SlideShare a Scribd company logo

Practical Defences Against A New Type of Professional Bank Fraudsters

Albert Hui
Albert Hui

A high-level overview of the growing problem of BEC (business email compromise) fraud and the money laundering mechanism behind it, followed by practical prevention advices that FIs and firms alike can implement right away.

Business
1 of 25
Practical Defences Against A New Type of Professional Bank Fraudsters Copyright © 2016 Albert Hui
Who Am I • Spoke at Black Hat, ACFE (Association of Certified Fraud Examiner) Asia Pacific Fraud Conference, HTCIA (High Tech Crime Investigation Association) Asia Pacific Forensics Conference, and Economist Corporate Network. • Risk Consultant for Banks, Government and Critical Infrastructures. • SANS GIAC Advisory Board Member. • Co-designed the first Computer Forensics curriculum for Hong Kong Police Force. • Former HKUST Computer Science lecturer. Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, GSEC, CISA, CISM, CRISC Global Security Architect Copyright © 2016 Albert Hui 2
Implications to FIs Financial LossesLawsuit from Customers (breaching Duty of Care) AML & CTF Implications Criminal Liability (handling Proceeds of Crime) 3Copyright © 2016 Albert Hui
CEO Fraud or BEC(Business Email Compromise) Goals • Primarily to scam victims into wiring money out • Some scam victims to give out identity information Natures • Targeted Attack • Spear Phishing → Whaling Attack • Social Engineering Attack Mechanism • MITE (Man-in-the-Email) Attack 4Copyright © 2016 Albert Hui
High-Profile CEO Fraud Cases 5Copyright © 2016 Albert Hui
Significant and Growing Up to 2015 Source: FBI IC3 Alert Up to 2016 Feb 6Copyright © 2016 Albert Hui
BankStaff How does it work? (The Spoofing Variant) From: CEO@<the real domain> Reply-To: CEO@<a typo-domain> Hacker CEO Wire Transfer 7Copyright © 2016 Albert Hui
Staff How does it work? (The Hacking Variant) CEOHacker Bank Wire Transfer No spoofing, no typo-domain Very realistic: Modified from previous emails, bear correct signature 8Copyright © 2016 Albert Hui
Commonly Posing As… CEO or other senior exec Foreign Suppliers AttorneyBank / FI Customers 9Copyright © 2016 Albert Hui
Victims Banks / FIs Large EnterprisesSmall Companies 10Copyright © 2016 Albert Hui
Why So Effective? By Nature • Delayed detection • Efficient underground money laundering mechanisms Defeat Cybersecurity Controls • No malicious payload or links to detect • Bypass dual-custody • Bypass 2FA Defeat Procedural Controls • Bypass bank call-back 11Copyright © 2016 Albert Hui
Cyber Security and Fraud People TechnologyProcess 12Copyright © 2016 Albert Hui
How Can FIs Be Affected? Financial LossesLawsuit from Customers (breaching Duty of Care) AML & CTF Implications Criminal Liability (handling Proceeds of Crime) 13Copyright © 2016 Albert Hui
Money Laundering 1. Via Cyprus, Latvia, Hungary, Estonia, Lithuania, Slovakia… 2. …primarily via Hong Kong and China 3. Traditional placement-layering-integration via money mules 4. Flying Money money laundering network… 14Copyright © 2016 Albert Hui
飛錢 (Flying Money / Fei Qian) 1. Invented in the Tang Dynasty (618-907 AD) in Medieval China 2. Inspired the Hawala (Arabic: ‫والة‬ ِ‫,ح‬ meaning “transfer”) alternate remittance system 3. A core part of underground banking system 4. Essentially: Value transfer without moving money… 15Copyright © 2016 Albert Hui
The Workings of 飛錢 • Funds balance out in agents’ books, therefore no real money movement 16Copyright © 2016 Albert Hui
The Agents of 飛錢 • Many are Chinese immigrants • Connected via family ties and Guanxi • Many run their own businesses 17Copyright © 2016 Albert Hui
Preventive Measures Awareness Training Verification Protocol Response Plan How to handle victim? Who to call, what parties to notify? What forms to fill in? AML? Compliance? Legal? PR? etc. etc. Check for typo-domain Check for spoofed email New payment account due diligence (tech controls can help) More… (see next slide) Cyber Security Defences Management Buy-In 18Copyright © 2016 Albert Hui
Verification Rule-of-Thumbs + + 1. Use out-of-band verification mechanisms 2. Do not trust incoming calls or SMS messages 3. Do not authenticate yourself before the counterparty identity is verified (or contact information comes from trusted source) e.g. or e.g. 1234-5678 Look up phone number on trusted site☜ 19Copyright © 2016 Albert Hui
How Can FIs Help? 1. Improve threat model to address heightened CEO fraud schemes. 2. Don’t place undue trust on verified client reps. 3. Strengthen controls surrounding new payees. 4. Client security awareness campaigns. Bank-Firm-LE Collaboration 20Copyright © 2016 Albert Hui
One Last Thing 21 For the purpose of one-time PIN code, Are SMS messages secure enough? Are mobile app messengers secure enough? Are messengers with end-to-end encryptions secure enough? Copyright © 2016 Albert Hui
The Phone Network Itself is Insecure 22Copyright © 2016 Albert Hui
What actually is this SS7 Protocol anyway? 23 Messengers Instant Messengers Data SMS Phone Calls SS7 End-to-End Encrypted Copyright © 2016 Albert Hui
Can’t Stress Enough… 24 Risk Intelligence 知己知彼. 百戰不殆 Copyright © 2016 Albert Hui
Thank you! Copyright © 2016 Albert Hui 25

