Submit Search
Upload
Case study joined
•
0 likes
•
561 views
L
Lijo George
Follow
This is a Cyber Security Study ...
Read less
Read more
Economy & Finance
Business
Report
Share
Report
Share
1 of 19
Download now
Download to read offline
Recommended
Terrorist Use of Cryptocurrencies
Terrorist Use of Cryptocurrencies
Simone Domenico Casadei Bernardi
A LOOK INSIDE THE BRAZILIAN UNDERGROUND
A LOOK INSIDE THE BRAZILIAN UNDERGROUND
Felipe Prado
Fraud and risk communication
Fraud and risk communication
Rosetta
Combating money laundering & terror financing case of nigeria- adv. chitengi...
Combating money laundering & terror financing case of nigeria- adv. chitengi...
cjnsipho
ACH Payments - Banking Fraud
ACH Payments - Banking Fraud
Guardian Analytics
RFID and Cash
RFID and Cash
Simon Fraser University
What is Money Laundering - An Introduction
What is Money Laundering - An Introduction
Peter Lilley
We're turning from cash but demande for notes has never been higher
We're turning from cash but demande for notes has never been higher
CashlessSociety
Recommended
Terrorist Use of Cryptocurrencies
Terrorist Use of Cryptocurrencies
Simone Domenico Casadei Bernardi
A LOOK INSIDE THE BRAZILIAN UNDERGROUND
A LOOK INSIDE THE BRAZILIAN UNDERGROUND
Felipe Prado
Fraud and risk communication
Fraud and risk communication
Rosetta
Combating money laundering & terror financing case of nigeria- adv. chitengi...
Combating money laundering & terror financing case of nigeria- adv. chitengi...
cjnsipho
ACH Payments - Banking Fraud
ACH Payments - Banking Fraud
Guardian Analytics
RFID and Cash
RFID and Cash
Simon Fraser University
What is Money Laundering - An Introduction
What is Money Laundering - An Introduction
Peter Lilley
We're turning from cash but demande for notes has never been higher
We're turning from cash but demande for notes has never been higher
CashlessSociety
Fraud Presentation
Fraud Presentation
mbachnak
Money Laundering and Corruption
Money Laundering and Corruption
Jubayer Alam Shoikat
Fraud An International Perspective
Fraud An International Perspective
Steve Mitchinson
Money laundering
Money laundering
saadiakh
Internet fraud #scichallenge2017
Internet fraud #scichallenge2017
N F
Anti Money Laundering
Anti Money Laundering
Besart Qerimi
Internet Fraud
Internet Fraud
Elijah Ezendu
Internet Fraud
Internet Fraud
Vasundhara Singh Gautam
Anti-Money Laundering and Counter Financing of Terrorism
Anti-Money Laundering and Counter Financing of Terrorism
Puni Hariaratnam
Skillwise AML
Skillwise AML
Skillwise Group
WP_Enabling IBNS_ENG_V10
WP_Enabling IBNS_ENG_V10
Daniel Buetler - Business Consultant
Money Laundering by Vivek Singh,Aryan College
Money Laundering by Vivek Singh,Aryan College
Aryan Ajmer
2010q1 Threats Report
2010q1 Threats Report
McafeeCareers
Preventing Human Trafficking Indicators
Preventing Human Trafficking Indicators
Adina Dediu, CFE, CFCS
Anti Money Laundering Presentation
Anti Money Laundering Presentation
Audrius Sapola
ihegc012
ihegc012
Maksym Schipka
Money laundering
Money laundering
Tasrif masruf khan
Internet fraud
Internet fraud
Yasha Singh
Trust transaction monitoring and aml for swift messaging
Trust transaction monitoring and aml for swift messaging
Keith Furst
Money Laundering Presentation
Money Laundering Presentation
Rahul Magan,MBA Finance
BEWARE: 4 TYPICAL BITCOIN SCAMS IN MINING, INVESTMENT, WALLETS, EXCHANGE
BEWARE: 4 TYPICAL BITCOIN SCAMS IN MINING, INVESTMENT, WALLETS, EXCHANGE
Steven Rhyner
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Investments Network marcus evans
More Related Content
What's hot
Fraud Presentation
Fraud Presentation
mbachnak
Money Laundering and Corruption
Money Laundering and Corruption
Jubayer Alam Shoikat
Fraud An International Perspective
Fraud An International Perspective
Steve Mitchinson
Money laundering
Money laundering
saadiakh
Internet fraud #scichallenge2017
Internet fraud #scichallenge2017
N F
Anti Money Laundering
Anti Money Laundering
Besart Qerimi
Internet Fraud
Internet Fraud
Elijah Ezendu
Internet Fraud
Internet Fraud
Vasundhara Singh Gautam
Anti-Money Laundering and Counter Financing of Terrorism
Anti-Money Laundering and Counter Financing of Terrorism
Puni Hariaratnam
Skillwise AML
Skillwise AML
Skillwise Group
WP_Enabling IBNS_ENG_V10
WP_Enabling IBNS_ENG_V10
Daniel Buetler - Business Consultant
Money Laundering by Vivek Singh,Aryan College
Money Laundering by Vivek Singh,Aryan College
Aryan Ajmer
2010q1 Threats Report
2010q1 Threats Report
McafeeCareers
Preventing Human Trafficking Indicators
Preventing Human Trafficking Indicators
Adina Dediu, CFE, CFCS
Anti Money Laundering Presentation
Anti Money Laundering Presentation
Audrius Sapola
ihegc012
ihegc012
Maksym Schipka
Money laundering
Money laundering
Tasrif masruf khan
Internet fraud
Internet fraud
Yasha Singh
Trust transaction monitoring and aml for swift messaging
Trust transaction monitoring and aml for swift messaging
Keith Furst
Money Laundering Presentation
Money Laundering Presentation
Rahul Magan,MBA Finance
What's hot
(20)
Fraud Presentation
Fraud Presentation
Money Laundering and Corruption
Money Laundering and Corruption
Fraud An International Perspective
Fraud An International Perspective
Money laundering
Money laundering
Internet fraud #scichallenge2017
Internet fraud #scichallenge2017
Anti Money Laundering
Anti Money Laundering
Internet Fraud
Internet Fraud
Internet Fraud
Internet Fraud
Anti-Money Laundering and Counter Financing of Terrorism
Anti-Money Laundering and Counter Financing of Terrorism
Skillwise AML
Skillwise AML
WP_Enabling IBNS_ENG_V10
WP_Enabling IBNS_ENG_V10
Money Laundering by Vivek Singh,Aryan College
Money Laundering by Vivek Singh,Aryan College
2010q1 Threats Report
2010q1 Threats Report
Preventing Human Trafficking Indicators
Preventing Human Trafficking Indicators
Anti Money Laundering Presentation
Anti Money Laundering Presentation
ihegc012
ihegc012
Money laundering
Money laundering
Internet fraud
Internet fraud
Trust transaction monitoring and aml for swift messaging
Trust transaction monitoring and aml for swift messaging
Money Laundering Presentation
Money Laundering Presentation
Similar to Case study joined
BEWARE: 4 TYPICAL BITCOIN SCAMS IN MINING, INVESTMENT, WALLETS, EXCHANGE
BEWARE: 4 TYPICAL BITCOIN SCAMS IN MINING, INVESTMENT, WALLETS, EXCHANGE
Steven Rhyner
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Investments Network marcus evans
Sas wp enterrprise fraud management
Sas wp enterrprise fraud management
rkappear
Aml / anti money laundering
Aml / anti money laundering
SAMBIT SWAIN
Anti money laundering
Anti money laundering
Uttma Shukla
Money laundering
Money laundering
CA.Kolluru Narayanarao
Money laundering
Money laundering
Kolluru N Rao
SAS - A Unified Front- Making the Case for Integrating Fraud and Anti-Money L...
