Yahoo-Yahoo Busted Cybersecurity Issues in FBI vs Invictus and 80 - PowerPoint PPT Presentation

Yahoo-Yahoo Busted Cybersecurity Issues in FBI vs Invictus and 80 others

Courtesy: https://www.fbi.gov/

In Invictus Obi i (O (OBINWANNE OKEKE) • A spear phishing on CFO of Unatrac Holding Limited, UK • Unatrac email account was hosted by Microsoft Office365 • The CFO logged in and supplied his Office365 credentials to the fake logon page • The hackers passively took control of his • The case was reported to FBI account • The phishing mail has forward email • Fraudulent wire transfer requests were sent iconoclast1960@gmail.com from the email to the finance team • The email led the investigator to • Folders and filter rules were created to hide obinwannem@gmail.com, Invictusobi and a the conversation from the CFO Twitter usemame of "@invictusobi .“ • 15 fraudulent payments were processed • Other scams aside Unatrac were unfolded between April 11 and April 19, 2018 • A total sum of about $11million was stolen from the company Type of Cyberattack on the CFO: • Spear phishing mail • Business Email Compromise

FBI and 80 Cyber cri riminals US Banks Involved 1. Bank of America 2. BBVA Compass Bancshares, Inc. 3. CalCom Federal Credit Union 4. Capital One Bank 5. Citibank N.A. 6. Citizens Financial Group 7. Comerica Bank 8. J.P. Morgan Chase N.A. 9. PNC Bank, Regions Financial Corporation 10. SunTrust Bank • 252 count charges 11. TD Bank N.A. • 80 suspects (77 Nigerians) 12. US Bank N.A. • Main methods used: 13. Wells Fargo Bank • Business Email Compromise • Escrow Fraud • Romance Scams

Business Email Compromise • Those techniques include online ploys Business Email Compromise such as • occurs when a hacker gains • spear-phishing, unauthorized access to a business • social engineering, email account, • identity theft, • blocks or redirects communications • e-mail spoofing, to and/or from the email account, • and the use of malware. • and then uses the compromised email account • or a separate fraudulent email account to communicate with personnel from a victim company, • attempting to trick them into making an unauthorized wire transfer.

Escrow Fraud • The ” Invictus Group” exploited business schemes where fraudsters hack escrow • This is a variation of a BEC fraud scheme, company email systems, impersonate employees and direct payments that funnel • in which a hacker may gain unauthorized access money back to themselves. to the email account of an escrow company or • For example: The FBI stated that emails from real estate agent, REDACTED EMAIL 5 also highlighted specific • and then purported seller communicate with an accounts which were engaged in large unsuspecting buyer who is seeking to purchase pending financial transactions. For example, property, on October 15, 2018, an email from • directing the intending buyer to make a down- REDACTED EMAIL 5 to iconoclastl960@gmail.com advised of an payment for purchase of property upcoming real estate transaction valued at • to a fraudulent bank account, rather than the $585,000. In the email, REDACTED EMAIL 5 legitimate bank account of an escrow company. claimed the buyer had already paid 10%, with a remaining balance due of $526,000. REDACTED EMAIL 5 suggested to iconoclastl960@gmail.com that it would "make sense to tell them go transfer this balance this week prior to next week settlement."

• In March 2016, a man claiming to be a US Army Romance Scams captain stationed in Syria reached out to a Japanese woman on an international site for digital pen pals. • These target persons looking for romantic • Within weeks, their relationship grew into an partners or friendship international romance with the man sending daily emails in English that she translated via Google. The • on dating websites and other social media man who called himself Terry Garcia asked for money platforms. -- lots of it -- from the woman identified as FK in federal court documents. Over 10 months, she sent • The scammers may create profiles using him a total of $200,000 that she borrowed from fictitious or fake names, locations, images, friends, her ex-husband and other relatives to make and personas, her love interest happy. • allowing the scammers to cultivate false • But in reality, Garcia did not exist. It was all an international online scam ran by two Nigerian men relationships with prospective romance scam in the Los Angeles area with the help of associates in victims. their home country and other nations, federal officials • Victims may be convinced to provide money say. or gifts to the scammers, • "FK estimates that she made 35 to 40 payments over the 10 months that she had a relationship with Garcia. • or may be asked to conduct transactions on During that time, the fraudster(s) emailed her as behalf of the scammers. many as 10 to 15 times each day, and Garcia was asking her to make the payments, so she kept paying to accounts in Turkey

How the scam worked FBI Investigators detailed an intricate scam traced to two key suspects who oversaw the fraudulent transfer of at least $6 million and the attempted theft of an additional $40 million. Once co-conspirators. who based in Nigeria, the United States and other countries persuaded victims to send money under false pretenses, the two Nigerian men who lived in Southern California coordinated the receipt of funds, the indictment says. The two men provided bank and money-service accounts that received funds obtained from victims and also ran the extensive money-laundering network, the complaint alleges. The two men were arrested. All defendants will face charges of conspiracy to commit fraud, conspiracy to launder money, and aggravated identity theft. Some also will face fraud and money laundering charges.

Business Email Compromise - Safeguards • Create intrusion detection system rules that flag e- • Businesses and their clients should discuss with major banking authorities on setting up an end to end mails with extensions that are similar to company encrypted database for their business account details e-mail. For example, legitimate e-mail with which they regularly (or intending to) conduct of abc_company.com would flag fraudulent e-mail business transactions. This database will be used in of abc-company.com . verification before transfer/transaction is authorized. • Create an e-mail rule to flag e-mail • Confirm requests for transfers of funds by using communications where the “reply” e-mail address phone verification as part of a two-factor is different from the “from” e-mail address shown. authentication; use previously known numbers, not • Color code virtual correspondence so e-mails from the numbers provided in the e-mail request. employee/internal accounts are one color and e- • Carefully scrutinize all e-mail requests for transfer of mails from non-employee/external accounts are funds to determine if the requests are out of the another. ordinary. • Verify changes in vendor payment location by • Continuous training of employees (especially Key adding additional two-factor authentication such employees- CEO, CFO, etc) on how to evade social as having secondary sign-off by company engineering, phishing attacks, spoofing and other personnel. attacking mechanism in use. • The policy on adding new business account details • Implementation of Sender Policy Framework (SPF) to to the encrypted database should require Multi prevent spammers from sending messages on behalf Factor Authentication and several levels of human of your domain. With SPF organization can publish authentication (most especially from the paying authorized email servers party

Escrow Fraud Safeguards • Take a note of the payment • Don’t be pressured into using a system. A legitimate escrow company will particular escrow website or service . always ask you to wire money from your bank to Be wary the moment a seller begins to stipulate the theirs and will provide you an account number and escrow site that must be used to complete a a routing number. transaction • Keep an eye for copycats. Fraudulent • Try to reach customer services by escrow websites will often use a domain name that is close phone. If there is no one on the other end to respond to the real one to trick their victims. Be sure that you have entered the correct URL and have landed on the right to you, that is a big red flag. An automated or generic website. message is also a strong indication of a scam. If the escrow • Run when the words “safe” and website does not list any phone number or address, there is no need dealing with them in the first place. “secure” are emphasized. When it • Verify the endorsements listed on the comes to choosing a domain name, there are lots of ways scammers shoot themselves in the foot. The first is that too website. It is easy to copy pictures of endorsements much emphasis is placed on the words “safe” and “secure.” Some push their luck too far by having these words and embed it on a fraudulent website. It is therefore included in their domain name (something like secure- essential to verify all endorsements and credentials on an escrow.com). The use of a dash in the domain name of an online escrow website before building trust escrow company is also a red flag