social engineering fraud
play

SOCIAL ENGINEERING FRAUD SO IS IT COVERED? Yo u r s o u r c e - PowerPoint PPT Presentation

Oct 22, 2022 •48 likes •218 views

SOCIAL ENGINEERING FRAUD SO IS IT COVERED? Yo u r s o u r c e f o r p r o f e s s i o nal l i a b i l i t y e d u cat i on a n d n e t w or k i ng. Presenters Joshua Laycock National Fidelity Product Manager Guarantee

  1. SOCIAL ENGINEERING FRAUD SO … IS IT COVERED? Yo u r s o u r c e f o r p r o f e s s i o nal l i a b i l i t y e d u cat i on a n d n e t w or k i ng.

  2. Presenters Joshua Laycock National Fidelity Product Manager Guarantee Company of North America Chris McKibbin Partner, Fidelity Practice Group Blaney McMurtry LLP Greg Markell President & CEO Ridge Canada Cyber Solutions Inc. P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  3. What is Social Engineering Fraud? What Social Engineering Fraud is and is not: • Social Engineering Fraud is the fraudulent manipulation of an individual to induce them to say or do something they wouldn’t otherwise say or do • It is the method by which a fraud is initiated and executed, not the fraud itself P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  4. Common Tactics Impersonation Fraud (Executive / Client / Vendor) is the main approach. Examples include: • Email Spoofing a.k.a. Business Email Compromise (look-alike email addresses designed to mislead) employee@ProfessionalLiability.com vs. employee@ProfessionalLiabiliity.com – Intent is to provide recipient with instructions that are not genuine P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  5. Common Tactics • Phony Client Scam vs. Lawyer – Intent is to trick lawyer into “recovering” fraudulent settlement and then wiring trust funds to fraudster • Phishing / Spear Phishing / Whale Phishing – Intent is to get the recipient to click on links or open malicious attachments • Unauthorized Access P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  6. What Do Fraudsters Want? Money! But different ways of getting it: • Insured’s Money Directly – business email compromise trying to induce fraudulent transfers or to induce Insured to change vendor bank info • Information – for the purposes of targeting Insured’s money ( e.g. Insured’s banking credentials) • Information – for the purposes of extracting value from it ( e.g. selling it to third party) P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  7. Why Does SEF Work So Well? Fraudulent requests have similar, predictable traits: • Create a sense of urgency • Promise a consequence (good or bad) • Expect confidentiality (executive impersonation) P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  8. Why Does SEF Work So Well? • Knowledge of internal controls / deal info / personnel / vendor relationships • Introduction of (sometimes very well-crafted) third party participants like fake “banker” or “lawyer” • Involve unusual transactions ( e.g. mergers, offshore acquisitions) that don’t have SOPs P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  9. Why Does SEF Work So Well? Trust that the Trust person you are emailing is legitimate Fear of annoying or upsetting the Fear Comfort person you’re Comfort calling to verify in the company’s controls P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  10. A Very “Efficient” Fraud • Speed – funds are typically cleared out of initial destination account within minutes • Anonymity – attacks are carried out via email or phone, often from overseas • High ROI for fraudsters – one successful attack can be worth millions of dollars P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  11. So where is the Coverage? Coverage may be found in a few places: Commercial Crime Policy • Fraudulent Instruction Coverage (a.k.a. SEF coverage a.k.a. Fraudulently Induced Transfer coverage) • Not Computer Crime ( Apache Corp. v. Great American Ins. Co. ) • Not Forgery or Alteration ( Taylor & Lieberman v. Federal Ins. Co.) • Typically not Funds Transfer Fraud P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  12. So where is the Coverage? Cyber Policy • Sub-limits for SEF, along with an extension for Computer Fraud • Cyber policy can respond in the event of a liability trigger… but what are the triggers under your Cyber policy??? • Difference between “dollars” and “data” P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  13. So where is the Coverage? Professional Liability (E&O) • Client Impersonation vs. professional Directors’ and Officers’ Liability • Allegations by shareholders/stakeholders of failure to adequately protect money or data • Compare derivative actions involving data security breaches: • Target (2014) • Wyndham Hotels (2014) • Home Depot (2015) P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  14. How Can Insureds Prevent SEF? • Technological solutions: – Advanced email screening, advanced attachment scanning, DMARC • Technology can leave a false sense of security • Awareness • Set the correct tone from the top • Educate and empower employees • Stay current P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  15. How Can Insureds Prevent SEF? • Active dialogue with customers/vendors/underwriters about fraud risks • Implement mandatory “out of channel” verification protocols • Create a blend of rules-based and principles- based protections • Don’t be nostalgic about the way business “used to be” conducted P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  16. Key Takeaways • The threat is real – not a “flavour of the month” • A robust risk-transfer portfolio is necessary • The threat is preventable • Communication is key P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