SAS - A Unified Front- Making the Case for Integrating Fraud and Anti-Money L...
Vivastream
Enterprise Fraud Management
Enterprise Fraud Management
Manish Desai
Aml presentation
Aml presentation
Meghana Karanje
ATM Skimming in the Caribbean
ATM Skimming in the Caribbean
Giovanni James
Money laundering
Money laundering
Krishna Agarwal
National Money Laundering Strategy 2007 A Review
National Money Laundering Strategy 2007 A Review
Vicky_Lee_NY
TECH CYBER CRIME Homegrown menace Contents1. Regional trouble.docx
TECH CYBER CRIME Homegrown menace Contents1. Regional trouble.docx
erlindaw
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
Hafizah Jupri
Money laundering-ppt
Money laundering-ppt
SamehSalah26
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your Enemy
First Atlantic Commerce
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
n|u - The Open Security Community
ID Theft and Computer Security 2008
ID Theft and Computer Security 2008
Donald E. Hester
Money laundering
Money laundering
Akshay Kumar
Similar to Case study joined
(20)
BEWARE: 4 TYPICAL BITCOIN SCAMS IN MINING, INVESTMENT, WALLETS, EXCHANGE
BEWARE: 4 TYPICAL BITCOIN SCAMS IN MINING, INVESTMENT, WALLETS, EXCHANGE
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Sas wp enterrprise fraud management
Sas wp enterrprise fraud management
Aml / anti money laundering
Aml / anti money laundering
Anti money laundering
Anti money laundering
Money laundering
Money laundering
Money laundering
Money laundering
SAS - A Unified Front- Making the Case for Integrating Fraud and Anti-Money L...
SAS - A Unified Front- Making the Case for Integrating Fraud and Anti-Money L...
Enterprise Fraud Management
Enterprise Fraud Management
Aml presentation
Aml presentation
ATM Skimming in the Caribbean
ATM Skimming in the Caribbean
Money laundering
Money laundering
National Money Laundering Strategy 2007 A Review
National Money Laundering Strategy 2007 A Review
TECH CYBER CRIME Homegrown menace Contents1. Regional trouble.docx
TECH CYBER CRIME Homegrown menace Contents1. Regional trouble.docx
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
Issues and ethics in finance (fin 657) - How hackers steal $81 million in Ban...
Money laundering-ppt
Money laundering-ppt
Driving Payment Innovation - Know Your Enemy
Driving Payment Innovation - Know Your Enemy
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
nullcon 2011 - Cyber crime 101: Cost of cyber crime, trends and analysis
ID Theft and Computer Security 2008
ID Theft and Computer Security 2008
Money laundering
Money laundering
Recently uploaded
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Pooja Nehwal
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf
Adnet Communications
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf
Adnet Communications
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Delhi Call girls
Commercial Bank Economic Capsule - April 2024
Commercial Bank Economic Capsule - April 2024
Commercial Bank of Ceylon PLC
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
divyansh0kumar0
How Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of Reporting
Aggregage
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
makika9823
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spirit
egoetzinger
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
FinTech Belgium
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
divyansh0kumar0
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdf
Gale Pooley
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Työeläkeyhtiö Elo
Lundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdf
Adnet Communications
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
Suhani Kapoor
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
ssifa0344
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Pooja Nehwal
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
FinTech Belgium
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
ranjana rawat
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx
FinTech Belgium
Recently uploaded
(20)
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
Malad Call Girl in Services 9892124323 | ₹,4500 With Room Free Delivery
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Commercial Bank Economic Capsule - April 2024
Commercial Bank Economic Capsule - April 2024
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
How Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of Reporting
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spirit
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jodhpur Park 👉 8250192130 Available With Room
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdf
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Lundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdf
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx
Case study joined
1.
Cyber Criminals Now
Target Small And Medium Enterprises SITUATION Cyber criminals have moved beyond simple identity Compare that to fraud statistics of Automatic Clearing theft. They are now targeting small and medium Houses (credit card processors). The recent arrests “Lacking sophistication and businesses and local banks, using specialized banking connected with Zeus accounted for some 390 appropriate security, SMEs make malware for cyber heists, using mainly the Zeus reported cases where $70 million was stolen from great targets for cyber gangs. botnet. These small and medium organizations accounts. The criminals had attempted to steal some represent good targets for organized cybercrime as $220 million. The investigation mainly netted the Cyber crime has moved beyond they often lack the sophistication and knowledge of lowest ranks of the criminal network -- the so-called simple identity theft and is now the Fortune 1000 to prevent cyber attacks. money mules that remove stolen funds from their specializing in cyber heists: accounts and transfer the money to international emptying the bank accounts of CASE IN POINT – accounts abroad. In general, the money mules are small and medium enterprises.” SANFORD DECEMBER 3, 2009 people who are duped into believing they are Patco Construction filed suit in York County Superior working for a legitimate company processing Case in Point: Patco Construction Court Sept. 18, seeking the return of $345,000 not payments. in Sanford, Maine filed suit recovered from $588,851 in funds hackers were able against its own bank seeking the to transfer to bank accounts out of the country from ANALYSIS return of $345,000 that was Patco’s Ocean Bank. The illegal transfers began on The Internet is the crime scene of the 21st century. stolen by cyber criminals. May 7, when thieves hijacked the company's online Cyber theft is one of the biggest challenges facing our banking credentials, moving $56,594 to several society today. We can no longer remain ignorant and individuals that had no prior business relationship hope it will go away. Banks and customers alike must with Patco. The transfers continued, and Patco educate themselves and give employees Internet officials only learned the fraud was occurring because Security Awareness Training, including procedures some of the funds were transferred to invalid bank and necessary security measures. Accounts must be accounts. The company filed suit, alleging the bank monitored by companies on a regular basis and was negligent in allowing cybercriminals to break questionable transactions queried immediately. through the security system. Simultaneously, banks must use the highest level of security to protect their customers. The financial DIGITAL CRIME OUTPACES REAL- relationship is at stake – trust is of utmost WORLD ROBBERIES importance. Today that trust must be earned on both Digital crime now outpaces real-world bank robberies sides. in terms of losses. In 2009, there were 8,818 bank robberies netting criminals an average of $4,029 -- a total of about $35.5 million, according to the FBI's Uniform Crime Reporting (UCR) program. However, 60 percent of bank robbers were caught, often very quickly. KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
2.
