new internet fraud and risk update · 2016. 2. 26. · internet fraud is a big and growing business...
TRANSCRIPT
Internet Fraud and Risk Update
John Walp
Administrative Vice President
M&T Bank Corporate Information Security Officer
Member FDIC
Agenda • Understanding Internet risks and fraud trends
• Understanding crimeware, ransomware and
email/web/mobile/social-media threats
• Understanding the threat from account takeover fraud
• How to protect yourself, and your company
• Questions & Answers
2
Disclaimer
• This presentation is intended for information purposes
• Customers should contact their Information Technology
provider to determine the best way to safeguard the
security of their computers and networks
• Customers should familiarize themselves with their
institution’s account agreement and understand
their liability for fraud as ACH and Wire transactions are
regulated under the Uniform Commercial Code
3
Bank Robbery 2014
4
Trojan Horse 2014
5
Internet fraud is a big and growing business
• 2008 - RBS WorldPay – Hackers steal $9 million in
12 hours from 2,100 ATMs in 280 cities worldwide
• 2009 - Heartland Payment Systems - 130 million
payment cards stolen by hacker Albert Gonzalez
• 2011 - Fidelity National Information Services –
Hackers steal $13 million in 24 hours using 22 stolen
debit cards and unauthorized network access
• 2013 – FBI is investigating more than 400 cases of
Corporate Account Takeover Fraud (ACH/Wire)
6
Social Media Risk in 2014
7
Social Media Risk – Employees
8
Social Media Risk – Employees
9
Social Media Risk - Markets
10
“Own the email and you own the person”
11
Example of Social
Engineering techniques
used in wide-spread
spear phishing attacks
Nov. and Dec. 2012
12
Spear Phishing Attack
13
Ransomware Infection
14
Fake Anti-Virus Scam
15
BlackHat SEO
16
Mobile Threats Are Also On The Rise
17
Account Takeover Threat
18
How to Protect Yourself and Your Business
• Awareness: Review M&T Bank - Payment Fraud
Risk Management Handbook/Checklist
• Ensure your internal staff is aware of the risks and
operates with safe computing best practices in mind
• Be aware what your banking sites normally look like
• Verify emails containing payment instructions
• Run up-to-date Anti-Virus/Spyware
• Run up-to-date host based firewall software
• Patch third-party software – Adobe, Java, Quicktime
• Activate a “pop-up” blocker on Internet browsers to
help prevent web-based intrusions
19
• Review your credit report/banking transactions regularly
• Use fraud prevention and detection services offered by
M&T Bank: Payee Positive Pay, ACH block, etc.
• Limit staff Administrative access to privileges on the PC
and bank products used to conduct transactional activity
• Use a stand-alone PC for banking transactions
• Add “Dual Administration” for money movement
applications to reduce internal fraud with better control
over user permissions and transaction auditing
• If you accept credit/debit card payments, become and
remain compliant with Payment Card Industry standards
How to Protect Yourself and Your Business
20
Questions, Answers and Useful links
• browsercheck.qualys.com
• www.ic3.gov
21