220 likes | 399 Views
Current Fraud Trends Kathy Druckenmiller, CFCI, CIRM, ACT Specialist April 29, 2014. Social Engineering. Phishing Vishing Smishing Hijacked Email Social Media Sweetheart Scams Online Job Scams. Social Engineering. Phishing
E N D
Current Fraud Trends Kathy Druckenmiller, CFCI, CIRM, ACT Specialist April 29, 2014
Social Engineering • Phishing • Vishing • Smishing • Hijacked Email • Social Media • Sweetheart Scams • Online Job Scams
Social Engineering • Phishing • Using electronic communication to manipulate someone into giving private information Phishing Using electronic communication to manipulate someone into giving private information
Social Engineering • Vishing • Utilizing VOIP or traditional telephone lines to trick someone into giving confidential information
Social Engineering • Smishing • Using SMS test messages to obtain sensitive data
Social Engineering • Hijacked Email • Taking over a personal email account and masquerading as the customer Hijacked
Social Engineering • Social Media • Using social media as resource to obtain your identity or commit fraud against you
Social Engineering • Sweetheart Scams • Fraudsters trolling online dating websites and social media sites, looking for partners that will ultimately send their own funds to the fraudster or will be used to launder stolen funds through their personal accounts
Social Engineering • Online Job Applications • Phony job postings placed on legitimate employment websites that trick applicants into becoming money mules for stolen funds
Social Engineering • Mitigation for Social Engineering Fraud? • Education for Customers – to avoid involvement in scams • Education for Employees – to recognize the signs of transactions that may be the result of social engineering
Current Debit and Credit Card Fraud • Counterfeit “Skimmed” Debit and Credit Cards • Data Breaches • Cybercrime
Counterfeit/Skimmed Cards • Skimmer • Clone Magnetic stripe data • Capture CVV and CVD codes • Data can be transferred to card stock or “white plastic” • Skimming Equipment: • Handheld skimmer • Alternate skimmers • Skimming device placed over legitimate card reader
Skimming Equipment • Handheld Skimmer • Requires human assistance • Requires card to be out of site of customer • Targets restaurant patrons • Information re-encoded onto plastic or sold on internet “carder” sites
Skimming Equipment • Handheld Skimmer
Skimming Equipment • Alternate Skimmers
Skimmed Cards • Reader placed directly over legitimate card reader: • Does not requires human assistance • Does not require card to be out of site of customer • Targets: ATM machines, Gas pumps and readers that are remote and can be tampered with without witnesses. • Information re-encoded onto plastic or sold on internet “carder” sites
ATM Skimming Equipment • ATM Skimmer Examples
ATM Skimming Equipment • ATM Skimmer Examples
EMV (Europay, MasterCard and Visa) • Chip and PIN technology • Fraud liability shift to POS merchants -October 2015, ATMs - October 2016 and Gas Pumps - October 2017 • EMV will not affect Data Breaches
EMV (Europay, MasterCard and Visa) • EMV Chip and PIN reader
Data Breaches • Data Breaches • Malware that targets corporate servers • Operation can be completely remote • Mass amounts of data at once • Information sold on internet “carder” sites • EMV removes the magnetic stripe, compromised data cannot be re-encoded onto card