These Mules Move
Money SITUATION banks, setting up new accounts and withdrawing the In illegal commerce vernacular, a mule is someone money for transfer. In the meantime their “Money who carries the contraband from one location to Lords” (like “Drug Lords”) remain hidden in the “Digital crime now outpaces another. Recent history is full of stories of people background safe from scrutiny. carrying drugs across borders secreted on their real-world bank robberies in person. Today’s mules are money mules and are often DIGITAL CRIME OUTPACES REAL- terms of losses. In 2009, there innocent dupes who move money from bank to bank. WORLD ROBBERIES were 8,818 bank robberies Digital crime now outpaces real-world bank robberies netting criminals an average of CASE IN POINT – THE MONEY MULES in terms of losses. In 2009, there were 8,818 bank $4,029 -- a total of about $35.5 When hackers steal from banks and other business robberies netting criminals an average of $4,029 -- a total of about $35.5 million, according to the FBI's million, according to the FBI's structures they are left with a major problem – what to do with the money? Stealing hundreds of Uniform Crime Reporting (UCR) program. However, Uniform Crime Reporting (UCR) thousands of dollars at a time requires a strategy so 60 percent of bank robbers were caught, often very program. However, 60 percent of that when the funds are distributed these criminal quickly. bank robbers were caught, often deposits don’t raise any red flags. This means that very quickly.” deposits cannot be in more than $5,000 increments Compare that to fraud statistics of Automatic Clearing or it is reported to the government. Therefore the Houses (credit card processors). The recent arrests stolen funds have to be laundered at lower levels. connected with Zeus accounted for some 390 Hackers bust into the accounts, using Trojans, reported cases where $70 million was stolen from keyloggers and other malicious software but then accounts. The criminals had attempted to steal some what do they do? $220 million. The investigation mainly netted the lowest ranks of the criminal network -- the so-called Taking a page from their drug dealing friends, the money mules that remove stolen funds from their money mules were invented. But instead of accounts and transfer the money to international smuggling drugs, these mules are recruited to open accounts abroad. In general, the money mules are sham bank accounts to receive the money stolen people who are duped into believing they are from victim accounts. They then withdraw the funds working for a legitimate company processing from the shell accounts and transfer the money to payments. overseas bank accounts operated by the gang leaders. This is all done in increment amounts that ANALYSIS could elude detection by banks and law enforcement It is more than interesting to note that these thefts officials. The mules retain somewhere between eight are first initiated through a phishing attack that and ten percent as their cut of the illegal proceeds. enabled the malware to enter the computer network. There are hundreds if not thousands of mules This phishing started with a susceptible employee operating in the United States currently. who through his or her own ignorance clicked where they should not have clicked. Giving Internet Security With the rise in unemployment and current economic Awareness Training to employees and executives conditions, recruitment of mules is not a problem. (really anyone who even remotely touches a Online job sites such as Careerbuilder have been used computer) , could prevent such massive thefts from to find people. They run ads and hire recruiters to find happening, and is an essential part of ‘defense-in- new mules. The mules end up having to do the dirty depth’. work like their drug carrying brethren. They have to do the actual “dangerous” business of going into KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
3.
Is Your Health-Care
In Danger From Cyber-Gangs? SITUATION Organized cybercrime has shifted its focus to small Compare that to fraud statistics of Automatic Clearing healthcare providers. After having stolen millions Houses (companies in charge of electronic funds “According to Chief Executive from corporations and schools, greedy eyes have transfers and credit card payment processing. The recent arrests connected with Zeus accounted for Susan Brown, the thieves tried to moved on to other “easy pickings” – to non-profit organizations that service the uninsured and the some 390 reported cases where $70 million was steal more money – another disabled. Is it because their defenses are so poor or stolen from accounts. The criminals had attempted to batch of $30,000 when the bank are they not educated enough about cyber-heists? steal some $220 million. The investigation mainly blocked the transfer at her netted the lowest ranks of the criminal network -- behest. Of course the bank CASE IN POINT – PUGET SOUND the so-called money mules that remove stolen funds blames Evergreen and Evergreen SEPTEMBER 9, 2010 from their accounts and transfer the money to blames the bank. Evergreen is On the morning of September 9, 2010 the staff international accounts abroad. In general, the money mules are people who are duped into believing they still fighting with the bank to accountant at the Evergreen Children's Association woke up to find $30,000 missing from their bank are working for a legitimate company processing have the money reimbursed. ” account. No one at the organization had written a payments. check or authorized a transfer for that amount or anything close to it. Evergreen was in mystery as to ANALYSIS how so much money had virtually disappeared There is a distinctive pattern as to how these bank overnight. Virtual was the key word as cyber-thieves account invasions take place. First a targeted e-mail had been hard at work ripping off this Seattle based is typically sent to the company's accountant or non-profit organization to the tune of $30K. controller. The communication appears to be Evergreen provides childcare service on-site for public innocuous, but it is far from that. The message schools in the Puget Sound area. contains either a virus-laden attachment or a link that -- when opened -- surreptitiously installs According to Chief Executive Susan Brown, the malicious software designed to steal passwords. thieves tried to steal more money – another batch of Armed with those credentials, the crooks then hacks $30,000 when the bank blocked the transfer at her the online banking accounts and initiate a series of behest. Of course the bank blames Evergreen and wire transfers. Evergreen blames the bank. Evergreen is still fighting with the bank to have the money reimbursed. The real culprit is ignorance. This is not a matter of Who is really to blame? Read our analysis below. just technology, it is just as much a matter of education. Someone clicked when they should not DIGITAL CRIME OUTPACES REAL- have clicked. Someone did not have adequate WORLD ROBBERIES security software installed or it was not up-to-date. Digital crime now outpaces real-world bank robberies Think before you click! Security is everyone’s’ job, and in terms of losses. In 2009, there were 8,818 bank Internet Security Awareness Training has become robberies netting criminals an average of $4,029 -- a urgent at this point. total of about $35.5 million, according to the FBI's Uniform Crime Reporting (UCR) program. However, 60 percent of bank robbers were caught, often very quickly. KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
4.
Is Your Health-Care
In Danger From Cyber-Gangs? SITUATION Compare that to fraud statistics of Automatic Clearing Organized cybercrime has shifted its focus to small Houses (companies in charge of electronic funds healthcare providers. After having stolen millions transfers and credit card payment processing). The “Using a team of “money mules”, from corporations and schools, their greedy eyes have recent arrests connected with Zeus accounted for the attackers sent $44,000 to moved on to local community based health-care some 390 reported cases where $70 million was their own banks which was then providers. Could poorly or untrained employees be at stolen from accounts. The criminals had attempted to steal some $220 million. The investigation mainly rapidly wired to organized crime the root of these attacks being successful? netted the lowest ranks of the criminal network -- accounts in Eastern Europe. The CASE IN POINT – NORTHEAST GEORGIA the so-called money mules that remove stolen funds mules got their commission and SEPTEMBER 2, 2010 from their accounts and transfer the money to the gang lords got the bulk of MedLink is a fully staffed year-round primary care international accounts abroad. In general, the money the transfer.“ organization with a central administrative office and mules are people who are duped into believing they clinic sites throughout northeast Georgia. In early are working for a legitimate company processing Per Gary Franklin, MedLink September, 2010 cyber-criminals attacked the payments. Georgia's chief financial officer, accounts of this healthcare provider. Hackers got the company's bank reversed access to the login and password to Medlink’s online ANALYSIS There is a distinctive pattern as to how these bank some of the fraudulent transfers, bank account and the cyber-heist was well over $40K. Using a team of “money mules”, the attackers account invasions take place. First a targeted e-mail but apparently transfers valued sent $44,000 to their own banks which was then is typically sent to the company's accountant or at $15,000 were not accounted rapidly wired to organized crime accounts in Eastern controller. The communication appears to be for and may not be recovered. Europe. The mules got their commission and the innocuous, but it is far from that. The message gang lords got the bulk of the transfer. contains either a virus-laden attachment or a link that -- when opened -- surreptitiously installs Per Gary Franklin, MedLink Georgia's chief financial malicious software designed to steal passwords. officer, the company's bank reversed some of the Armed with those credentials, the crooks then hacks fraudulent transfers, but apparently transfers valued the online banking accounts and initiate a series of at $15,000 were not accounted for and may not be wire transfers. recovered. The real culprit is ignorance. This is not a matter of DIGITAL CRIME OUTPACES REAL- just technology, it is just as much a matter of WORLD ROBBERIES education. Someone clicked when they should not Digital crime now outpaces real-world bank robberies have clicked. Someone did not have adequate in terms of losses. In 2009, there were 8,818 bank security software installed or it was not up-to-date. robberies netting criminals an average of $4,029 -- a Think before you click! Security is everyone’s’ job, and total of about $35.5 million, according to the FBI's Internet Security Awareness Training has become Uniform Crime Reporting (UCR) program. However, urgent at this point. 60 percent of bank robbers were caught, often very quickly. KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
5.
