyber Fraud FBI Announcement Between October 2013 and December 2016 the FBI reported 40,203 incidents of BEC/EAC totaling $5.3 Billion Dollars of Losses! The number of wire fraud scams

997 views • 20 slides
Fraud Prevention Detective Constable Sam Kinkaid, PSNI Maggie Hunter, RBS March 2018 Welcome

Fraud Prevention Detective Constable Sam Kinkaid, PSNI Maggie Hunter, RBS March 2018 Welcome

Cyber Security and Fraud Prevention Detective Constable Sam Kinkaid, PSNI Maggie Hunter, RBS March 2018 Welcome Risks Cyber Security / Fraud Common threats Case Studies what we are seeing in Northern Ireland Social

705 views • 35 slides
Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention

Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention

Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention Case Studies Our Commitment Spring ISD Source: ACFE & Fraud Overview What Is Fraud? Fraud is any intentional act or

405 views • 18 slides
Cyber Safety How to Stay Connected & Protected Overview Cybe Cyber r Fr Fraud aud &

Cyber Safety How to Stay Connected & Protected Overview Cybe Cyber r Fr Fraud aud &

Cyber Safety How to Stay Connected & Protected Overview Cybe Cyber r Fr Fraud aud & Cybe & Cybercri rcrime me Online Fraud and Cyber Scams Quiz What percent of people dont use a passcode for their smartphone? A. 10% B.

611 views • 30 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
Cyber payments fraud February 2020 Confidential For Discussion & General Information

Cyber payments fraud February 2020 Confidential For Discussion & General Information

Cyber payments fraud February 2020 Confidential For Discussion & General Information Purposes Only Online Payments fraud agenda New and evolving threats in the fraud landscape Critical strategies your organization needs for fraud

329 views • 18 slides
Cyber Fraud Trends - Authentication Ralph Thomas - iDefense Malcode Intelligence

Cyber Fraud Trends - Authentication Ralph Thomas - iDefense Malcode Intelligence

20 th Annual FIRST Conference Cyber Fraud Trends - Authentication Ralph Thomas - iDefense Malcode Intelligence rthomas@idefense.com, +1.571.723.1978 June, 2008 Cyber Fraud Disruptors Anti-virus Windows Vista Firewall Stopped

321 views • 16 slides
Scams, Fraud and Cyber Crime PC Tom Lee See here the Take five to stop fraud video: YouTube More

Scams, Fraud and Cyber Crime PC Tom Lee See here the Take five to stop fraud video: YouTube More

Scams, Fraud and Cyber Crime PC Tom Lee See here the Take five to stop fraud video: YouTube More information on the Take five website. 1.0 million 3.4 million Cyber crime and Fraud 4.4 million All other crime 6.2 million 0 1000 2000

672 views • 53 slides
FRAUD DETECTION & PREVENTION USING SOCIAL NETWORK ANALYSIS BY Lekan Omodara Agenda

FRAUD DETECTION & PREVENTION USING SOCIAL NETWORK ANALYSIS BY Lekan Omodara Agenda

FRAUD DETECTION & PREVENTION USING SOCIAL NETWORK ANALYSIS BY Lekan Omodara Agenda Introduction Financial cost of fraud in the UK SAS Fraud Framework components FCM & SNA Steps in FCM & SNA Prevention and

507 views • 39 slides
Cyber Crime & IT Fraud Could your organisation survive if it lost $20,000? $50,000? Or $1

Cyber Crime & IT Fraud Could your organisation survive if it lost $20,000? $50,000? Or $1

Speaker: Stuart Hutcheon (Partner - StewartBrown) Cyber Crime & IT Fraud Could your organisation survive if it lost $20,000? $50,000? Or $1 million overnight? Overview History Categories of Cyber Crime Contents and Outline

320 views • 19 slides
We have to do research not as a cure but merely more of prevention toward sustainable

We have to do research not as a cure but merely more of prevention toward sustainable

We have to do research not as a cure but merely more of prevention toward sustainable educational system. 3 rd International Conference on Education 2017 Kuala Lumpur, Malaysia 20-22 April 2017 EFFECTIVENESS OF REMEDIAL READING CLASSES

316 views • 31 slides
Nonp onpro rofi fit Symposium posium Fraud Risk Mitigation and Prevention in Nonprofit

Nonp onpro rofi fit Symposium posium Fraud Risk Mitigation and Prevention in Nonprofit

Thomas G. Claassen CPA, ABV, CFE, CFF July 16, 2009 Nonp onpro rofi fit Symposium posium Fraud Risk Mitigation and Prevention in Nonprofit Organizations Fr Fraud ud De Defi fine ned Fraud is: 1) any intentional act or omission 2)

415 views • 29 slides
Consolidated Slides from 11-8-18 Fraud & Cyber-crime Presentations FBI: Threat Analysis

