fraud prevention
play

Fraud Prevention Detective Constable Sam Kinkaid, PSNI Maggie - PowerPoint PPT Presentation

Sep 01, 2022 •337 likes •705 views

Cyber Security and Fraud Prevention Detective Constable Sam Kinkaid, PSNI Maggie Hunter, RBS March 2018 Welcome Risks Cyber Security / Fraud Common threats Case Studies what we are seeing in Northern Ireland Social

  1. Cyber Security and Fraud Prevention Detective Constable Sam Kinkaid, PSNI Maggie Hunter, RBS March 2018

  2. Welcome Risks – Cyber Security / Fraud • Common threats • Case Studies – what we are seeing in Northern Ireland • Social media risks • Help and Support • Questions • Take Away’s •

  3. Key Message The majority of cybercrime is preventable by taking simple steps to secure your cyber security. 3

  4. Data Security WHAT do I have that is worth protecting? • WHERE is your information held? • WHO do I want to protect it from? • HOW is your information protected? • WHO has access to your information? • WHAT are the risks and consequences of a data breach? • 4

  5. 2017 Cyber Security Breaches Survey Just under 46% of businesses surveyed identified at least one breach or attack last year Of those: 72% reported staff receiving fraudulent emails 33% reported viruses / malware 27% reported people impersonating the company 17% reported Ransomware Reflective of cyber incidents experienced by NI businesses 5

  6. Criminal Office

  7. Email attacks Identifying the most effective phishing ‘hooks’ to get the highest • click-through rate – run as a business Enclosing genuine logos and other identifying information of • legitimate organisations in the message Providing a mixture of legitimate and malicious hyperlinks to • websites in the message – e.g. including authentic links to privacy policy and TOS of a genuine organisation An increasing use of compromised ‘genuine’ accounts as the source • of phishing emails as a means of bypassing mail filters and previous guidance 7

  8. Case Study – Account Compromise 8

  9. Case Study – Account Compromise 9

  10. Emails Search your personal / work email • addresses at www.haveibeenpwned.com Will reveal any data breach involving your • email address and what other data may have been compromised. 10

  11. Email Passwords If I can compromise your email account I have the means to • attack reset any account you have linked to it. Advice you probably use was created in 2003 by Bill Burr – US • Institute of Standards & Technology – he apologised in 2017 Current advice is to use 3 random words together with any • other requirement i.e. number, special character to create a strong separate password for your email. 11

  12. Case Study – Malware 12

  13. Case Study – Ransomware Infects system as a malicious email • attachment or through remote desktop vulnerability Runs quietly in background encrypting files • with common extensions i.e. .jpg, .xls, .docx New variants will spread from infected • machine throughout network Will encrypt any backup found accessible • from the network 13

  14. Protect against Ransomware 14

  15. Remote Desktop Remote Desktop is an application available through the Windows • Operating System. A useful system if the correct security settings are in place • Recent Ransomware attacks have involved the use of remote • desktop access and not email attachments – maybe a reaction to a rise in awareness If compromised, malware including Ransomware, keyloggers, • remote access tools can be uploaded. 15

  16. Remote Desktop Ask the right questions:- Is RDP on? • Who set the password and how secure is it? • Is the system protected from a brute force attack? • Passwords seen by PSNI include: Password123, Passw0rd, guest, Administrat0r, querty123 16

  17. Case Study – Network intrusion System compromised and username / passwords obtained • Suspect gains remote access to network • Corporate information or access to financial • transactions obtained Internal and External • risks 17

  18. Fraud Risk - Social Engineering Noun (In the context of information security) ‘ the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.’ Oxford Living Dictionaries, 2016

  19. Social Engineering Vishing Phishing Contact is made by telephone. The caller will Contact is made by email. Sender purport to be from your bank, the police or a impersonates well known companies or a fraud agency (amongst others). Purpose is to colleague / friend. Purpose is to get you to get you to reveal information they need. click on a link or open an attachment. Smishing Malware Contact is made by text message. Sender Malicious software such as Trojans or viruses. impersonates well known companies – often Downloaded from phishing emails, illegal banks. May refer to suspicious activity on an websites, ad banners. Financial malware sits account. Purpose is to get you to click on a quietly in the background until you access a link or phone a telephone number. UK online banking service.

