1 / 22

Current Fraud Trends Kathy Druckenmiller, CFCI, CIRM, ACT Specialist April 29, 2014

Current Fraud Trends Kathy Druckenmiller, CFCI, CIRM, ACT Specialist April 29, 2014. Social Engineering. Phishing Vishing Smishing Hijacked Email Social Media Sweetheart Scams Online Job Scams. Social Engineering. Phishing

Download Presentation

Current Fraud Trends Kathy Druckenmiller, CFCI, CIRM, ACT Specialist April 29, 2014

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Current Fraud Trends Kathy Druckenmiller, CFCI, CIRM, ACT Specialist April 29, 2014

  2. Social Engineering • Phishing • Vishing • Smishing • Hijacked Email • Social Media • Sweetheart Scams • Online Job Scams

  3. Social Engineering • Phishing • Using electronic communication to manipulate someone into giving private information Phishing Using electronic communication to manipulate someone into giving private information

  4. Social Engineering • Vishing • Utilizing VOIP or traditional telephone lines to trick someone into giving confidential information

  5. Social Engineering • Smishing • Using SMS test messages to obtain sensitive data

  6. Social Engineering • Hijacked Email • Taking over a personal email account and masquerading as the customer Hijacked

  7. Social Engineering • Social Media • Using social media as resource to obtain your identity or commit fraud against you

  8. Social Engineering • Sweetheart Scams • Fraudsters trolling online dating websites and social media sites, looking for partners that will ultimately send their own funds to the fraudster or will be used to launder stolen funds through their personal accounts

  9. Social Engineering • Online Job Applications • Phony job postings placed on legitimate employment websites that trick applicants into becoming money mules for stolen funds

  10. Social Engineering • Mitigation for Social Engineering Fraud? • Education for Customers – to avoid involvement in scams • Education for Employees – to recognize the signs of transactions that may be the result of social engineering

  11. Current Debit and Credit Card Fraud • Counterfeit “Skimmed” Debit and Credit Cards • Data Breaches • Cybercrime

  12. Counterfeit/Skimmed Cards • Skimmer • Clone Magnetic stripe data • Capture CVV and CVD codes • Data can be transferred to card stock or “white plastic” • Skimming Equipment: • Handheld skimmer • Alternate skimmers • Skimming device placed over legitimate card reader

  13. Skimming Equipment • Handheld Skimmer • Requires human assistance • Requires card to be out of site of customer • Targets restaurant patrons • Information re-encoded onto plastic or sold on internet “carder” sites

  14. Skimming Equipment • Handheld Skimmer

  15. Skimming Equipment • Alternate Skimmers

  16. Skimmed Cards • Reader placed directly over legitimate card reader: • Does not requires human assistance • Does not require card to be out of site of customer • Targets: ATM machines, Gas pumps and readers that are remote and can be tampered with without witnesses. • Information re-encoded onto plastic or sold on internet “carder” sites

  17. ATM Skimming Equipment • ATM Skimmer Examples

  18. ATM Skimming Equipment • ATM Skimmer Examples

  19. EMV (Europay, MasterCard and Visa) • Chip and PIN technology • Fraud liability shift to POS merchants -October 2015, ATMs - October 2016 and Gas Pumps - October 2017 • EMV will not affect Data Breaches

  20. EMV (Europay, MasterCard and Visa) • EMV Chip and PIN reader

  21. Data Breaches • Data Breaches • Malware that targets corporate servers • Operation can be completely remote • Mass amounts of data at once • Information sold on internet “carder” sites • EMV removes the magnetic stripe, compromised data cannot be re-encoded onto card

  22. QUESTIONS ?

More Related