The median fraud loss according to the document was $145,000, with 24% of fraud cases involving losses of at least $1 million. The median duration to uncover a fraud scheme was 11 months. Tips were the most common detection method, accounting for 42% of detections. Targeted fraud awareness training and procedures like reviewing bank statements and mandating vacations can help prevent and detect fraud.

1. TBC Forensic Accounting and Business Advisory Services Team

2. 2

3. Median Fraud Loss?
3

4. Median Fraud Loss:
$145,000
24% were at least $1 million
4

5. Median Fraud LossMedian Fraud Loss
in US:
$100,000
5

6. 6

7. 7

8. 8

9. 9

10. Median number of
months to uncover a
fraud scheme?
10

11. Median Duration:
11

12. 12

13. Most Common Detection Method?
13

14. Most CommonMost Common
Detection Method:
Tips
14

15. ƒ 42%
ƒ More than
twice the
rate of anyrate of any
other
method
15

16. 16

17. 17

18. Targeted fraud awareness training for
employees and managers isemployees and managers is
a critical component
of a well-rounded program for
preventing and detecting fraudp g g
18

19. 19

20. O b k t t t dƒ Owner open bank statements and
peruse cancelled checks
ƒ Publicize rewards and confidentiality for
whistleblowers
ƒ Mandatory vacations
ƒ Job rotationsJob rotations
ƒ Surprise audits
20

21. Segregation of DutiesSegregation of Duties
Purpose to prevent any one personPurpose – to prevent any one person
from having too much control over a
particular business functionparticular business function
It’s a built in monitoring mechanism –
every person’s actions are verified by
21
another

22. External fraud andExternal fraud and
fraud prevention
products at banksproducts at banks
22

23. Internet Fraud and Risk Update
Chris Squier, CISSP CISM
Vice President, Cybersecurity Risk and PCI Services
C

24. Agenda
Understanding Internet risks and fraud trends
Understanding crimeware, corporate account
takeover fraud and the threat it presents
How to protect yourself, and your company
Questions & Answers
2

25. Disclaimer
3
This presentation is intended for information
purposes
Customers should contact their Information
Technology provider to determine the best way to
safeguard the security of their computers and
networks
Customers should familiarize themselves with their
institution’s account agreement and understand
their liability for fraud as ACH and Wire transactions
are regulated under the Uniform Commercial Code

26. Attacks - from Back Rooms to Headlines
4

27. The 21st Century Holdup
5

28. Dawning of the Information Age…
The Internet - 1980

29. he Internet Today
8 Billion Users and Growing
Radio: 38 years to reach 50 million people
Facebook: 2 years to reach 50 million people
North America
Asia
Western Europe
Russia / Eastern Europe

30. Latest and Greatest: “Man in the Email” Scam
Based on “spoofed” communication (usually email)
Email that looks like it’s from long-standing supplier asking to wire
payment to alternate account
Executive email account is compromised, asks employee to wire
funds to an alternate account (sometimes compromised exec email
asks financial institution directly to wire funds)
Employee has email hijacked, requests invoice payments to
fraudster controlled invoice accounts.
Attorney Check Scam: fraudster finds real payment dispute, spoofs
attorney email to demand payment to account from litigant.
Moral of the story: Email lies.
8

31. Characteristics (Courtesy IC3)
Businesses and personnel using open source e-mail are most targeted.
Individuals responsible for handling wire transfers within a specific business are
targeted.
Spoofed e-mails very closely mimic a legitimate e-mail request.
Hacked e-mails often occur with a personal e-mail account.
Fraudulent e-mail requests for a wire transfer are well-worded, specific to the
business being victimized, and do not raise suspicions to the legitimacy of the
request.
The phrases “code to admin expenses” or “urgent wire transfer” were reported
by victims in some of the fraudulent e-mail requests.
The amount of the fraudulent wire transfer request is business specific;
therefore, dollar amounts requested are similar to normal business transaction
amounts so as to not raise doubt.
Fraudulent e-mails received have coincided with business travel dates for
executives whose e-mails were spoofed.
Victims report that IP addresses frequently trace back to free domain registrars.
9

32. “Equal Opportunity Cybercrime”
If you have something of value, you’re a target.
Very inexpensive for Cybercriminal organizations to
“Cast a Wide Net.”
How much does it cost to send out 100k, 200k, 500k + emails?
Cases involving:
Small business
Charity/not-for-profit
State/local government
Healthcare Practitioners
And more…
10

33. 11
Attacks By Size of Organization
Source: Symantec
* Data collected by 69 million sensors deployed in 157 countries.