  20. Case Study - Vishing Call received into the accounts team • Caller claimed she was from the • bank’s Money Laundering Team and was investigating an incoming payment Some information provided by caller • Caller said all payments were frozen • Requested information from the client • to ‘unfreeze’ the account

  21. Preventing Vishing Immediately terminate a call where ! We will NEVER ask a customer to: you have been asked to provide online banking credentials or other disclose their online banking log-on personal information details, including Smartcard codes transfer money to another bank account Do not feel pressurised to protect them from fraud Verify the caller is and why they are calling enter a card PIN into their telephone If unsure, do not reveal any information keypad Call the bank as soon as possible hand over plastic cards or cash to Independently find a number to use protect them from fraud Where possible, use a different phone line 21

  22. Case Studies - Call Spoofing and Remote Control ! Please note – these are genuine products that are being abused by criminals !

  23. Case Study – Remote Access Victim received a phone call from a person claiming to represent their broadband service provider. During a 2 ½ hour phone call, victim provided details to caller and access to her computer via remote access tool Victim made 1 online banking transaction to suspect, however, a further 3 transfers were made without their knowledge during the call. Loss £19,000 Also - over payment/reimbursement Note - Internet providers will not cold call customers

  24. Case Study - Phishing (Email Spoofing – Bogus Boss) Criminals spoofed 1 email address, so that the message looked as 1 if it had come from an executive within the 2 company 3 An urgent request was made to an 2 employee to make a payment Request timed to 3 make it difficult to verify the instruction Out of Office? .

  25. Invoice Redirection IN Invoice Redirection Case Study - Invoice Redirection Beware of fraudsters posing as a supplier or creditor who tells you • that the company’s bank details have changed If you receive a request to make a new payment or to change • bank details:-  contact the supplier or creditor independently to validate  avoid using contact details contained within the request  confirm with your supplier or creditor that the payment has been received

  26. Case Study - Smishing case study • SMS code manipulated so that they appear genuinely from your bank • A sense of urgency… ’Fraud on account’ • Contain an embedded link or a telephone number to call 26

  27. Social Media Risk

  28. Bespoke Solutions

  29. Secure your device It takes just 2 minutes to protect yourself online

  30. Help and Support Ulster Bank : Security Centre • Take Five: takefive-stopfraud.org.uk • Get Safe online: getsafeonline.org.uk • Cyber Aware: cyberaware.gov.uk • Bank Safe Online: banksafeonline.org.uk • PSNI : Portal • Action Fraud: actionfraud.police.uk • Financial Fraud Action UK: • financialfraudaction.org.uk @CyberProtectUK • #PSNICyberProtect •

  31. Advice www.ncsc.gov.uk/smallbusiness 31

  32. Bankline’s Golden Security Rules We will never ask for your full PIN & password online: only 3 random digits from each are needed to log-in We will never ask for your PIN & password or any smartcard codes over the telephone: beware of imposters We will never ask for smartcard codes to log-in: these codes are used to authorise payments We recommend you download Trusteer Rapport - free security software from ulsterbank.ie/rapport 32

  33. 33

  34. Take Away’s Discuss threats and advice with five others • Think about the Case Studies – would you or your staff • know how to respond safely? Don’t wait for the call, e mail, text or malware to arrive – • plan now Print off the Business advice and place within your • Business or Office 34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fraud Prevention: The Prevention and Detection of Fraud Begins with You Takeaways What is

Fraud Prevention: The Prevention and Detection of Fraud Begins with You Takeaways What is

Fraud Prevention: The Prevention and Detection of Fraud Begins with You Takeaways What is fraud? Definition Facts Four factors Fraud risk assessment Four evaluation criteria Common fraud schemes Case studies

707 views • 60 slides
Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention

Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention

Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention Case Studies Our Commitment Spring ISD Source: ACFE & Fraud Overview What Is Fraud? Fraud is any intentional act or

405 views • 18 slides
FRAUD DETECTION & PREVENTION USING SOCIAL NETWORK ANALYSIS BY Lekan Omodara Agenda

FRAUD DETECTION & PREVENTION USING SOCIAL NETWORK ANALYSIS BY Lekan Omodara Agenda

FRAUD DETECTION & PREVENTION USING SOCIAL NETWORK ANALYSIS BY Lekan Omodara Agenda Introduction Financial cost of fraud in the UK SAS Fraud Framework components FCM & SNA Steps in FCM & SNA Prevention and

507 views • 39 slides
Nonp onpro rofi fit Symposium posium Fraud Risk Mitigation and Prevention in Nonprofit

Nonp onpro rofi fit Symposium posium Fraud Risk Mitigation and Prevention in Nonprofit