  17. Links to Case Studies • Joshua’s article: http://www.canadianunderwriter.ca/inspress/understanding- difference-computer-fraud-funds-transfer-fraud-fraudulently-induced- transfer-coverage-within-crime-policy/ • Apache: https://blaneysfidelityblog.com/2016/10/24/apache- corporation-fifth-circuit-holds-that-commercial-crime-policys- computer-fraud-coverage-does-not-extend-to-social- engineering-fraud-loss/ • Taylor & Lieberman: https://blaneysfidelityblog.com/2017/04/03/taylor-lieberman- ninth-circuit-finds-no-coverage-under-crime-policy-for-client- funds-lost-in-social-engineering-fraud/ P r o f e s s i o n al L i a b i l i t y U n d e r w r i t i n g S o c i e t y

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing,

Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing,

Fraud Awareness May 2018 Unrestricted Prevalent Frauds types 1. Social Engineering Phishing, Vishing 2. Payment Fraud CEO Impersonation, Invoice Fraud. 3. Online / Cyber Fraud Malware & Trojans, Security Software, Social

448 views • 13 slides
Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention

Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention

Fraud Overview Agenda Fraud Overview Fraud Triangle and Red Flags Fraud Prevention Case Studies Our Commitment Spring ISD Source: ACFE & Fraud Overview What Is Fraud? Fraud is any intentional act or

405 views • 18 slides
FRAUD DETECTION & PREVENTION USING SOCIAL NETWORK ANALYSIS BY Lekan Omodara Agenda

FRAUD DETECTION & PREVENTION USING SOCIAL NETWORK ANALYSIS BY Lekan Omodara Agenda

FRAUD DETECTION & PREVENTION USING SOCIAL NETWORK ANALYSIS BY Lekan Omodara Agenda Introduction Financial cost of fraud in the UK SAS Fraud Framework components FCM & SNA Steps in FCM & SNA Prevention and

507 views • 39 slides
Social Housing Fraud Act 2013 in practice Lucie Cocker Solicitor Higher Court Advocate

Social Housing Fraud Act 2013 in practice Lucie Cocker Solicitor Higher Court Advocate

The Prevention of Social Housing Fraud Act 2013 in practice Lucie Cocker Solicitor Higher Court Advocate Forbes Solicitors Introduction The Prevention of Social Housing Fraud Act 2013 (the Act) Addresses tenancy fraud arising out

518 views • 23 slides
Social network analytics Bart Baesens Professor Data Science at KU Leuven DataCamp Fraud

Social network analytics Bart Baesens Professor Data Science at KU Leuven DataCamp Fraud

DataCamp Fraud Detection in R FRAUD DETECTION IN R Social network analytics Bart Baesens Professor Data Science at KU Leuven DataCamp Fraud Detection in R Social network components Nodes (vertices) customers companies products credit

647 views • 54 slides
Fraud Prevention: The Prevention and Detection of Fraud Begins with You Takeaways What is

Fraud Prevention: The Prevention and Detection of Fraud Begins with You Takeaways What is

Fraud Prevention: The Prevention and Detection of Fraud Begins with You Takeaways What is fraud? Definition Facts Four factors Fraud risk assessment Four evaluation criteria Common fraud schemes Case studies

707 views • 60 slides
What is Fraud ? The Fraud Act 2006 defines fraud as . Headed by Investigations Manager

What is Fraud ? The Fraud Act 2006 defines fraud as . Headed by Investigations Manager

Points to cover Leicester City Council Revenues & Benefits Investigation Team What is Fraud? Fraud Awareness Key issues for the Team Audit and Risk Committee Referrals & Investigation Process Sanctions &