Recommended

The Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsThe Practice of Cyber Crime Investigations
The Practice of Cyber Crime Investigations
Albert Hui
 
New Frontiers in Cyber Forensics
New Frontiers in Cyber ForensicsNew Frontiers in Cyber Forensics
New Frontiers in Cyber Forensics
Albert Hui
 
The Rise of California Cybercrime
The Rise of California Cybercrime The Rise of California Cybercrime
The Rise of California Cybercrime
SecureAuth
 
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Kroll
 
Data Science vs. the Bad Guys: Defending LinkedIn from Fraud and Abuse
Data Science vs. the Bad Guys: Defending LinkedIn from Fraud and AbuseData Science vs. the Bad Guys: Defending LinkedIn from Fraud and Abuse
Data Science vs. the Bad Guys: Defending LinkedIn from Fraud and Abuse
David Freeman
 
Server-Side Second Factors: Approaches to Measuring User Authenticity
Server-Side Second Factors: Approaches to Measuring User AuthenticityServer-Side Second Factors: Approaches to Measuring User Authenticity
Server-Side Second Factors: Approaches to Measuring User Authenticity
David Freeman
 
Preventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupPreventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite Group
Laurent Pacalin
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersAlbert Hui
 

Recommended

The Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsThe Practice of Cyber Crime Investigations
The Practice of Cyber Crime Investigations
Albert Hui
 
New Frontiers in Cyber Forensics
New Frontiers in Cyber ForensicsNew Frontiers in Cyber Forensics
New Frontiers in Cyber Forensics
Albert Hui
 
The Rise of California Cybercrime
The Rise of California Cybercrime The Rise of California Cybercrime
The Rise of California Cybercrime
SecureAuth
 
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Kroll
 
Data Science vs. the Bad Guys: Defending LinkedIn from Fraud and Abuse
Data Science vs. the Bad Guys: Defending LinkedIn from Fraud and AbuseData Science vs. the Bad Guys: Defending LinkedIn from Fraud and Abuse
Data Science vs. the Bad Guys: Defending LinkedIn from Fraud and Abuse
David Freeman
 