Thomas G. Claassen CPA, ABV, CFE, CFF July 16, 2009 Nonp onpro rofi fit Symposium posium Fraud Risk Mitigation and Prevention in Nonprofit Organizations Fr Fraud ud De Defi fine ned Fraud is: 1) any intentional act or omission 2)

415 views • 29 slides
Fraud: Detection & Prevention December 2017 Agenda IT Security Bill Golden, CIO

Fraud: Detection & Prevention December 2017 Agenda IT Security Bill Golden, CIO

Fraud: Detection & Prevention December 2017 Agenda IT Security Bill Golden, CIO State Banking Operations Fraud Brandon Watson, Banking Director Unclaimed Property Fraud Brenda Williams, Deputy Treasurer, Unclaimed

678 views • 28 slides
Fraud Prevention, Detection and Red Flags Budget, Accounting and Reporting Council May 3, 2018

Fraud Prevention, Detection and Red Flags Budget, Accounting and Reporting Council May 3, 2018

Fraud Prevention, Detection and Red Flags Budget, Accounting and Reporting Council May 3, 2018 Sarah Walker, CFE, Fraud Manager O f f i c e o f t h e W a s h i n g t o n S t a t e A u d i t o r Agenda Fraud statistics Red flags

730 views • 38 slides
Financial crime prevention A brief overview of mortgage fraud and how you can help to prevent

Financial crime prevention A brief overview of mortgage fraud and how you can help to prevent

Financial crime prevention A brief overview of mortgage fraud and how you can help to prevent it. This information is for use by FCA authorised intermediaries only and must not be distributed to potential borrowers. What is mortgage fraud?

243 views • 5 slides
Fraud Detection & Prevention System For Participant Integrity (FDPS) FY2016 WIC Special

Fraud Detection & Prevention System For Participant Integrity (FDPS) FY2016 WIC Special

Fraud Detection & Prevention System For Participant Integrity (FDPS) FY2016 WIC Special Project Grant Presentation to: Nutrition Services Directors Meeting Presented by: Chavis Paulk, MPA Date: December 13, 2016 Fraud Detection and

1.27k views • 23 slides
Cyber and Fraud Prevention is better than cure Kent County Council Schools Finance Information

Cyber and Fraud Prevention is better than cure Kent County Council Schools Finance Information

Cyber and Fraud Prevention is better than cure Kent County Council Schools Finance Information Group Gill Pegrum October 2018 This presentation aims to assist to minimise the impact of fraud on your business. However, relying on the

664 views • 31 slides
Fraud Prevention Uniform Guidance Update Hot Topics September 21, 2018 Presented by: Derek

Fraud Prevention Uniform Guidance Update Hot Topics September 21, 2018 Presented by: Derek

Fraud Prevention Uniform Guidance Update Hot Topics September 21, 2018 Presented by: Derek Conrad, CPA Senior Manager, Government Services Definition of Fraud Intentional perversion of truth in order to induce another to part with

1.13k views • 84 slides
SEkFER S@IFE R www . safer - jobs . com Looking Ahead a t Aims . To increase fraud prevention

SEkFER S@IFE R www . safer - jobs . com Looking Ahead a t Aims . To increase fraud prevention

SEkFER S@IFE R www . safer - jobs . com Looking Ahead a t Aims . To increase fraud prevention work To increase job board activit y To increase volume of fraud intelli g enc e To improve SAFE Rjobs visibilit y S@IFE R www . safer -

564 views • 21 slides
Top 10 Benefits Fraud Prevention Tips 1. Employers should instruct their members to watch for

Top 10 Benefits Fraud Prevention Tips 1. Employers should instruct their members to watch for

Premier Health & Benefits Tips on How to Recognize and Stop Benefits Fraud Top 10 Benefits Fraud Prevention Tips 1. Employers should instruct their members to watch for providers who try to use their plan member information (i.e.,

119 views • 7 slides
Social Housing Fraud Act 2013 in practice Lucie Cocker Solicitor Higher Court Advocate

Social Housing Fraud Act 2013 in practice Lucie Cocker Solicitor Higher Court Advocate

The Prevention of Social Housing Fraud Act 2013 in practice Lucie Cocker Solicitor Higher Court Advocate Forbes Solicitors Introduction The Prevention of Social Housing Fraud Act 2013 (the Act) Addresses tenancy fraud arising out

518 views • 23 slides
Southern African Fraud Prevention Service NPC Do know who you are dealing with? Do know who you

Southern African Fraud Prevention Service NPC Do know who you are dealing with? Do know who you

Southern African Fraud Prevention Service NPC Do know who you are dealing with? Do know who you are dealing with? Victim of ID Fraud? Victim of ID Fraud? Fraudster/Criminal/ Fraudster/Criminal/ Impersonator? Impersonator? Genuine Person?

