Fraud and the Internet Sandra Peaston Deputy Head of Financial - - PowerPoint PPT Presentation

Fraud and the Internet

Sandra Peaston Deputy Head of Financial Crime and Strategic Intelligence 10th February 2015

This evening’s presentation

What is Cifas The Identity Fraud Problem Reeling you in – how phishing works Fraud in Hammersmith and Fulham How to avoid being a victim What to do if you are a victim

What is Cifas?

Preventing fraud through confirmed fraud data sharing since 1988

A not-for-profit membership organisation – National Fraud Database and Internal Fraud Database Funded and driven by 300+ organisations (public and private sector) Data is shared across organisations and law enforcement under the Data Protection Act (1998) and The Serious Crime Act (2007) Fraud data is non-competitive: Shared benefits from communication, cooperation and collaboration to prevent crime

£4.1 billion in reported fraud prevention savings in the last 5 years

Fraud in 2014

277,000 fraud cases identified - ▲25%

50,000 100,000 150,000 200,000 250,000 300,000 2008 2009 2010 2011 2012 2013 2014

Identity Fraud

114,000 cases of Identity Fraud recorded - ▲5%

20,000 40,000 60,000 80,000 100,000 120,000 140,000 2010 2011 2012 2013 2014

Identity Fraud and the Internet

4 out of 5 Identity Fraud are perpetrated

• ver the internet

Anonymity Volume Speed Electronic identity verification

But online security helps to counter the threat

takeover of existing accounts ▼38% Intelligent data sharing prevents fraud Software solutions e.g. Device recognition

Open source information – Company’s House, Land Registry etc. Staff insiders Database breaches Malware – malicious software You – Social Engineering

Where does the data come from?

Social Engineering

“Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information”

Wikipedia – Social engineering (security)

http://en.wikipedia.org/wiki/Social_engineering_(security)

The weak link in the chain is often human

Phishing

Phishing – social engineering by email

To convince the victim to transfer money directly and or disclose personal information To capture credentials via fake (spoofed) websites To infect computers with virus’ in malicious webpages To infect computers with virus’ in attachments

1 in 392 emails in 2013 (1 in 414 in 2012)

Really not sophisticated

More sophisticated

Really clever

Common “tells”

Not expecting the email Not registered with the website Broken formatting Spelling/grammar mistakes Not in the email recipient list Not addressed by name Email requires action – click on link/open file Message conveys a sense of urgency Hovering over the link shows a different destination

http://www.actionfraud.police.uk/report_fraud

Hacks

This is not new – these have been going

• n for years

Attacks were to obtain intellectual property Now attacks are for:

Fun Disruption IP theft Personal data theft

1,367 confirmed data breaches in 2013 globally

Verizon 2014 Data Breach Investigations Report

ID Crime victims in London

ID Crime victims in Hammersmith & Fulham

Fraud in Hammersmith & Fulham

1,187 1,201 1,268 573 614 697

200 400 600 800 1,000 1,200 1,400 2012 2013 2014 Frauds Victims of ID crime

Avoid being a victim

Keep your identity safe limit the amount of personal information you give away

• n social networking sites

update your computer's firewall, anti-virus and anti- spyware programmes never share your passwords or PINs with others, and do not write them down use strong passwords and PINs don't use the same password or PIN for more than one account shred all your financial documents before you throw them away If someone asks for your personal details either online

• r on the phone, and you have doubts about why they

need them, check first. If you're in any doubt, don’t disclose

https://www.cifas.org.uk/avoid_being_a_victim

Avoid being a victim

Keep your devices secure Encrypt your wireless network to the highest possible setting - ideally WPA2 Delete your web browser history and cookies regularly Use different email addresses and different passwords for your various online accounts Never visit any website that uses financial details (such as banking or shopping) from a public wi-fi hotspot Block spam emails. Never respond to unsolicited emails Hovering the mouse cursor over a link will often reveal the real address of the page it's sending you to When using smartphones or tablets, make sure you use all the device's security features such as passwords and PINs. Remember to lock all devices when you're not using them Avoid publicising your travel plans or posting holiday pictures while you're away from home

https://www.cifas.org.uk/avoid_being_a_victim

If you are a victim

Check your bank, credit card and other financial statements If regular statements or other items of post don't arrive, contact the organisations concerned Do the same if you start receiving correspondence from companies about applications or accounts that you do not recognise Investigate any credit refusal - it could be a sign that your credit report has been damaged Contact one of the credit reference agencies. They can help you review your credit report and contact all of the

• rganisations involved for you. They will also notify the
• ther two credit reference agencies so they too can
• ffer help

Consider a Cifas Protective Registration

Cifas – Leaders in fraud prevention

Protecting the public

Protective Registration Service

Protects those at a heightened risk of ID Crime Bulk services available to companies which have suffered a breach in order to protect their customers

Protecting the vulnerable

Designed for those subject to a court order of protection under the Mental Capacity Act 2005 and not able to request financial or other services

Public messaging

Key prevention messages

Questions?