Server-Side Second Factors: Approaches to Measuring User Authenticity
Server-Side Second Factors: Approaches to Measuring User AuthenticityServer-Side Second Factors: Approaches to Measuring User Authenticity
Server-Side Second Factors: Approaches to Measuring User Authenticity
David Freeman
 
Preventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite GroupPreventing P2P Fraud with Aite Group
Preventing P2P Fraud with Aite Group
Laurent Pacalin
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersAlbert Hui
 
Digital banking Account Take Over
Digital banking Account Take OverDigital banking Account Take Over
Digital banking Account Take Over
Laurent Pacalin
 
Detecting Wire Fraud in Real-Time
Detecting Wire Fraud in Real-TimeDetecting Wire Fraud in Real-Time
Detecting Wire Fraud in Real-Time
Laurent Pacalin
 
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
Eric Vanderburg
 
What's Next in Cybersecurity Policy
What's Next in Cybersecurity PolicyWhat's Next in Cybersecurity Policy
What's Next in Cybersecurity Policy
Ely Kahn
 
HSB15 - 0xDUDE
HSB15 - 0xDUDEHSB15 - 0xDUDE
HSB15 - 0xDUDE
Splend
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
Dean Bonehill ♠Technology for Business♠
 
SRIG Immediate Long-Term CONUS Opportunity
SRIG Immediate Long-Term CONUS OpportunitySRIG Immediate Long-Term CONUS Opportunity
SRIG Immediate Long-Term CONUS Opportunity
CyberHive Foundation
 
Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1Fernando Romero
 
AML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarAML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning Webinar
Idan Tohami
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
ForgeRock
 
Same day ach bec fraud detection prevention webinar 3 1-18
Same day ach bec fraud detection prevention webinar 3 1-18 Same day ach bec fraud detection prevention webinar 3 1-18
Same day ach bec fraud detection prevention webinar 3 1-18
Laurent Pacalin
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Shawn Tuma
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Money 2Conf
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
ForgeRock
 
Equifax Flyer Aug 2017
Equifax Flyer Aug 2017Equifax Flyer Aug 2017
Equifax Flyer Aug 2017
Daniel Michels
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case study
Abhilash vijayan
 
The Equifax Data Breach - How to Tell if You've Been Impacted
The Equifax Data Breach - How to Tell if You've Been ImpactedThe Equifax Data Breach - How to Tell if You've Been Impacted
The Equifax Data Breach - How to Tell if You've Been Impacted
CBIZ, Inc.
 
Crypto trap for social media 9.4.2016
Crypto trap for social media 9.4.2016Crypto trap for social media 9.4.2016
Crypto trap for social media 9.4.2016
Michael Zuckerman
 
The Power of a Black List, the Promise of a White List
The Power of a Black List, the Promise of a White ListThe Power of a Black List, the Promise of a White List
The Power of a Black List, the Promise of a White List
derektop
 
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
Jonathan Care
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary sessionCallcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit123
 

More Related Content

What's hot

Digital banking Account Take Over
Digital banking Account Take OverDigital banking Account Take Over
Digital banking Account Take Over
Laurent Pacalin
 
Detecting Wire Fraud in Real-Time
Detecting Wire Fraud in Real-TimeDetecting Wire Fraud in Real-Time
Detecting Wire Fraud in Real-Time
Laurent Pacalin
 
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
Eric Vanderburg
 
What's Next in Cybersecurity Policy
What's Next in Cybersecurity PolicyWhat's Next in Cybersecurity Policy
What's Next in Cybersecurity Policy
Ely Kahn
 
HSB15 - 0xDUDE
HSB15 - 0xDUDEHSB15 - 0xDUDE
HSB15 - 0xDUDE
Splend
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
Dean Bonehill ♠Technology for Business♠
 