34. ATM Skimmers
12
Hidden Camera or PIN pad overlay grabs the PIN number

35. More ATM Skimmers
13

36. “Carder” Rings..Credit Card Black Market
14

37. Malware Delivery Disguised as ACH Warning
15
Malware Download

38. Crimeware infection - Spear Phishing

39. Automated Income Tax Filing Fraud
Social Engineering W2 Forms from HR
17
Screenshot of Fraudster Management Tracking Console

40. The Fake Anti-Virus Scam

41. The Key Takeaways
Cybercrime organizations doing their homework,
Studying:
How to evade detection by security software and hardware
(server-side automation, elaborate rootkits, bypassing “chip
and pin” authentication)
The financial system as a whole (fraud triggers)
The technologies utilized specific to each target.
19

42. How to Protect Yourself and Your Business
“Don’t be scared, just be aware”
Review and distribute the M&T Bank -
Payment Fraud Risk Management
Handbook/Checklist
Ensure your internal staff is aware of the
risks and operates with safe computing best
practices in mind
Be aware what your banking sites normally
look like
Run up-to-date Endpoint/Internet Protection
Software
Run up-to-date host based firewall software
Patch third-party software – Adobe, Java,
QuickTime
Activate a “pop-up” blocker on Internet
browsers to help prevent web-based
intrusions20

43. Review your credit report/banking transactions regularly
Use fraud prevention and detection services offered by M&T Bank:
Payee Positive Pay, ACH block, etc.
Limit staff Administrative access to privileges on the PC and bank
products used to conduct transactional activity
Use a stand-alone PC for banking transactions
Add “Dual Administration” for money movement applications to reduce
internal fraud with better control over user permissions and transaction
auditing
If you accept credit/debit card payments, become and remain
compliant with Payment Card Industry standards
21
How to Protect Yourself and Your Business

44. Fraud Prevention and Detection
Services
ACH Monitor Fraud Review and Approval or ACH Block. With this service, you can
choose which ACH debits you want to honor, and which ones you want to return.
Authorize certain entities to debit your accounts while blocking all others
Receive emails to alert you to any debits not matching a preapproved authorization
Make pay or return decisions on any received debits that do not match an existing pre-
authorization
Payee Positive Pay. This valuable service verifies checks presented to the bank against
the checks you authorized for payment.
Bank will report checks and payee names that do not match your list of authorized
normally online
Review and return any suspect checks you determine to be unauthorized
ACH Account Number Masking (UPIC). Enables your organization to collect ACH
payments without distributing sensitive account numbers. You will receive bank account
identifiers that you can publish and distribute in place of your sensitive banking information
Check Block. Helps protect your cash concentration account by returning all presented
checks, while allowing you to send and receive electronic payments or deposits from that
same account 22

45. Questions, Answers and Useful links
23
• browsercheck.qualys.com
• www.ic3.gov
• www.mtb.com/fraud

46. ƒ Allegation or signs of fraud – full facts
unknown or unclear
ƒ Fraud Response Planƒ Fraud Response Plan
ƒ Necessary actions
C i t t d h iƒ Consistent and comprehensive manner
23

47. ƒ Reporting Protocols
ƒ A response team to conduct initialA response team to conduct initial
assessment
ƒ Factors used to decide on the course ofƒ Factors used to decide on the course of
action
24

48. ƒ Litigation hold procedures
ƒ Principles for documenting the responsePrinciples for documenting the response
plan
ƒ A fraud incident report log template orƒ A fraud incident report log template or
form
25

49. ƒ Legal counselg
ƒ Management representative
ƒ Certified Fraud Examinerƒ Certified Fraud Examiner
ƒ Finance Director
ƒ Internal Auditor
ƒ Audit Committee member
ƒ IT personnel
ƒ Human Resources
26
ƒ Human Resources