Is Your Health-Care
In Danger From Cyber-Gangs? SITUATION Compare that to fraud statistics of Automatic Clearing Organized cybercrime has shifted its focus to small Houses (companies in charge of electronic funds healthcare providers. After having stolen millions transfers and credit card payment processing). The “Using a team of “money mules”, from corporations and schools, their greedy eyes have recent arrests connected with Zeus accounted for the attackers sent $44,000 to moved on to local community based health-care some 390 reported cases where $70 million was their own banks which was then providers. Could poorly or untrained employees be at stolen from accounts. The criminals had attempted to steal some $220 million. The investigation mainly rapidly wired to organized crime the root of these attacks being successful? netted the lowest ranks of the criminal network -- accounts in Eastern Europe. The CASE IN POINT – NORTHEAST GEORGIA the so-called money mules that remove stolen funds mules got their commission and SEPTEMBER 2, 2010 from their accounts and transfer the money to the gang lords got the bulk of MedLink is a fully staffed year-round primary care international accounts abroad. In general, the money the transfer.“ organization with a central administrative office and mules are people who are duped into believing they clinic sites throughout northeast Georgia. In early are working for a legitimate company processing Per Gary Franklin, MedLink September, 2010 cyber-criminals attacked the payments. Georgia's chief financial officer, accounts of this healthcare provider. Hackers got the company's bank reversed access to the login and password to Medlink’s online ANALYSIS There is a distinctive pattern as to how these bank some of the fraudulent transfers, bank account and the cyber-heist was well over $40K. Using a team of “money mules”, the attackers account invasions take place. First a targeted e-mail but apparently transfers valued sent $44,000 to their own banks which was then is typically sent to the company's accountant or at $15,000 were not accounted rapidly wired to organized crime accounts in Eastern controller. The communication appears to be for and may not be recovered. Europe. The mules got their commission and the innocuous, but it is far from that. The message gang lords got the bulk of the transfer. contains either a virus-laden attachment or a link that -- when opened -- surreptitiously installs Per Gary Franklin, MedLink Georgia's chief financial malicious software designed to steal passwords. officer, the company's bank reversed some of the Armed with those credentials, the crooks then hacks fraudulent transfers, but apparently transfers valued the online banking accounts and initiate a series of at $15,000 were not accounted for and may not be wire transfers. recovered. The real culprit is ignorance. This is not a matter of DIGITAL CRIME OUTPACES REAL- just technology, it is just as much a matter of WORLD ROBBERIES education. Someone clicked when they should not Digital crime now outpaces real-world bank robberies have clicked. Someone did not have adequate in terms of losses. In 2009, there were 8,818 bank security software installed or it was not up-to-date. robberies netting criminals an average of $4,029 -- a Think before you click! Security is everyone’s’ job, and total of about $35.5 million, according to the FBI's Internet Security Awareness Training has become Uniform Crime Reporting (UCR) program. However, urgent at this point. 60 percent of bank robbers were caught, often very quickly. KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
6.
Cyber Birds Of
Prey Hunt Small Business SITUATION DIGITAL CRIME OUTPACES REAL-WORLD Small businesses are notorious for lack of security ROBBERIES procedures. Little or no IT staff, busy owners, inadequately Digital crime now outpaces real-world bank robberies in trained staff and lax procedures open the door to terms of losses. In 2009, there were 8,818 bank robberies “Small-town banking just does cybercrimes. In fact the door is wide open. And to make netting criminals an average of $4,029 -- a total of about not have the same security matters worse, banks are refusing to be the fall-guy and $35.5 million, according to the FBI's Uniform Crime resources as the bigger banks. accuse account holders of poor security practices. Small Reporting (UCR) program. However, 60 percent of bank businesses thus become easy targets for cyber-attacks robbers were caught, often very quickly. Moreover, companies simply do with few financial or technical resources to stop them. not have legal protection from Often times, the banks involved are small as well. Compare that to fraud statistics of Automatic Clearing identity fraud, unlike individual Small-town banking just does not have the same security Houses (companies in charge of electronic funds transfers consumers, and are forced to resources as the bigger banks. Moreover, companies simply and credit card payment processing). The recent arrests do not have legal protection from identity fraud, unlike connected with Zeus accounted for some 390 reported absorb the losses caused by individual consumers, and are forced to absorb the losses cases where $70 million was stolen from accounts. The cyber theft. ” caused by cyber theft. criminals had attempted to steal some $220 million. The investigation mainly netted the lowest ranks of the But who is really to blame? criminal network -- the so-called money mules that remove stolen funds from their accounts and transfer the CASE IN POINT – MODESTO, money to international accounts abroad. In general, the CALIFORNIA FEBRUARY 8, 2010 money mules are people who are duped into believing When David Johnston woke up that morning, the last they are working for a legitimate company processing thing on his mind was cybercrime. But unfortunately, his payments. company Sign Designs Inc., an electric-sign maker in Modesto, California was on a hacker’s mind. And then there ANALYSIS was the phone call from their bank, Bank of Stockton, Small business and regional banking attacks are on a inquiring about a $9,670 electronic payment to a Chase major upswing. As indicated both lack creditable security customer in Michigan. Sign Designs confirmed it hadn't set procedures and open themselves up to attack. However, in up the payment and the banks halted the transaction. this case it was proven once again that the financial attack was the result of an earlier malicious program attack. This However, they were a little late on the chain. Close to program did not insert itself onto the controller’s $100,000 had been transferred out of their account and computer. He had to have done something to initiate the distributed to 17 money mules. The Bank of Stockton attack. Ignorance not maliciousness was the culprit. responded as rapidly as they could once they discovered Sign Designs President David Johnston argues that Bank of the online deception. They managed to secure a little more Stockton should cover the losses because it didn't flag the than half of the absconded funds but $48,000 was already highly unusual account activity nor did it bar two in the hands of the hackers. computers—the controller's and hacker's—from accessing the account with the same credentials at the Naturally, Bank of Stockton declares no responsibility since same time. "I don't think they should offer a service that is its security systems were never actually penetrated. The not safe," Mr. Johnston says. "Do you expect I'm going to bad guys had planted malicious software on the computer solve this? I'm going to take on these Russian thieves? of Sign Designs' controller and used it to steal his Clearly I'm not going to be able to do it." online-banking credentials. The bank also says Sign Actually, Mr. Johnston with all due respect, you can take Designs failed to take advantage of security measures that them on. Educate your staff. Don’t let them fall for fishing might have averted losses, such as requiring two staff expeditions. members to sign off on every payment. KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
7.