494 views • 21 slides
Division of Employment Security Fraud Prevention, Overpayment Recovery and UI Tax Collections

Division of Employment Security Fraud Prevention, Overpayment Recovery and UI Tax Collections

Division of Employment Security Fraud Prevention, Overpayment Recovery and UI Tax Collections Status House Select Committee on Legacy Costs from the State Health Plan, Pensions and ESC November 13, 2012 Types of Employers Paying UI Tax

370 views • 12 slides
Fraud Prevention in the Era of Covid-19 June 4, 2020 Welcome 2 Opening Prayer 3 Your Hosts

Fraud Prevention in the Era of Covid-19 June 4, 2020 Welcome 2 Opening Prayer 3 Your Hosts

Fraud Prevention in the Era of Covid-19 June 4, 2020 Welcome 2 Opening Prayer 3 Your Hosts Sean Scheller The Rev. Laura V. Queen Associate Coordinator Assistant Vice President, Programs and Services, Education & Wellness Education

521 views • 41 slides
Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that

Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that

Update on Ransomware Technology 60 Minutes Video ransomware ( noun) A type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users files unless a ransom is paid.

517 views • 30 slides
Cyber Quantification Non-financial Risk Management GRAFT & DAIR Lois Tullo Sohail Farooq

Cyber Quantification Non-financial Risk Management GRAFT & DAIR Lois Tullo Sohail Farooq

Cyber Quantification Non-financial Risk Management GRAFT & DAIR Lois Tullo Sohail Farooq GRI BankingBook Analytics Email: ltullo@globalriskinstitute.org (BBA) Email: sohail@bba.to 1 Drivers of nonfinancial risk Climate Change -

427 views • 32 slides
MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat

MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat

MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat Intelligence, Faster Detection & Automated Response Adaptive Security Strategy for SOC Ramy AlDamati Principle CyberSecurity Solution

680 views • 31 slides
Preparing for a Ransomware Attack MCCA Global TEC Forum June 19, 2017 Monica Patel, IBM

Preparing for a Ransomware Attack MCCA Global TEC Forum June 19, 2017 Monica Patel, IBM

Preparing for a Ransomware Attack MCCA Global TEC Forum June 19, 2017 Monica Patel, IBM Aravind Swaminathan, Orrick, Herrington & Sutcliffe Darren Teshima, Orrick, Herrington & Sutcliffe What is ransomware? Malicious software

200 views • 17 slides
On the Efficient Computation of Independent Contact Regions for Force Closure Grasps Robert Krug,

On the Efficient Computation of Independent Contact Regions for Force Closure Grasps Robert Krug,

On the Efficient Computation of Independent Contact Regions for Force Closure Grasps Robert Krug, Dimitar Dimitrov, Krzysztof Charusta and Boyko Iliev Learning Systems Lab Center for Applied Autonomous Sensor Systems rebro University, Sweden

739 views • 62 slides
Public Hearing on Energy Efficiency changing behaviour and ways to achieve results EESC

Public Hearing on Energy Efficiency changing behaviour and ways to achieve results EESC

The new Energy Efficiency Plan Main elements and next steps Public Hearing on Energy Efficiency changing behaviour and ways to achieve results EESC Yvonne Finger DG Energy 18 May 2011 The EU falls short of reaching its 20%

336 views • 11 slides
Presented as a workshop for the Early Childhood Collaborative of Southington on April 19, 2017 by

Presented as a workshop for the Early Childhood Collaborative of Southington on April 19, 2017 by

Presented as a workshop for the Early Childhood Collaborative of Southington on April 19, 2017 by Southington Public School OT/PT Staff: Bethanie Connelly, Lead Therapist Susan Spatafore, Occupational Therapist Maureen Casey, Physical Therapist

703 views • 15 slides
How You Can Help -Remind your child to point to each word. -Help your child to make sure his/her

How You Can Help -Remind your child to point to each word. -Help your child to make sure his/her

Make Your Finger Match What You Should See Your Child Doing -Using pointer finger to point under each word read -Moving finger from left to right How You Can Help -Remind your child to point to each word. -Help your child to make sure his/her

539 views • 29 slides

More recommend