50. A ti t th tƒ Activate the response team.
ƒ Engage legal counsel, if necessary.
ƒ Consider contacting the insurance
provider.p
ƒ Address immediate concerns.
ƒ Conduct an initial assessmentƒ Conduct an initial assessment.
ƒ Document the initial response.
27

51. ƒ Preserve all relevant documents
ƒ Employee might want to hide or destroyƒ Employee might want to hide or destroy
ƒ Suspend record retention policy
L l l t i liti ti h ldƒ Legal counsel to issue a litigation hold
ƒ Lockdown access to emails or digital files
28

52. ƒ Forensic IT
ƒ Recover evidence a non-expert cannotp
ƒ Recover deleted files
ƒ Details about computer’s usersp
ƒ Data related to use of computer, what is or
has been stored on it
ƒ Proper seizure and examination of digital
evidence
29

53. ƒ Act of intentionally or negligently
destroying documents relevant to
litigation.
ƒ Monetary fines and sanctions
ƒ Adverse inference jury instruction
sanctions
ƒ Dismissal of claims or defenses
30

54. Don’t tip off the fraudster or others
suspected of misconduct.
Maintain confidentialityMaintain confidentiality
W k di tl ith t di ti thWork discreetly without disrupting the
normal course of business
31

55. Fraud Examination:Fraud Examination:
ƒ establish what happened
id tif th iblƒ identify the responsible
party
ƒ provide recommendationsƒ provide recommendations
ƒGeneral to specific
32

56. Legal CounselLegal Counsel
P t t fid ti lit f i ti tiProtect confidentiality of investigation
under attorney-client privilege and the
k d t d t iwork product doctrine.
33

57. ƒHow serious? $$$?
ƒParticipate inp
investigation?
ƒFinancial crime unit?Financial crime unit?
ƒNot accountants
34

58. ƒAccess to third party documentsAccess to third party documents
ƒControl of company documents/evidence
Duration of time to resolveƒDuration of time to resolve
ƒExpert report
35

59. Criminal prosecution: cases referred-median loss
$200 000; not referred-median loss of $75 000
36
$200,000; not referred median loss of $75,000.

60. 75% resulted in perpetrators being found guilty.
37
21% of those not prosecuted had private settlement.

61. 38

62. 39

63. ƒ Civil and criminal tax penalties can be
imposed for:p
ƒ nonfiling of returns
ƒ nonpayment of taxnonpayment of tax
ƒ filing of a false and fraudulent return
40

64. ƒ Duty to see that returns are filed andƒ Duty to see that returns are filed and
taxes paid and willfully fail to do so
If ti f il t i tit tƒ If a corporation fails to institute
adequate and reasonable internal
t l t i th t t idcontrols to insure that taxes are paid
and returns filed, it may be vicariously
li bl f th t f it ffi dliable for the acts of its officers and
agents.
41

65. ƒ FIT FICA FUTA and various state taxƒ FIT, FICA, FUTA and various state tax
withholdings
Li bilit t di h bl i b k tƒ Liability not dischargeable in bankruptcy
ƒ “responsible persons”
“ illf l f il ”ƒ “willful failure”
42

66. ƒ Timely notice
ƒ Coverage - $$ and triggerCoverage $$ and trigger
ƒ Bias
E t idƒ Expert paid
ƒ Less restitution
43

67. ƒ Plea (but not to amount or specifics)
ƒ Intent- mental stateIntent mental state
ƒProve intent to defraud the
organization for pecuniary benefit oforganization for pecuniary benefit of
the employee
I iti ll l iti t b i th tƒ Initially legitimate business purpose that
ultimately goes sour
44

68. 45

69. Pamela D Wickes, CPA, CFE, CFF, ABV
Director of Forensic Accounting Services
518-456-6663 x108
T l B k & Chi t CPA P C (TBC)
pwickes@tbccpa.com
The Forensic Lady blog:
htt // tb / t /th Teal, Becker & Chiaramonte, CPAs, P.C. (TBC)
is an accounting and advisory firm located in
Albany, NY. The firm was founded in 1971.
With all of our clients, our mission is to provide
http://www.tbccpa.com/category/the-
forensic-lady/
46
With all of our clients, our mission is to provide
higher standards of excellence in the quality of
our relationships and in the quality of our work.