Looking At The
Bank’s Role In Cybertheft SITUATION 4. TD Bank did nothing to secure their online banking facility, Do banks have sufficient safeguards to prevent unauthorized disregarding all the explicit warnings from federal agencies, electronic transfers? In particular does your bank double verify plus industry analysts such as Avivah Litan and computer before sending your money to a criminal organization? It may security specialists such as Bruce Schneier. sound harsh but this is the current state of affairs for small 5. And this is in spite of the fact that many different proven, “Ms. McCarthy immediately businesses in particular. Have you checked out your bank’s inexpensive, fast-to-implement, easy-to-integrate, and security procedures? Have you told them to not allow electronic customer-friendly bank security solutions that defeat these notified the bank when she saw transfers over a certain amount without checking with you attacks have been available in the commercial marketplace for the transfers from her Little & personally? There are simple procedures to red flag an account for over half a decade. unauthorized transfer – make sure your bank is employing them. King company account. She had Not everyone has been so lucky. TD Bank maintains that because the hackers used her correct username and password to make the transfers, TD Bank bears no never previously made an CASE IN POINT – MASSAPEQUA, NEW YORK responsibility whatsoever for the breach. Furthermore, because her computer was infected with ZeuS, Little & King bears electronic transfer. TD Bank did FEBRUARY 15, 2010 responsibility for the fraudulent transfers. On Monday, February 15, 2010, Karen McCarthy's life was literally not put a freeze on her account turned upside down, when her business bank account at TD Bank until the next day despite the was electronically looted. The usual suspects (Eastern European DIGITAL CRIME OUTPACES REAL-WORLD criminals) removed $164,000 in what has become an epidemic of ROBBERIES call from McCarthy. commercial bank account thefts. Utilizing the infamous ZeuS Digital crime now outpaces real-world bank robberies in terms of virus, criminals were able to ferret out her logon and password. losses. In 2009, there were 8,818 bank robberies netting The rest is history, except for one thing – did TD Bank employ the criminals an average of $4,029 -- a total of about $35.5 million, necessary security lockdown procedures as mandated by the according to the FBI's Uniform Crime Reporting (UCR) program. Furthermore, the bank did not FDIC? However, 60 percent of bank robbers were caught, often very notify her of any unusual quickly. Ms. McCarthy immediately notified the bank when she saw the activity, something that would transfers from her Little & King company account. She had never Compare that to fraud statistics of Automatic Clearing Houses previously made an electronic transfer. TD Bank did not put a (companies in charge of electronic funds transfers and credit card seem to be commonplace per freeze on her account until the next day despite the call from payment processing). The recent arrests connected with Zeus accounted for some 390 reported cases where $70 million was online banking agreements. It is McCarthy. Furthermore, the bank did not notify her of any unusual activity, something that would seem to be commonplace stolen from accounts. The criminals had attempted to steal some a simple matter to setup online per online banking agreements. It is a simple matter to setup $220 million. The investigation mainly netted the lowest ranks of online alerts such as this, yet TD Bank seemingly failed to do so. the criminal network -- the so-called money mules that remove alerts such as this, yet TD Bank TD Bank has stated that they were not responsible, that the fraud stolen funds from their accounts and transfer the money to was “not related to any breach on the part of TD Bank.” international accounts abroad. In general, the money mules are seemingly failed to do so.” people who are duped into believing they are working for a Determined to get to the bottom of this fraudulent activity, legitimate company processing payments. McCarthy discovered some interesting things about TD Bank including lack of certain security protocols. ANALYSIS Is it possible that TD Banks’ online banking services required no 1. TD Bank did not comply with the regulatory guidance they more authentication than a simple user name and password and have been receiving from FFIEC and FDIC starting in 2005. did not require any further enhanced authentication before Indeed, TD Bank’s CEO received an FDIC Special Alert (LINK) transferring large sums of money? Did they make it easy for almost six months prior to the Little & King incident that hackers to access Little & Kings’ bank account and wipe it out exactly described the attack that cleaned out her account. The without no more than a cyber-handshake? alert instructed the bank to institute appropriate security measures to prevent losses due to malicious software. It seems that our local and regional banks have made it clear that 2. This FDIC Alert informed service providers where to look for until they are forced to take full financial responsibility (as they guidance and gave them information on authentication and are today with retail - consumer - accounts) for allowing these information about security for high risk transactions. These attacks to succeed, they simply will not follow the guidance that documents included: their regulators have offered them to prevent those successful • FFIEC Guidance Authentication in an Internet attacks. If and only when banks like TD Bank are required to Banking Environment reimburse commercial depositors for losses from cyber theft that • Authentication in an Internet Banking they could have thwarted they will then institute the security Environment Frequently Asked Questions measures that they could and should have instituted long ago. • FFIEC Information Security Examination Handbook • FFFIEC Retail Payment Systems Examination Make sure your bank is employing the proper protocols and Handbook procedures to prevent this from happening to you. • FDIC Guidance on Mitigating Risks from Spyware 3. Previous FFIEC guidance instructed TD Bank to institute “layers” of fraud controls such as checks on Internet addresses used and for unusual patterns of account activity. KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
8.
Job Applications Open
Door To Cybertheft SITUATION The Trojan was used to transfer money to Ukraine and Do you have a corporate policy regarding clicking on two other U.S. bank accounts. "The FBI recommends attachments or downloading from sites or email? If that potential employers remain vigilant in opening you don’t you better get on it. There is a new covert the e-mails of prospective employees," the FBI said. The FBI released information on trick running around that implants your computer the latest iteration of the hack with malicious software, just because you DIGITAL CRIME OUTPACES where the cybercriminals look downloaded an applicant’s resume. REAL-WORLD ROBBERIES Digital crime now outpaces real-world bank robberies for companies that are hiring CASE IN POINT – SOMEWHERE IN THE in terms of losses. In 2009, there were 8,818 bank online and then send them the UNITED STATES JANUARY 2011 robberies netting criminals an average of $4,029 -- a malware through the so-called Recently, The U.S. Federal Bureau of Investigation total of about $35.5 million, according to the FBI's issued a warning regarding a new M.O. ACH, I.e., Uniform Crime Reporting (UCR) program. However, job application. One unnamed Automated Clearing House fraud. As you have noted 60 percent of bank robbers were caught, often very U.S. Company recently lost in these case studies, cybercriminals install malicious quickly. software on unsuspecting computers which is then $150,000 according to the FBI's used to burrow into their financial information logins Compare that to fraud statistics of Automatic Clearing Internet Crime Complaint Center. and passwords. Once they have access to the account Houses (companies in charge of electronic funds they start transferring sums through fake employees, transfers and credit card payment processing). The payees, etc. The money mules then move the recent arrests connected with Zeus accounted for "The malware was embedded in company to accounts that are out of the U.S. In a some 390 reported cases where $70 million was an e-mail response to a job matter of hours, hackers can move hundreds of stolen from accounts. The criminals had attempted to thousands of dollars from your account should it steal some $220 million. The investigation mainly posting the business placed on become infected. Small businesses and regional netted the lowest ranks of the criminal network -- an employment website," the FBI banks are often the targets for these 21st Century the so-called money mules that remove stolen funds from their accounts and transfer the money to reported. gangsters and they usually are not as technically sophisticated. Access to the victimized computer is international accounts abroad. In general, the money granted through sophisticated phishing techniques mules are people who are duped into believing they that take advantage of employee computer security are working for a legitimate company processing ignorance. payments. The FBI released information on the latest iteration of ANALYSIS the hack where the cybercriminals look for Once again we find that lack of computer security companies that are hiring online and then send them training to be the culprit. We live in a highly the malware through the so-called job application. technically uncivilized world. The Internet is the One unnamed U.S. Company recently lost $150,000 modern version of the Wild Wild West. You have to be according to the FBI's Internet Crime Complaint armed and ready to protect your company from Center. "The malware was embedded in an e-mail serious gunfire. One of them of course, is to not open response to a job posting the business placed on an email attachments. The safest bet is to delete the employment website," the FBI reported. attachment and write back to the sender asking for a plain text version. Interestingly, another option is In this case the malware, a variant of the Bredolab opening the document in Google Gmail if you have Trojan, "allowed the attacker to obtain the online an account to check the legitimacy of the application banking credentials of the person who was or resume. You can set up a special Gmail account just authorized to conduct financial transactions within for recruitment to safeguard your network. the company." The typo-filled Trojan looked like a Word document and read: "Hello! I have figured out that you have an available job. I am quiet interested in it. So I send you my resume, Looking forward to your reply. Thank you." KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
9.