SRIG Immediate Long-Term CONUS Opportunity
SRIG Immediate Long-Term CONUS OpportunitySRIG Immediate Long-Term CONUS Opportunity
SRIG Immediate Long-Term CONUS Opportunity
CyberHive Foundation
 
Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1Fernando Romero
 
AML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarAML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning Webinar
Idan Tohami
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
ForgeRock
 
Same day ach bec fraud detection prevention webinar 3 1-18
Same day ach bec fraud detection prevention webinar 3 1-18 Same day ach bec fraud detection prevention webinar 3 1-18
Same day ach bec fraud detection prevention webinar 3 1-18
Laurent Pacalin
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Shawn Tuma
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Money 2Conf
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
ForgeRock
 
Equifax Flyer Aug 2017
Equifax Flyer Aug 2017Equifax Flyer Aug 2017
Equifax Flyer Aug 2017
Daniel Michels
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case study
Abhilash vijayan
 
The Equifax Data Breach - How to Tell if You've Been Impacted
The Equifax Data Breach - How to Tell if You've Been ImpactedThe Equifax Data Breach - How to Tell if You've Been Impacted
The Equifax Data Breach - How to Tell if You've Been Impacted
CBIZ, Inc.
 
Crypto trap for social media 9.4.2016
Crypto trap for social media 9.4.2016Crypto trap for social media 9.4.2016
Crypto trap for social media 9.4.2016
Michael Zuckerman
 
The Power of a Black List, the Promise of a White List
The Power of a Black List, the Promise of a White ListThe Power of a Black List, the Promise of a White List
The Power of a Black List, the Promise of a White List
derektop
 
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
Jonathan Care
 

What's hot (20)

Digital banking Account Take Over
Digital banking Account Take OverDigital banking Account Take Over
Digital banking Account Take Over
 
Detecting Wire Fraud in Real-Time
Detecting Wire Fraud in Real-TimeDetecting Wire Fraud in Real-Time
Detecting Wire Fraud in Real-Time
 
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
 
What's Next in Cybersecurity Policy
What's Next in Cybersecurity PolicyWhat's Next in Cybersecurity Policy
What's Next in Cybersecurity Policy
 
HSB15 - 0xDUDE
HSB15 - 0xDUDEHSB15 - 0xDUDE
HSB15 - 0xDUDE
 
Ten Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things SecurityTen Expert Tips on Internet of Things Security
Ten Expert Tips on Internet of Things Security
 
SRIG Immediate Long-Term CONUS Opportunity
SRIG Immediate Long-Term CONUS OpportunitySRIG Immediate Long-Term CONUS Opportunity
SRIG Immediate Long-Term CONUS Opportunity
 
Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1Taking the offensive Security Leaders V9.1
Taking the offensive Security Leaders V9.1
 
AML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning WebinarAML Transaction Monitoring Tuning Webinar
AML Transaction Monitoring Tuning Webinar
 
Identity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'EmIdentity Live Singapore: Just Ask 'Em
Identity Live Singapore: Just Ask 'Em
 
Same day ach bec fraud detection prevention webinar 3 1-18
Same day ach bec fraud detection prevention webinar 3 1-18 Same day ach bec fraud detection prevention webinar 3 1-18
Same day ach bec fraud detection prevention webinar 3 1-18
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
 
Detecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2ConfDetecting Frauds and Identifying Security Challenge | by Money2Conf
Detecting Frauds and Identifying Security Challenge | by Money2Conf
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
 
Equifax Flyer Aug 2017
Equifax Flyer Aug 2017Equifax Flyer Aug 2017
Equifax Flyer Aug 2017
 
Target data breach case study
Target data breach case studyTarget data breach case study
Target data breach case study
 
The Equifax Data Breach - How to Tell if You've Been Impacted
The Equifax Data Breach - How to Tell if You've Been ImpactedThe Equifax Data Breach - How to Tell if You've Been Impacted
The Equifax Data Breach - How to Tell if You've Been Impacted
 