69 views • 4 slides
Social Engineering Ben Hayden IT & Risk Consultant Ben Hayden Background: US Marine

Social Engineering Ben Hayden IT & Risk Consultant Ben Hayden Background: US Marine

Cybersecurity and Social Engineering Ben Hayden IT & Risk Consultant Ben Hayden Background: US Marine Corps Law Enforcement Financial Institution IT Security/Fraud U of I BBA ISU MS @2016. Proprietary &

601 views • 25 slides
The Fraud Indicator in the UK Professor Mark Button Centre for Counter Fraud Studies Outline of

The Fraud Indicator in the UK Professor Mark Button Centre for Counter Fraud Studies Outline of

The Fraud Indicator in the UK Professor Mark Button Centre for Counter Fraud Studies Outline of Presentation General measures of fraud Past measurement of fraud The annual fraud indicator and fraud Theres no fraud here, Ive

684 views • 26 slides
Prioritising the Fight Against Fraud: A Strategic Approach The Association of Certified Fraud

Prioritising the Fight Against Fraud: A Strategic Approach The Association of Certified Fraud

Prioritising the Fight Against Fraud: A Strategic Approach The Association of Certified Fraud Examiners (ACFE) is an international, professional organization dedicated to fighting fraud and white-collar crime . As fraud becomes increasingly more

373 views • 24 slides
SOCIAL ENGINEERING Jake Johnson Sixto Bernal AGENDA What is social engineering? Current events

SOCIAL ENGINEERING Jake Johnson Sixto Bernal AGENDA What is social engineering? Current events

SOCIAL ENGINEERING Jake Johnson Sixto Bernal AGENDA What is social engineering? Current events Social engineering risks Mitigation Strategies Q&A WHAT IS SOCIAL ENGINEERING? The Art of Deception, Kevin Mitnick: "Social

449 views • 19 slides
Definition of Fraud Fraud is an intentional deception made for personal gain Fraud Triangle

Definition of Fraud Fraud is an intentional deception made for personal gain Fraud Triangle

MMTCTA Fraud Internal Controls Presented By Ron Smith & Greg Chabot, RHR Smith & Co. May 14, 2015 About RHR Smith & Company: RHR does approx 130 of Maines 500 Municipalities In the past year RHR has Investigated 23+

506 views • 39 slides
The Role of Internal Controls in the Fight Against Fraud A Tale of Fraud! Payroll manager

The Role of Internal Controls in the Fight Against Fraud A Tale of Fraud! Payroll manager

The Role of Internal Controls in the Fight Against Fraud A Tale of Fraud! Payroll manager makes $2.25MM disappear! It must be Magic! Fraud Statistics 5% of GWP lost to employee fraud & abuse More than $3.5 Trillion per year

559 views • 44 slides
Medicare ACOs: Fraud and Abuse Perspectives This webinar is brought to you by the Fraud &

Medicare ACOs: Fraud and Abuse Perspectives This webinar is brought to you by the Fraud &

Medicare ACOs: Fraud and Abuse Perspectives This webinar is brought to you by the Fraud & Abuse (Fraud) Practice Group and the Accountable Care Organization Task Force (ACO TF) (a joint endeavor of the Antitrust; Fraud and Abuse; Health

408 views • 26 slides
Fraud in the NHS Iain Flinn Counter Fraud Specialist March 2011 Areas Susceptible to Fraud

Fraud in the NHS Iain Flinn Counter Fraud Specialist March 2011 Areas Susceptible to Fraud

Fraud in the NHS Iain Flinn Counter Fraud Specialist March 2011 Areas Susceptible to Fraud Procurement Qualifications Sickness / Attendance / Time Recording Ghosts Salary payments Prescriptions Health Tourists

619 views • 9 slides
The Work of the New Zealand Serious Fraud Office White Collar Crime and Serious Fraud Conference

The Work of the New Zealand Serious Fraud Office White Collar Crime and Serious Fraud Conference

The Work of the New Zealand Serious Fraud Office White Collar Crime and Serious Fraud Conference AUCKLAND 2 JULY 2010 WHAT IS THE SERIOUS FRAUD OFFICE? SFO: An Overview Mandate investigate and prosecute serious or complex fraud Part 1 -