Hackers Crack Library
Without A Card: Making Withdrawals Without A Library Card SITUATION DIGITAL CRIME OUTPACES How open is your company’s Internet access? Does REAL-WORLD ROBBERIES your staff go online when no one is looking? Do you Digital crime now outpaces real-world bank robberies Digital crime now outpaces have patrons or customers that have access as well? in terms of losses. In 2009, there were 8,818 bank real-world bank robberies in What security safeguards do you have in place? What robberies netting criminals an average of $4,029 -- a terms of losses. In 2009, there are your rules for using the Internet? Small total of about $35.5 million, according to the FBI's were 8,818 bank robberies businesses tend to be pretty lax in this area. Isn’t it Uniform Crime Reporting (UCR) program. However, time that you had firm policy on using the Internet in 60 percent of bank robbers were caught, often very netting criminals an average of your business? You could save yourself a lot of trouble quickly. $4,029 -- a total of about $35.5 not to mention – money. million, according to the FBI's Compare that to fraud statistics of Automatic Clearing Uniform Crime Reporting (UCR) Houses (companies in charge of electronic funds program. CASE IN POINT – DELRAY BEACH, transfers and credit card payment processing). The FLORIDA JANUARY 7, 2010 recent arrests connected with Zeus accounted for However, 60 percent of bank Somebody was cooking the books at the Delray some 390 reported cases where $70 million was robbers were caught, often very Beach Public Library – suddenly $160,000 went stolen from accounts. The criminals had attempted to quickly. missing and was nowhere to be found. Hackers steal some $220 million. The investigation mainly created faux employees and paid them from the netted the lowest ranks of the criminal network -- library’s bank account. Overnight, the library “hired” the so-called money mules that remove stolen funds 16 new employees and their “earnings” were taken from their accounts and transfer the money to through direct deposit payroll. The money was paid international accounts abroad. In general, the money out in allotments of under $10,000 so as to not raise mules are people who are duped into believing they red flags. are working for a legitimate company processing payments. Unfortunately for the hackers and fortunately for the library someone was taking care of the books. The fraud was discovered rapidly and the bank was able ANALYSIS to reverse most of the fraudulent transfers. Their Who knows how the malicious software got into the bank actually refunded the balance to them. This is Delray Beach Library’s network. All they know is that not the usual case for commercial banks. it did. Publishing a set of computer security best practices that can be used by library staff and patrons The library’s phantom employees were recruited with would be a good start. Training the staff to keep work-at-home offers. They received their ill-gotten security in and the bad guys out would be even gains wired the majority off and kept a commission. better. The transfers are under $3,000 each which appear to be a threshold beneath any controls or checks the transfer company might have. Western Union and Moneygram are supposed to have fraud controls in place to prevent this type of racket but they do not appear to be working. KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
10.
Losing The Trust
In A Trust Fund SITUATION over her accounts, despite the presence of standard So you think you know the ins and outs of Internet anti-virus software. banking. You make up strong passwords and you even remember to change them once in a while. You DIGITAL CRIME OUTPACES Digital crime now outpaces have “normal” security in place (you hid the sticky REAL-WORLD ROBBERIES real-world bank robberies in with your password and login on it – it’s no longer on Digital crime now outpaces real-world bank robberies your monitor). in terms of losses. In 2009, there were 8,818 bank terms of losses. In 2009, there robberies netting criminals an average of $4,029 -- a were 8,818 bank robberies CASE IN POINT – TAMPA BAY, FLORIDA total of about $35.5 million, according to the FBI's netting criminals an average of MAY 10, 2010 Uniform Crime Reporting (UCR) program. However, There was nothing typical about this Monday 60 percent of bank robbers were caught, often very $4,029 -- a total of about $35.5 morning for Bradenton attorney Kimberly Graus. It quickly. million, according to the FBI's may have started out bright and sunny, but this Monday turned out to be a dark day for one of the Compare that to fraud statistics of Automatic Clearing Uniform Crime Reporting (UCR) trust accounts she administers. $35,000 was missing Houses (companies in charge of electronic funds program. and she could not account for it. Her computer had transfers and credit card payment processing). The been hacked and the money was finding its way to recent arrests connected with notorious Zeus Eastern European criminals. malware accounted for some 390 reported cases However, 60 percent of bank where $70 million was stolen from accounts. The criminals had attempted to steal some $220 million. robbers were caught, often very According to her bank, her own IP address was the source of the wire transfer orders and after further The investigation mainly netted the lowest ranks of quickly. study by computer forensic experts, the culprits were the criminal network -- the so-called money mules found. The criminals had made four wire transfers that remove stolen funds from their accounts and from Graus’ trust account. Fortunately, Kimberley transfer the money to international accounts abroad. spotted it fast enough so she could notify Superior In general, the money mules are people who are Bank and they were able pull back three of the orders duped into believing they are working for a but the fourth for $9,500 had already been legitimate company processing payments. transferred to the Ukraine. ANALYSIS And Graus was lucky that just that morning she had If you are a business doing online banking and are wired $400,000 to pay off client mortgages. The only relying on the bank’s security and safeguards, hackers struck in the afternoon; otherwise they you may be bound for major trouble. Commercial might have gotten a much bigger haul and accounts do not have the same FDIC insurance as potentially bankrupted her practice. personal accounts! Before you use online banking, read the rules carefully. Check all online accounts Aside from the $9,500.00 loss, there were significant daily, and make sure your corporate other costs in both time and money including a new defense-in-depth is in good shape. laptop to be used for banking purposes only, the cost of the forensic investigation and not to mention the One simple thing we strongly recommend is that your time costs involved in closing and setting up new company instructs the bank that no outside transfers bank accounts. There is also the potential loss of trust are made without the bank having hard-copy written she has had with her clients and other business authorization signed by an account signatory for any associates including her bank. Superior Bank of transfer request. That, and having a formal Internet course, is adamant that it bears no responsibility for Security Awareness Training program in place for all the theft. employees. The bad guys are bypassing the antivirus on workstations by making users click on something Computer consultants told Graus that the malware on and infect the PC with malware so that they can hack her system most likely came in the form of a email the network. phishing attempt that she clicked on. The malware was able to capture passwords and logins and took KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
11.
School’s Out For
Christmas, Hackers Get Presents SITUATION DIGITAL CRIME OUTPACES Here you are in the far Western part of Pennsylvania, REAL-WORLD ROBBERIES a comparatively modest school district and your Digital crime now outpaces real-world bank robberies Digital crime now outpaces payroll suddenly expands by 42 employees from in terms of losses. In 2009, there were 8,818 bank California and Puerto Rico during Christmas break. robberies netting criminals an average of $4,029 -- a real-world bank robberies in Would that not strike you as unusual? On top of that total of about $35.5 million, according to the FBI's terms of losses. In 2009, there your bank receives 74 wire transfer requests over a Uniform Crime Reporting (UCR) program. However, were 8,818 bank robberies four-day period, when you very rarely ever ever wire 60 percent of bank robbers were caught, often very netting criminals an average of transfer. Shouldn’t your bank take notice of that fact? quickly. $4,029 -- a total of about $35.5 Wouldn’t it strike them as unusual especially since million, according to the FBI's schools and administrative offices were closed for the Compare that to fraud statistics of Automatic Clearing holiday? Well, that is what happened in Western Houses (companies in charge of electronic funds Uniform Crime Reporting (UCR) Beaver Country, PA. transfers and credit card payment processing). The program. recent arrests connected with Zeus accounted for CASE IN POINT – WESTERN BEAVER some 390 reported cases where $70 million was However, 60 percent of bank COUNTY, PENNSYLVANIA JANUARY 2, stolen from accounts. The criminals had attempted to robbers were caught, often very 2009 steal some $220 million. The investigation mainly Western Beaver County School District administrators netted the lowest ranks of the criminal network -- quickly. were not very happy with their Christmas present this the so-called money mules that remove stolen funds year. They woke up to find out that hackers not Santa from their accounts and transfer the money to Claus had made away with over $700,000 from their international accounts abroad. In general, the money bank accounts. To their credit, ESB Bank managed to mules are people who are duped into believing they reverse some of the wire transfers, however, the are working for a legitimate company processing Pennsylvania school district was out more than payments. $441,000. A few months later Western Beaver tried to sue ESB ANALYSIS and recover their money, but as in other instances, Once again criminals made use of the Automated the bank had protected itself with procedures and Clearing House (ACH) Network to get their prize. policy. As we know commercial accounts do not Should banks take note of an unusual number of receive the same level of protection as personal transfers? They sure should and no excuse that there accounts which are only liable up to $50. Court filings are so many transactions that they could not keep showed that the criminals used malicious software to track of them. It is not exactly rocket science to gain control of Western Beaver’s computers and thus program an account to put up a red flag. Should their bank accounts. Western Beaver School District be monitoring their accounts on a regular basis? Absolutely, nothing is The bad guys set up the new payees and transferred better than vigilance and nothing worse than the money to them -- with routing number and negligence. It would be interesting to discover how account number in hands, the money was transferred well-protected their computer networks are. to the money mules who made out quite well for the holidays. KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
12.
