Upload
jacqueline-fick
View
118
Download
3
Embed Size (px)
Citation preview
Mr. SIM Swap: Gone Phishing
6th ANNUAL ACFE AFRICA CONFERENCE
14 October 2013
Adv Jacqueline Fick
Executive: Forensic Services
2
• Introduction
• Phishing Defined
• SIM Swap Defined
• Relationship Between Phishing and SIM Swaps
• Some Interesting Statistics
• Case Study
• Investigation Methodology
• Outsmart the Criminals
• Closing Remarks
AGENDA
Mr SIM Swap: Gone Phishing
Introduction
Mr SIM Swap: Gone Phishing
4
INTRODUCTION
• An underground cybercrime economy and cyber black market exists where
the cybercriminal can buy, sell, barter or trade criminal skills, tools and your
private information: you can buy identities, credit card information, botnet kits
to name but a few.
• Several years ago, hackers hacked computers. Now, criminals hack
computers and are more like offline crime syndicates, such as the Mafia or
urban gangs.
• Fraud, extortion and identity theft have been around for centuries, the
internet just makes it easier.
Mr SIM Swap: Gone Phishing
5
INTRODUCTION (continued)
• Despite constant warnings and awareness campaigns, people still respond to
phishing/smishing attacks and provide sensitive information by phone or
email.
• By acquiring basic personal information through phishing, a criminal can
commandeer the cell phone account of an unknowing victim – intercepting or
initiating calls and intercepting SMSes and passwords sent by the victim’s
bank to authorise transactions on internet banking.
• Statistics have shown that SIM swapping is on the rise.
Mr SIM Swap: Gone Phishing
Phishing Defined
Mr SIM Swap: Gone Phishing
7
• Phishing is a technique used to gain personal information for purposes of
identity theft, using fraudulent e-mail messages that appear to come from
legitimate businesses. These authentic-looking messages are designed to fool
recipients into divulging personal data such as account numbers and
passwords, credit card numbers and other personal information.
• Phishers also use spam, fake web sites, computer malware and other
techniques to trick people into divulging sensitive information.
• It is easier to hack a user than a computer.
• Once the phishers have captured enough information from a victim, they either
use the stolen information to defraud a victim, or sell it on the black market for a
profit.
PHISHING DEFINED
Mr SIM Swap: Gone Phishing
8
• Honeynet Project
− The Honeynet Project is a non-profit, research organisation which aims to
improve the security of the Internet at no cost to the public by providing tools
and information on cyber security threats.
− Research shows that the average time spent in a cyber investigation was
approximately 34 hours per person to investigate an incident that took an
intruder about half an hour. That's about a 60:1 ratio!
(http://www.honeynet.org/challenge/results/)
PHISHING DEFINED (continued)
Mr SIM Swap: Gone Phishing
SIM Swap Defined
Mr SIM Swap: Gone Phishing
10
SIM SWAP DEFINED
• SIM swap fraud is a type of spear phishing (i.e. targeted) attack.
• It is committed when a fraudster convinces a victim’s mobile network operator
to transfer a victim’s cellular number (MSISDN) to a SIM in the possession of
the fraudster.
• Details are obtained through phishing/smishing, social engineering
techniques. SIM swap attacks are effectively an extension of phishing
attacks, key loggers, etc. which are generally based on organised groups.
• The fraudster can then receive any incoming calls and text messages,
including banking one-time-passcodes (OTPs) that are sent to the victim’s
phone.
Mr SIM Swap: Gone Phishing
Relationship between SIM Swaps and
Phishing
Mr SIM Swap: Gone Phishing
12
• In most instances SIM swap fraud works hand-in-hand with phishing/smishing
(SMS phishing).
• SIM swapping is also described as the second phase of a phishing scam.
• When banks introduced measures such as OTPs that are delivered via SMS, it
was to combat phishing attacks and other malware. The fraudsters then moved
to performing SIM swaps to get hold of the OTPs.
• Whilst the attacks are highly targeted, the targeting is simply based on a set of
users who have been phished or key-logged and whose banking credentials are
already in the hands of the fraudsters.
• This type of attack poses financial and reputational risks.
RELATIONSHIP BETWEEN SIM SWAPS AND PHISHING
Mr SIM Swap: Gone Phishing
Some Interesting Statistics
Mr SIM Swap: Gone Phishing
14
SOME INTERESTING STATISTICS
Mr SIM Swap: Gone Phishing
The month of August marks a much
anticipated return to school for both
parents and students, but it appears that
the subject of education is just as
popular in the cybercrime underground
this time of year. RSA has observed an
increased supply of cybercrime courses,
lessons, counselling and tutoring offered
to fraudsters in rather official-looking
models, mimicking the activity of
legitimate schooling.