Consolidated Slides from 11-8-18 Fraud & Cyber-crime Presentations FBI: Threat Analysis

Consolidated Slides from 11-8-18 Fraud & Cyber-crime Presentations FBI: Threat Analysis Slides Not Provided Internal Control Reviews Summary Report State Auditor: Detecting Fraud (no videos) Evolving Controls Summary of

1.11k views • 89 slides
Cyber Threats Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation

Cyber Threats Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation

Cyber Threats Views from the FBI Special Agent Keith Custer Federal Bureau of Investigation Baltimore Division Overview Cyber Threat Overview Cyber-enabled Fraud Types of Cyber-enabled Fraud Business Email Compromise

796 views • 47 slides
Fraud: Detection & Prevention December 2017 Agenda IT Security Bill Golden, CIO

Fraud: Detection & Prevention December 2017 Agenda IT Security Bill Golden, CIO

Fraud: Detection & Prevention December 2017 Agenda IT Security Bill Golden, CIO State Banking Operations Fraud Brandon Watson, Banking Director Unclaimed Property Fraud Brenda Williams, Deputy Treasurer, Unclaimed

678 views • 28 slides
BUDGET PRESENTATION 2018-2019 School Year Robert Pfau BUDGET REQUEST 650

BUDGET PRESENTATION 2018-2019 School Year Robert Pfau BUDGET REQUEST 650

INFORMATION TECH BUDGET PRESENTATION 2018-2019 School Year Robert Pfau BUDGET REQUEST 650 10-2240-650-000-0-90 QUANTITY DESCRIPTION - INCLUDE MFG., NUMBER, UNIT Total Amount CATALOG NO., LEVEL, etc. PRICE 110 Toner Cartridges 230.00

233 views • 7 slides
Scottish Rite CyberSecurity Presented by: Jeremy M. Livingston Presented on: 9/12/2019 Bio:

Scottish Rite CyberSecurity Presented by: Jeremy M. Livingston Presented on: 9/12/2019 Bio:

Scottish Rite CyberSecurity Presented by: Jeremy M. Livingston Presented on: 9/12/2019 Bio: Jeremy M. Livingston CISSP, Security+, MCSE Masters in Cybersecurity Current Doctorate student AVP & CISO NJ Edge

577 views • 12 slides
The development of a contained and user emulated malware assessment platform Siebe Hodzelmans

The development of a contained and user emulated malware assessment platform Siebe Hodzelmans

The development of a contained and user emulated malware assessment platform Siebe Hodzelmans & Frank Potter (TechCrunch, 2012) 2/23 Incident Response and Malware Analysis (Debrie, Lone-Sang, and Quint, 2014) 3/23 (ArsTechnica, 2017)

530 views • 23 slides
Heimdal - The Cyberthreat Security Suite - We protect what others cant About Heimdal Security

Heimdal - The Cyberthreat Security Suite - We protect what others cant About Heimdal Security

Heimdal - The Cyberthreat Security Suite - We protect what others cant About Heimdal Security Part of the best in the Devised by world Driven by experienced Cyber Threat space champions experts Heimdal Security is part of the best in The

712 views • 43 slides
Ayr State High School BYOx 2015 Parent Presentation Session Aims Explain the benefits of

Ayr State High School BYOx 2015 Parent Presentation Session Aims Explain the benefits of

Ayr State High School BYOx 2015 Parent Presentation Session Aims Explain the benefits of BYOx Outline the operation of the BYOx program at Ayr SHS Explain the use of vendor portals Outline the location of additional information

928 views • 36 slides
05/20/20 Webinar Resources and Additional information NC DPS Emergerncy Management Cyber Unit

05/20/20 Webinar Resources and Additional information NC DPS Emergerncy Management Cyber Unit

NC State Office of the Controller 05/20/20 Webinar Resources and Additional information NC DPS Emergerncy Management Cyber Unit North Carolinas Fusion Center (NC ISAAC) NC Department of Information Technology How To Report Major Ongoing

397 views • 37 slides
This presentation has been created by the Center for Cyber Safety and Education with the help of

This presentation has been created by the Center for Cyber Safety and Education with the help of

This presentation has been created by the Center for Cyber Safety and Education with the help of the worlds leading cybersecurity professionals: the certified global members of (ISC) 2 . Expectations Awareness About You Do you mostly ...

353 views • 31 slides
Cyber Crime & OSINT Will your business be victorious or a victim? Dr Stephen Hill

Cyber Crime & OSINT Will your business be victorious or a victim? Dr Stephen Hill

Cyber Crime & OSINT Will your business be victorious or a victim? Dr Stephen Hill drshill@gmx.co.uk We believe that data is the phenomenon of our time. It is the worlds new natural resource. It is the new basis of competitive advantage,

676 views • 51 slides

More recommend