U.S. Businesses Targeted Randy Wolverton Brian J. Koechner Payment Fraud Schemes Involves CompromisingAccounts Fakes from Senior Executives Fakes from Vendors Goal: Cause Wire Transfers from Company to Fraudsters Also Known as Man-In-The-Middle Scams Video Video Global Scam Stats: Time Period: 10/01/2013 to 12/01/2014: Combined U.S. and Non-U.S. Victims: 2126 Combined Losses: $214,972, Problem is Growing Linked to Other Fraud Schemes: Romance; Lottery; Employment; Home/Vacation Rental Attorney Check; Compromiseaccount of Executive sent from Executive to Employee with ability to conduct wire transfers Compromise Vendor/Supplier Last Minute modifications to bank account Wired Funds often sent to Asia, and other countries Business with longstanding relationship with supplier Asked to wire funds for invoice payment to fraudulent account Request made via telephone, fax, orcontains spoofed website Appears to mimic prior legitimate requests accounts of high level Executives are compromised Request for wire transfer from compromised account is made to employee(s) conducting wires Fraudulent request is often sent to banking institution Employeesis hacked Contact list is obtained Request for invoice payments to fraudster bank account are sent from this employeesto multiple vendors Scheme not discovered until contact is made with vendors Very Patient, Ruthless Prior Reconnaissance of Target Looking for Control Weaknesses Often Use Weekends, Evenings, fake Emergency transfers Often used when Executive is traveling and cannot be contacted Changing theheader to disguise the true source Used to get recipients to open and respond to solicitations Used to convince person to provide personal or financial information Used to gain access to computer system Use Spoofeds to employees allegedly from Executive Spoofedfrom Executive describing a Confidential Deal Spoofedfrom Executive asking to change Vendor information Can be used to install Malware, Key Logging Asks Employees to click on a compromised Website (Phishing) Businesses/Personnel using open source E- Mail are targeted Individuals handling wire transfers are targeted Spoofeds mimic a legitimate Hackeds often occur with personal E- Mail account Fraudulentrequests carefully worded to appear legitimate Phrases code to administrative expenses or urgent wire transfer are common Amount of wire transfer is business specific similar to normal business Fraudulentrequests coincide with business travel dates for Executives Fraudulent IP addresses often trace back to free domain registers Avoid Free Web-Based Establish a company web-site domain and use it to establish companyaccounts Be careful of posts to social media and company websites Be suspicious of requests for secrecy, or to take action immediately Consider additional IT and Financial Security Consider 2-step verification Arrange second-factor authentication (telephone contact) Consider Digital Signatures on both sides of transaction Delete Spam unsolicitedfrom unknown parties Do Not Open Spam Do Not use the Reply option to respond to businesss. Instead, use the Forward option and either type the correctaddress or select it from theaddress book Be aware of significant or sudden changes in business practices Train Employees