Crypto trap for social media 9.4.2016
Crypto trap for social media 9.4.2016Crypto trap for social media 9.4.2016
Crypto trap for social media 9.4.2016
 
The Power of a Black List, the Promise of a White List
The Power of a Black List, the Promise of a White ListThe Power of a Black List, the Promise of a White List
The Power of a Black List, the Promise of a White List
 
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
 

Similar to Practical Defences Against A New Type of Professional Bank Fraudsters

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary sessionCallcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit123
 
CRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfCRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdf
ssuser7464571
 
Setting Up and Managing an Anonymous Fraud Hotline
Setting Up and Managing an Anonymous Fraud HotlineSetting Up and Managing an Anonymous Fraud Hotline
Setting Up and Managing an Anonymous Fraud Hotline
FraudBusters
 
Combating Fraud : Putting in Place an Effective Audit System to Detect and Pr...
Combating Fraud : Putting in Place an Effective Audit System to Detect and Pr...Combating Fraud : Putting in Place an Effective Audit System to Detect and Pr...
Combating Fraud : Putting in Place an Effective Audit System to Detect and Pr...
Pairat Srivilairit
 
Cdic 2009 fraud audit pairat 4
Cdic 2009 fraud audit pairat 4Cdic 2009 fraud audit pairat 4
Cdic 2009 fraud audit pairat 4Pairat Srivilairit
 
The Ramblings of a Title Man - Wire Fraud
The Ramblings of a Title Man - Wire FraudThe Ramblings of a Title Man - Wire Fraud
The Ramblings of a Title Man - Wire Fraud
Michael Holden
 
Ict forensics and audit bb
Ict forensics and audit bbIct forensics and audit bb
Ict forensics and audit bb
marukanda
 
WBC Summit Initio AML and blockchain
WBC Summit Initio AML and blockchainWBC Summit Initio AML and blockchain
WBC Summit Initio AML and blockchain
Initio
 
Webinar: 10 steps you can take to protect your business from phishing attacks
Webinar: 10 steps you can take to protect your business from phishing attacksWebinar: 10 steps you can take to protect your business from phishing attacks
Webinar: 10 steps you can take to protect your business from phishing attacks
Cyren, Inc
 
Insights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemInsights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemAlbert Hui
 
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudHow to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
FraudBusters
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
Evan Francen
 
Hacker House August Proposal
Hacker House August ProposalHacker House August Proposal
Hacker House August Proposal
Innotech Network™
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
Cybercrime - Stealing in the Connected Age
Cybercrime - Stealing in the Connected AgeCybercrime - Stealing in the Connected Age
Cybercrime - Stealing in the Connected Age
dlblumen
 
2016 - Fraud Detection & Prevention with Internal Controls (Updated for 2016 ...
2016 - Fraud Detection & Prevention with Internal Controls (Updated for 2016 ...2016 - Fraud Detection & Prevention with Internal Controls (Updated for 2016 ...
2016 - Fraud Detection & Prevention with Internal Controls (Updated for 2016 ...Ron Steinkamp
 
Ocupacional Fraud.pptx
Ocupacional Fraud.pptxOcupacional Fraud.pptx
Ocupacional Fraud.pptx
ChristianMNinoMorisF
 
Whistleblowing how to manage reputational risks - 8th webinar 16 nov 2017
Whistleblowing how to manage reputational risks - 8th webinar 16 nov 2017Whistleblowing how to manage reputational risks - 8th webinar 16 nov 2017
Whistleblowing how to manage reputational risks - 8th webinar 16 nov 2017
FERMA
 
Public Sector Fraud - Mid-MO AGA
Public Sector Fraud - Mid-MO AGAPublic Sector Fraud - Mid-MO AGA
Public Sector Fraud - Mid-MO AGARon Steinkamp
 

Similar to Practical Defences Against A New Type of Professional Bank Fraudsters (20)