Dentist Gets Drilled SITUATION
But before they did that, they still had to access Dr. Just when you thought you heard everything, here Thousand’s account information. No surprise, comes this new weapon from the bad guys – malicious software was embedded in his system ‘telephony denial-of-service’. Imagine you cannot use most likely after a phishing expedition. They then The bad guys had this dentist your telephones, land, mobile, home, work, etc. went on to raid, pillage and loot his account. coming and going. In December, because gangsters have engaged in a bombardment While his account was being plundered, the battery he discovered that $399,000 had of calls to those numbers while at the same time they of phone calls began. In the meantime the thieves systematically drain your bank accounts. You bank posing as Dr. Thousand called Ameritrade demanding been drained from his might even be trying to call you and get your that the transfers be sent through. When questioned, Ameritrade retirement account approval or alert you to the transfers coming from they acknowledged having phone problems as to shortly after he’d received the your account. why they did not respond to previous calls. Dr. Thousand was most fortunate in that Ameritrade did calls. About $18,000 was CASE IN POINT – ST. AUGUSTINE, return his funds. Had they been in a business account transferred from his account on FLORIDA, DECEMBER 2009 he would not have been so fortunate. Nov. 23, with an So there you are doing what dentists do, drilling and filling, when you get a phone call featuring a DIGITAL CRIME OUTPACES $82,000-transfer following two 30-second promotion for a sex hotline. You just might REAL-WORLD ROBBERIES days later. Five days after that, think that was unusual but when they persist and Digital crime now outpaces real-world bank robberies another $99,000 was drained, literally barrage your phone lines, you just might in terms of losses. In 2009, there were 8,818 bank robberies netting criminals an average of $4,029 -- a followed by two transfers of think something unsavory was going on in your life. This, indeed, was what happened to Florida Dentist total of about $35.5 million, according to the FBI's $100,000 each on Dec. 2 and 4. Robert Thousand Jr., who by the way is semi-retired. Uniform Crime Reporting (UCR) program. However, The thieves withdrew the money Almost $400,000 was drained from his Ameritrade 60 percent of bank robbers were caught, often very quickly. in New York. Retirement Account. The FBI said attacks like this are growing, Compare that to fraud statistics of Automatic Clearing Last November, Robert Thousand Jr., a semi-retired Houses (companies in charge of electronic funds dentist in Florida, received a flood of calls to several transfers and credit card payment processing). The phones. When he answered them, he heard a recent arrests connected with Zeus accounted for 30-second recording for a sex hotline, according to some 390 reported cases where $70 million was the St. Augustine Record. stolen from accounts. The criminals had attempted to steal some $220 million. The investigation mainly The bad guys had this dentist coming and going. In netted the lowest ranks of the criminal network -- December, he discovered that $399,000 had been the so-called money mules that remove stolen funds drained from his Ameritrade retirement account from their accounts and transfer the money to shortly after he’d received the calls. About $18,000 international accounts abroad. In general, the money was transferred from his account on Nov. 23, with an mules are people who are duped into believing they $82,000-transfer following two days later. Five days are working for a legitimate company processing after that, another $99,000 was drained, followed by payments. two transfers of $100,000 each on Dec. 2 and 4. The thieves withdrew the money in New York. ANALYSIS Per the FBI, the phone calls were a diversionary tactic If you suddenly are barraged with porn phone calls, tying up Thousand’s line so that Ameritrade could not realize something is amiss check with your bank and get hold of him and authenticate the money other financial institutions. Change your phone transfers. number. But do something. Also of course make sure your anti-malware software is up-to-date. The money you save may be your own! KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
13.
An Apple A
Day Didn’t Keep This Thief Away SITUATION Compare that to fraud statistics of Automatic Clearing You enjoy buying online and find many a bargain. But Houses (companies in charge of electronic funds sometimes those prices just might be too good to be transfers and credit card payment processing). The Digital crime now outpaces true. This is especially so when buying a limited recent arrests connected with Zeus accounted for real-world bank robberies in distribution item like an Apple Computer. This might some 390 reported cases where $70 million was terms of losses. In 2009, there just be one apple that you should not take a bite stolen from accounts. The criminals had attempted to were 8,818 bank robberies from. steal some $220 million. The investigation mainly netting criminals an average of netted the lowest ranks of the criminal network -- $4,029 -- a total of about $35.5 CASE IN POINT – TAMPA BAY, FLORIDA the so-called money mules that remove stolen funds million, according to the FBI's OCTOBER 14, 2007 from their accounts and transfer the money to Uniform Crime Reporting (UCR) Rebecca Renner was in the market for a new international accounts abroad. In general, the money program. computer for her Tampa-based company, Creative mules are people who are duped into believing they Minds, a print and design service. An ad on are working for a legitimate company processing However, 60 percent of bank Craigslist.org for a MacBook Pro with an Intel payments. robbers were caught, often very processor and 17-inch screen caught her eye, as did quickly. the price: $1,700. The seller, Jeffrey Murray, claimed to be from the Bronx, N.Y., but was living in London ANALYSIS because of his job. On the Internet as in life, take nothing for granted. If something looks too good to be true, chances are it is Via e-mails, Murray instructed Renner to pay by not what you should be seeking. What should Ms. wiring money to a third-party payment service and Renner done instead of resorting to impulse and buy provided a link to the payment Web site. Only a computer that was just priced too inexpensively? problem was once Renner wired the money she never Well, she should have recognized it was too cheap for received the computer. Murray or whatever his name that make and model and rejected it to begin with. is disappeared with her wire transfer and presumably Renner said she was taken in by the idea that Murray the computer she ostensibly purchased. was part of the Mac community and therefore had to be a good guy. DIGITAL CRIME OUTPACES REAL-WORLD ROBBERIES Wrong again, Murray could have been anywhere in Digital crime now outpaces real-world bank robberies the world, maybe even running a tidy little Nigerian in terms of losses. In 2009, there were 8,818 bank scam. And last but not least you don’t pay someone robberies netting criminals an average of $4,029 -- a you don’t know by wire transfer, not without having total of about $35.5 million, according to the FBI's the goods in your hands first. This is a big No No. Uniform Crime Reporting (UCR) program. However, Lesson learned look before you pay. 60 percent of bank robbers were caught, often very quickly. KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
14.