(RSA Online Fraud Report, September 2013)
15
• RSA Online Fraud Reports show that South Africa does not fall within the top ten
countries hosting phishing attacks, but features high on the list of top ten
countries by attack volume.
• According to RSA Online Fraud Resource Center, 6 % of the global phishing
attack volume for the first half of 2013 was against South Africa.
• According to the South African Banking Risk Information Centre (Sabric), the
number of SIM swap incidents was under a 100 in 2011, but has jumped to more
than a 1000 in 2012.
SOME INTERESTING STATISTICS (continued)
Mr SIM Swap: Gone Phishing
Case Study
Mr SIM Swap: Gone Phishing
E & J Phisheries
With us you are never off the hook...
17
After a long and successful career as the CEO of CiT Heist Enterprises , Mr.
Snoek started his own business – E & J Phisheries (E & J).
Several of his previous employees joined him in the new venture and business
was booming. Their key market was the financial industry and they had an
aggressive marketing strategy to identify potential customers within this sector.
The trusted CIO of E & J, Mr. Jack le Hack, continuously strived to develop and
identify new IT products that he could deliver to potential clients. These included
both hardware and software options with the sole purpose of making clients part
with their hard-earned cash and increasing the revenue stream of E & J.
CASE STUDY
E & J Phisheries
Mr SIM Swap: Gone Phishing
18
But “competition” increased in the market and the financial industry partnered with
the mobile industry to offer innovate products that seriously impaired E & J’s
bottom line.
Internet banking became increasingly popular and to keep the market tight a client
would now receive an one-time-pin (OTP) to create new beneficiaries and other
transactions. This had a serious impact on Mr. Snoek’s cash flow.
To keep up with the latest market trend, Mr. Jack le Hack strategised with his team
and identified other uses for the (legitimate) SIM swap process used by mobile
operators. Putting yourself in your client’s shoes was taken to a whole new level:
E & J was back in the game and could now enable clients to part with their money
again without minimum effort on the client’s side.
With the help of previous business associates and other willing investors, E & J
quickly re-invested their client’s funds to ensure a maximum return on investment.
CASE STUDY (continued)
E & J Phisheries
Mr SIM Swap: Gone Phishing
19
With the help of previous business associates and other willing investors, E & J
quickly re-invested their clients’ funds to ensure a maximum return on investment.
But a new cartel appeared on the horizon, posing a significant threat to the
operations of E & J.
The banks, mobile operators and other agencies joined forces, and their anti-
competitive behaviour soon drove Mr. Snoek to drink. His business strategies
could still be effective if the different role players did not unite their forces against
him.
Sadly, the future of E & J Phisheries looks bleak….
CASE study (continued)
E & J Phisheries
Mr SIM Swap: Gone Phishing
Investigation Methodology
Mr SIM Swap: Gone Phishing
21
• The curricula vitae of the role players – profiling and analysis
• Syndicate activities?
• Can one agency investigate alone?
• Benefits of partnerships
• Fragile evidence
• Racketeering prosecutions?
• An opportunity missed by Mr. Snoek – premium rated services
INVESTIGATION METHODOLOGY
Mr SIM Swap: Gone Phishing
Outsmart the Criminals
Mr SIM Swap: Gone Phishing
23
• Never click on a link from an unknown source – be it on your computer or cell
phone.
• Never share personal or financial information via email or SMS.
• Inform your mobile operator and/or bank of suspicious emails and SMSes.
• Check your account regularly for fraudulent or unauthorised access and
transactions.
• Password security and social engineering.
• Keep anti-virus software up to date.
• Keep your cell phone information safe.
OUTSMART THE CRIMINALS
Mr SIM Swap: Gone Phishing
24
• Register for SMS messaging services and keep your phone with you.
• Do not switch your phone off if you, for example, receive several annoying calls.
If you have no network reception, contact your mobile operator immediately from
an alternative number.
OUTSMART THE CRIMINALS (continued)
Mr SIM Swap: Gone Phishing
Closing Remarks
Mr SIM Swap: Gone Phishing
26
• Whilst the financial loss of the actual fraud can be significant to the victim, the
loss of consumer faith and reputational risk can also be significant to mobile
operators and banks alike.
• Avoid becoming a phishing/SIM swap victim by keeping your personal
information safe.
• Report suspicious activity immediately.
• Be vigilant: keep abreast of latest cyber crime trends and information from your
mobile operator and bank.
CLOSING REMARKS
Mr SIM Swap: Gone Phishing
Thank you!
Mr SIM Swap: Gone Phishing