How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Callcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary sessionCallcredit's Fraud Summit 2016 - Plenary session
Callcredit's Fraud Summit 2016 - Plenary session
 
CRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdfCRC Alert November 2019 Final.pdf
CRC Alert November 2019 Final.pdf
 
Setting Up and Managing an Anonymous Fraud Hotline
Setting Up and Managing an Anonymous Fraud HotlineSetting Up and Managing an Anonymous Fraud Hotline
Setting Up and Managing an Anonymous Fraud Hotline
 
Combating Fraud : Putting in Place an Effective Audit System to Detect and Pr...
Combating Fraud : Putting in Place an Effective Audit System to Detect and Pr...Combating Fraud : Putting in Place an Effective Audit System to Detect and Pr...
Combating Fraud : Putting in Place an Effective Audit System to Detect and Pr...
 
Cdic 2009 fraud audit pairat 4
Cdic 2009 fraud audit pairat 4Cdic 2009 fraud audit pairat 4
Cdic 2009 fraud audit pairat 4
 
The Ramblings of a Title Man - Wire Fraud
The Ramblings of a Title Man - Wire FraudThe Ramblings of a Title Man - Wire Fraud
The Ramblings of a Title Man - Wire Fraud
 
Ict forensics and audit bb
Ict forensics and audit bbIct forensics and audit bb
Ict forensics and audit bb
 
WBC Summit Initio AML and blockchain
WBC Summit Initio AML and blockchainWBC Summit Initio AML and blockchain
WBC Summit Initio AML and blockchain
 
Webinar: 10 steps you can take to protect your business from phishing attacks
Webinar: 10 steps you can take to protect your business from phishing attacksWebinar: 10 steps you can take to protect your business from phishing attacks
Webinar: 10 steps you can take to protect your business from phishing attacks
 
Insights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemInsights into the Cybercrime Ecosystem
Insights into the Cybercrime Ecosystem
 
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudHow to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
Hacker House August Proposal
Hacker House August ProposalHacker House August Proposal
Hacker House August Proposal
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
 
Cybercrime - Stealing in the Connected Age
Cybercrime - Stealing in the Connected AgeCybercrime - Stealing in the Connected Age
Cybercrime - Stealing in the Connected Age
 
2016 - Fraud Detection & Prevention with Internal Controls (Updated for 2016 ...
2016 - Fraud Detection & Prevention with Internal Controls (Updated for 2016 ...2016 - Fraud Detection & Prevention with Internal Controls (Updated for 2016 ...
2016 - Fraud Detection & Prevention with Internal Controls (Updated for 2016 ...
 
Ocupacional Fraud.pptx
Ocupacional Fraud.pptxOcupacional Fraud.pptx
Ocupacional Fraud.pptx
 
Whistleblowing how to manage reputational risks - 8th webinar 16 nov 2017
Whistleblowing how to manage reputational risks - 8th webinar 16 nov 2017Whistleblowing how to manage reputational risks - 8th webinar 16 nov 2017
Whistleblowing how to manage reputational risks - 8th webinar 16 nov 2017
 
Public Sector Fraud - Mid-MO AGA
Public Sector Fraud - Mid-MO AGAPublic Sector Fraud - Mid-MO AGA
Public Sector Fraud - Mid-MO AGA
 

More from Albert Hui

Information Security from Risk Management and Design
Information Security from Risk Management and DesignInformation Security from Risk Management and Design
Information Security from Risk Management and Design
Albert Hui
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Albert Hui
 
Laying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationLaying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationAlbert Hui
 
Detecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an AttackerDetecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an Attacker
Albert Hui
 
(Mis)trust in the cyber era
(Mis)trust in the cyber era(Mis)trust in the cyber era
(Mis)trust in the cyber eraAlbert Hui
 
Universal DDoS Mitigation Bypass
Universal DDoS Mitigation BypassUniversal DDoS Mitigation Bypass
Universal DDoS Mitigation Bypass
Albert Hui
 
Cyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the CorporateCyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the Corporate
Albert Hui
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?Albert Hui
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response TriageAlbert Hui
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
Albert Hui
 

More from Albert Hui (10)

Information Security from Risk Management and Design
Information Security from Risk Management and DesignInformation Security from Risk Management and Design
Information Security from Risk Management and Design
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
 
Laying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationLaying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident Investigation
 
Detecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an AttackerDetecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an Attacker
 
(Mis)trust in the cyber era
(Mis)trust in the cyber era(Mis)trust in the cyber era
(Mis)trust in the cyber era
 
Universal DDoS Mitigation Bypass
Universal DDoS Mitigation BypassUniversal DDoS Mitigation Bypass
Universal DDoS Mitigation Bypass
 
Cyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the CorporateCyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the Corporate
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response Triage
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
 

Recently uploaded

Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdfBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
daothibichhang1
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Arihant Webtech Pvt. Ltd
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 
Authentically Social Presented by Corey Perlman
Authentically Social Presented by Corey PerlmanAuthentically Social Presented by Corey Perlman
Authentically Social Presented by Corey Perlman
Corey Perlman, Social Media Speaker and Consultant
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
JeremyPeirce1
 
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
bosssp10
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
creerey
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
DerekIwanaka1
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
dylandmeas
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
LuanWise
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
tanyjahb
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Lviv Startup Club
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.
Any kyc Account
 
Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
sarahvanessa51503
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
Cynthia Clay
 

Recently uploaded (20)

Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdfBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 
Authentically Social Presented by Corey Perlman
Authentically Social Presented by Corey PerlmanAuthentically Social Presented by Corey Perlman
Authentically Social Presented by Corey Perlman
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
 
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.An introduction to the cryptocurrency investment platform Binance Savings.
An introduction to the cryptocurrency investment platform Binance Savings.
 
Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 

Practical Defences Against A New Type of Professional Bank Fraudsters

  • 1. Practical Defences Against A New Type of Professional Bank Fraudsters Copyright © 2016 Albert Hui
  • 2. Who Am I • Spoke at Black Hat, ACFE (Association of Certified Fraud Examiner) Asia Pacific Fraud Conference, HTCIA (High Tech Crime Investigation Association) Asia Pacific Forensics Conference, and Economist Corporate Network. • Risk Consultant for Banks, Government and Critical Infrastructures. • SANS GIAC Advisory Board Member. • Co-designed the first Computer Forensics curriculum for Hong Kong Police Force. • Former HKUST Computer Science lecturer. Albert Hui GREM, GCFA, GCFE, GNFA, GCIA, GCIH, GXPN, GPEN, GAWN, GSNA, GSEC, CISA, CISM, CRISC Global Security Architect Copyright © 2016 Albert Hui 2
  • 3. Implications to FIs Financial LossesLawsuit from Customers (breaching Duty of Care) AML & CTF Implications Criminal Liability (handling Proceeds of Crime) 3Copyright © 2016 Albert Hui
  • 4. CEO Fraud or BEC(Business Email Compromise) Goals • Primarily to scam victims into wiring money out • Some scam victims to give out identity information Natures • Targeted Attack • Spear Phishing → Whaling Attack • Social Engineering Attack Mechanism • MITE (Man-in-the-Email) Attack 4Copyright © 2016 Albert Hui
  • 5. High-Profile CEO Fraud Cases 5Copyright © 2016 Albert Hui
  • 6. Significant and Growing Up to 2015 Source: FBI IC3 Alert Up to 2016 Feb 6Copyright © 2016 Albert Hui
  • 7. BankStaff How does it work? (The Spoofing Variant) From: CEO@<the real domain> Reply-To: CEO@<a typo-domain> Hacker CEO Wire Transfer 7Copyright © 2016 Albert Hui
  • 8. Staff How does it work? (The Hacking Variant) CEOHacker Bank Wire Transfer No spoofing, no typo-domain Very realistic: Modified from previous emails, bear correct signature 8Copyright © 2016 Albert Hui
  • 9. Commonly Posing As… CEO or other senior exec Foreign Suppliers AttorneyBank / FI Customers 9Copyright © 2016 Albert Hui
  • 10. Victims Banks / FIs Large EnterprisesSmall Companies 10Copyright © 2016 Albert Hui
  • 11. Why So Effective? By Nature • Delayed detection • Efficient underground money laundering mechanisms Defeat Cybersecurity Controls • No malicious payload or links to detect • Bypass dual-custody • Bypass 2FA Defeat Procedural Controls • Bypass bank call-back 11Copyright © 2016 Albert Hui
  • 12. Cyber Security and Fraud People TechnologyProcess 12Copyright © 2016 Albert Hui
  • 13. How Can FIs Be Affected? Financial LossesLawsuit from Customers (breaching Duty of Care) AML & CTF Implications Criminal Liability (handling Proceeds of Crime) 13Copyright © 2016 Albert Hui
  • 14. Money Laundering 1. Via Cyprus, Latvia, Hungary, Estonia, Lithuania, Slovakia… 2. …primarily via Hong Kong and China 3. Traditional placement-layering-integration via money mules 4. Flying Money money laundering network… 14Copyright © 2016 Albert Hui
  • 15. 飛錢 (Flying Money / Fei Qian) 1. Invented in the Tang Dynasty (618-907 AD) in Medieval China 2. Inspired the Hawala (Arabic: ‫والة‬ ِ‫,ح‬ meaning “transfer”) alternate remittance system 3. A core part of underground banking system 4. Essentially: Value transfer without moving money… 15Copyright © 2016 Albert Hui
  • 16. The Workings of 飛錢 • Funds balance out in agents’ books, therefore no real money movement 16Copyright © 2016 Albert Hui
  • 17. The Agents of 飛錢 • Many are Chinese immigrants • Connected via family ties and Guanxi • Many run their own businesses 17Copyright © 2016 Albert Hui
  • 18. Preventive Measures Awareness Training Verification Protocol Response Plan How to handle victim? Who to call, what parties to notify? What forms to fill in? AML? Compliance? Legal? PR? etc. etc. Check for typo-domain Check for spoofed email New payment account due diligence (tech controls can help) More… (see next slide) Cyber Security Defences Management Buy-In 18Copyright © 2016 Albert Hui
  • 19. Verification Rule-of-Thumbs + + 1. Use out-of-band verification mechanisms 2. Do not trust incoming calls or SMS messages 3. Do not authenticate yourself before the counterparty identity is verified (or contact information comes from trusted source) e.g. or e.g. 1234-5678 Look up phone number on trusted site☜ 19Copyright © 2016 Albert Hui
  • 20. How Can FIs Help? 1. Improve threat model to address heightened CEO fraud schemes. 2. Don’t place undue trust on verified client reps. 3. Strengthen controls surrounding new payees. 4. Client security awareness campaigns. Bank-Firm-LE Collaboration 20Copyright © 2016 Albert Hui
  • 21. One Last Thing 21 For the purpose of one-time PIN code, Are SMS messages secure enough? Are mobile app messengers secure enough? Are messengers with end-to-end encryptions secure enough? Copyright © 2016 Albert Hui
  • 22. The Phone Network Itself is Insecure 22Copyright © 2016 Albert Hui
  • 23. What actually is this SS7 Protocol anyway? 23 Messengers Instant Messengers Data SMS Phone Calls SS7 End-to-End Encrypted Copyright © 2016 Albert Hui
  • 24. Can’t Stress Enough… 24 Risk Intelligence 知己知彼. 百戰不殆 Copyright © 2016 Albert Hui
  • 25. Thank you! Copyright © 2016 Albert Hui 25