421 views • 13 slides
Stream Programming: Explicit Parallelism and Locality Bill Dally Edge Workshop May 24, 2006

Stream Programming: Explicit Parallelism and Locality Bill Dally Edge Workshop May 24, 2006

Stream Programming: Explicit Parallelism and Locality Bill Dally Edge Workshop May 24, 2006 May 24, 2006 Edge: 1 Outline Technology Constraints Architecture Stream programming Imagine and Merrimac Other stream

547 views • 43 slides
GSI- 191, Assessment of Debris Accumulation on PWR Sump Performance Sanjoy Banerjee

GSI- 191, Assessment of Debris Accumulation on PWR Sump Performance Sanjoy Banerjee

GSI- 191, Assessment of Debris Accumulation on PWR Sump Performance Sanjoy Banerjee Advisory Committee on Reactor Safeguards September 29, 2010 September 17, 2010, ACRS Letter The staff has thoroughly reviewed three options to

416 views • 9 slides
Siting Adviso ry Co mmitte e Siting Adviso ry Co mmitte e Me e ting # 5 Me e ting # 5 U U

Siting Adviso ry Co mmitte e Siting Adviso ry Co mmitte e Me e ting # 5 Me e ting # 5 U U

Siting Adviso ry Co mmitte e Siting Adviso ry Co mmitte e Me e ting # 5 Me e ting # 5 U U nive rsity o f Co nne c tic ut nive rsity o f Co nne c tic ut Ma in Ac c umula tio n Are a Ma in Ac c umula tio n Are a Ma rc h 12, 2013 Ma rc h

769 views • 17 slides
Entrepreneurship 1 2 3 Juliet Arnott Rekindle 4 Occupational Therapy / Ergotherapie (in WWI)

Entrepreneurship 1 2 3 Juliet Arnott Rekindle 4 Occupational Therapy / Ergotherapie (in WWI)

Deconstruction Creativity, Innovation & Entrepreneurship 1 2 3 Juliet Arnott Rekindle 4 Occupational Therapy / Ergotherapie (in WWI) 12,000 homes to be demolished Christchurch earthquake waste = 20 years worth of municipal waste

725 views • 47 slides
Pensions Committee training: Actuarial valuation London Borough of Barnet Pension Fund

Pensions Committee training: Actuarial valuation London Borough of Barnet Pension Fund

Pensions Committee training: Actuarial valuation London Borough of Barnet Pension Fund Gemma Sefton FFA 16 October 2018 Hymans Robertson LLP is authorised and regulated by the Financial Conduct Authority What are we going to cover?

775 views • 30 slides
Earnings Results: 1st Quarter 2013 1 | 07/27/2012 FORWARD-LOOKING STATEMENT This presentation

Earnings Results: 1st Quarter 2013 1 | 07/27/2012 FORWARD-LOOKING STATEMENT This presentation

WEYERHAEUSER Earnings Results: 1st Quarter 2013 1 | 07/27/2012 FORWARD-LOOKING STATEMENT This presentation contains statements concerning the companys future results and performance that are forward -looking statements within the meaning of

501 views • 25 slides
FINANCIAL RESULTS FOURTH QUARTER 2004 KAREN MAIDMENT Senior Executive Vice President & CFO

FINANCIAL RESULTS FOURTH QUARTER 2004 KAREN MAIDMENT Senior Executive Vice President & CFO

FINANCIAL RESULTS FOURTH QUARTER 2004 KAREN MAIDMENT Senior Executive Vice President & CFO Investor Community Conference Call November 23, 2004 Forward-Looking Statements CAUTION REGARDING FORWARD-LOOKING STATEMENTS Bank of Montreal's

649 views • 32 slides
Eight Truths about Correction from the Book of Proverbs 3 1. The right attitude to correction

Eight Truths about Correction from the Book of Proverbs 3 1. The right attitude to correction

10/15/2020 1 W ISDOM : L IVING S UCCESSFULLY IN A T REACHEROUS W ORLD Accepting Correction 2 1 10/15/2020 Eight Truths about Correction from the Book of Proverbs 3 1. The right attitude to correction begins with the acknowledgement of

659 views • 18 slides

More recommend