Vandals Go To
Town On Small Towns SITUATION We guess not because the next thing you know there Someone once said that you can’t fight city hall. Well, are ACH transfers of $70K and a wire transfer of online criminals have changed this equation. They $30,000. The wire transfer was stopped by the bank Recently, crooks stole $100,000 have found the means to not only fight city hall but but the 70,000 was long gone take it to the cleaners. It seems there has been a rash from the New Jersey township of of online heists of small town bank accounts. It seems DIGITAL CRIME OUTPACES Egg Harbor; $130,000 from a like quite a few of these organizations do not have REAL-WORLD ROBBERIES public water utility in Arkansas; the resources to employ the proper safeguards or Digital crime now outpaces real-world bank robberies $378,000 from a New York sufficient education. in terms of losses. In 2009, there were 8,818 bank town; $160,000 from a Florida robberies netting criminals an average of $4,029 -- a public library; $500,000 from a CASE IN POINT – SUMMIT, ILLINOIS total of about $35.5 million, according to the FBI's MARCH 11, 2010 Uniform Crime Reporting (UCR) program. However, New York middle school district; The Village of Summit, Illinois is tiny when compared 60 percent of bank robbers were caught, often very $415,000 from a Kentucky to most towns with a population topping off at quickly. county (this is far from a around 10,000. Nevertheless, it was a ready target for comprehensive list).” The cyber cyber-thieves who made off with a grand haul of Compare that to fraud statistics of Automatic Clearing Houses (companies in charge of electronic funds criminals are taking it to city hall close to $100,000. transfers and credit card payment processing). The big time. According to ace security reporter Brian Krebs, recent arrests connected with Zeus accounted for “Summit is just the latest in a string of towns, cities, some 390 reported cases where $70 million was counties and municipalities across America that have stolen from accounts. The criminals had attempted to seen their coffers cleaned out by organized thieves steal some $220 million. The investigation mainly who specialize in looting online bank accounts. netted the lowest ranks of the criminal network -- Recently, crooks stole $100,000 from the New Jersey the so-called money mules that remove stolen funds township of Egg Harbor; $130,000 from a public from their accounts and transfer the money to water utility in Arkansas; $378,000 from a New York international accounts abroad. In general, the money town; $160,000 from a Florida public library; mules are people who are duped into believing they $500,000 from a New York middle school district; are working for a legitimate company processing $415,000 from a Kentucky county (this is far from a payments. comprehensive list).” The cyber criminals are taking it to city hall big time. ANALYSIS Someone needs a lesson on online security, don’t you The assistant to the town’s administrator logged in to think? Red flags were flying; the assistant even called the town bank account at Bridgeview Bank and was the bank and was told there were no problems. hit with a redirect explaining there were technical Shouldn’t the assistant and the bank have realized difficulties. Someone had hacked into their network something was wrong and immediately taken and was rapidly using the credentials she had precautions to protect the account? There was entered to access the online account. The thieves obvious cyber-skullduggery in place here but truth is even gave her a phone number for customer support. a bit of common sense could have prevented a When the assistant called the number it was a $70,000 disaster. residence. So she called the bank and was told there were not problems. Should have raised a red flag, don’t you think? KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
15.
Cybercrime Attacks Charities
- How Criminal Is That? SITUATION total of about $35.5 million, according to the FBI's We have seen some acts from cyber bad guys, Uniform Crime Reporting (UCR) program. However, especially those that take advantage of disasters and 60 percent of bank robbers were caught, often very Digital crime now outpaces catastrophes, but looting a charity’s bank account quickly. real-world bank robberies in seems especially low even for them. In the world of terms of losses. In 2009, there these criminals, nothing is sacred or holy. Compare that to fraud statistics of Automatic Clearing were 8,818 bank robberies Houses (companies in charge of electronic funds netting criminals an average of transfers and credit card payment processing). The $4,029 -- a total of about $35.5 CASE IN POINT – BOSTON, recent arrests connected with Zeus accounted for million, according to the FBI's MASSACHUSETTS JANUARY, 2010 some 390 reported cases where $70 million was Uniform Crime Reporting (UCR) The United Way is one of the good guys in society. The stolen from accounts. The criminals had attempted to program. However, 60 percent of funds they raise are put back in the community to steal some $220 million. The investigation mainly bank robbers were caught, often netted the lowest ranks of the criminal network -- very quickly. help those who require help. But in January, 2010, it was the United Way needing the help. the so-called money mules that remove stolen funds from their accounts and transfer the money to The bad guys used the Internet to break into the international accounts abroad. In general, the money United Way in Massachusetts bank account and mules are people who are duped into believing they looted it to the tune of $150,000 or so they thought. are working for a legitimate company processing They were pretty clever in using the unauthorized payments. payroll routine (putting bogus workers on the payroll and then distributing the funds electronically to them). This was for $110,000 and then attempted to ANALYSIS transfer $40,000 to a money mule in New York. Either the United Way got very lucky or someone was Neither of the schemes worked out as the United Way on their toes monitoring the bank accounts. and their bank was able to block or reverse the Whatever it was, one of the good things about this transactions. This is not always the case, very often a was the organization was able to work with their substantial amount cannot be retrieved because it bank to prevent the fraud. Perhaps this is a good time has disappeared to eastern Europe. to have a talk with your favorite banker and find out what they are doing to prevent online fraud. While you are there work out an airtight policy to make sure DIGITAL CRIME OUTPACES it never happens to you. REAL-WORLD ROBBERIES Digital crime now outpaces real-world bank robberies in terms of losses. In 2009, there were 8,818 bank robberies netting criminals an average of $4,029 -- a KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
16.
Financial Institutions Fall
Victim To Cyber-Theft – Could Internet Security Awareness Training Have Prevented The Larceny? SITUATION DIGITAL CRIME OUTPACES In a cyber-twist, a bank is targeted and (possibly a REAL-WORLD ROBBERIES lot) more than $100K removed from its coffers. The Digital crime now outpaces real-world bank robberies Digital crime now outpaces bank won’t say how much. Most of our case studies in terms of losses. In 2009, there were 8,818 bank involve businesses who wake up one morning to find robberies netting criminals an average of $4,029 -- a real-world bank robberies in their bank accounts emptied of accumulated cash. total of about $35.5 million, according to the FBI's terms of losses. In 2009, there This time a bank felt the sting of the cyber-gang. So Uniform Crime Reporting (UCR) program. However, were 8,818 bank robberies for once it was not the small businessman that was 60 percent of bank robbers were caught, often very netting criminals an average of hit but the bank itself. Makes you wonder how many quickly. $4,029 -- a total of about $35.5 other banks have found themselves the victim of million, according to the FBI's cyber-theft. This is especially relevant when you hear Compare that to fraud statistics of Automatic Clearing about banks that for legal reasons are not able to Houses (companies in charge of electronic funds Uniform Crime Reporting (UCR) take responsibility for their clients when they have transfers and credit card payment processing). The program. However, 60 percent of been defrauded. There is irony in all of this, especially recent arrests connected with Zeus accounted for bank robbers were caught, often when you take into consideration a federal credit some 390 reported cases where $70 million was very quickly. union. stolen from accounts. The criminals had attempted to steal some $220 million. The investigation mainly netted the lowest ranks of the criminal network -- CASE IN POINT – SALT LAKE CITY, UTAH the so-called money mules that remove stolen funds MAY 20, 2010 from their accounts and transfer the money to The Treasury Credit Union is a financial facility international accounts abroad. In general, the money servicing federal employees and the families of the mules are people who are duped into believing they U.S. Treasury Department in Utah. On a sunny are working for a legitimate company processing Thursday in May, somewhere around 70 wire payments. transfers were made from one of the bank’s own accounts. The transfers were made at low increment amounts of under $5,000 to money mules for a total in the low six figures. Some of the money was ANALYSIS returned. It just goes to show you that despite sophisticated security, the weak link even in a financial institution How did the criminals infiltrate this supposedly proved to be an employee. One of the keys to security well-protected financial institution? Just like they do is educating personnel on Internet Security any other business; a bank employee’s login and Awareness. If the employee had been educated, a password was stolen, by malicious software most large amount of money would have been saved and likely via phishing and the Trojan horse was inserted much aggravation would have been avoided. into the computer. This was accomplished despite the fact that the computer and network was well-protected by an antivirus. The Trojan horse was not detected; no wonder when you consider the user went to the phishing site and literally invited the malware in. Last July, organized thieves used money mules to steal tens of thousands of dollars from Huntington, W.V. based First Sentry Bank. KnowBe4, LLC | 601 Cleveland Street, Suite 930, Clearwater, FL 33755 | Tel: 855-KNOWBE4 (566-9234) | www.KnowBe4.com | Email: sales@KnowBe4.com © 2011 KnowBe4, LLC. All rights reserved. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
Download now