We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byKaty Dobkin
Modified over 2 years ago
The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved Incident 1 Regional Bank in the nations Heartland with $1B in assets Phase I : Reconnaisance Collect all of publicly available bank customers information Phase II : Collection Aggressively Phish the bank customers with targetted s Text Message Phish clients "Vish" the clients Phase III : Monetization Shared stolen information with "money mules" in United States and received 50% of the proceeds
The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved Vishing Vishing is the practice of leveraging Voice over Internet Protocol (VoIP) technology to trick private personal and financial information from the public for the purpose of financial reward. The term is a combination of "voice" and phishing. Vishing using social engineering techniques.Voice over Internet ProtocolVoIP phishingsocial engineering Vishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations which are known to the telephone company, and associated with a bill-payer. However, with the advent of VoIP, telephone services may now terminate in computers, which are far more susceptible to fraudulent attacks than traditional "dumb" telephony endpoints.
The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved Attack Process The criminal configures a war dialer to call phone numbers in a given region. In this Incident criminals setup numbers in the local exchangewar dialer When the phone is answered, an automated recording is played to alert the consumer that their credit card has had fraudulent activity and the consumer should call the following phone number immediately. The phone number could be a toll free number often with a spoofed caller ID for the financial company they are pretending to represent. When the consumer calls the number, it is answered by a typical computer generated voice that tells the consumer they have reached account verification and instructs the consumer to enter their 16-digit credit card number on the key pad. Once the consumer enters their credit card number, the visher has all of the information necessary to place fraudulent charges on the consumer's card. The call can then be used to harvest additional details such as security PIN, expiry date, date of birth, bank account number, etc.
The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved Dear Bank Customer, (Personal introduction including bank name) We have detected fraudulent activity against your credit card and have temporarily disabled it. We ask that you please contact our fraud department immediately at In the meantime you will not be able to use your credit card. If you do not contact us we will allow the charges to post against your account and you will be responsible for paying for them. Again the number is (LOCAL EXCHANGE NUMBER, changed several times) Not paying will result in a late payment report being filed with the credit agencies. the number is Introduction Call
The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved Thank you for contacting the Fraud department, we are committed to protecting your identity. At anytime you may press 0 to talk to an customer service agent. We are experiencing a high call volume and the current wait time is 37 minutes. We appreciate your business and thank you for being a customer. In order to provide accurate and reliable service please say your name. Thank you, please enter your credit card number. Please enter the expiration date as two digits for the month followed by two digits for the year. Please enter the C V V number located on the back of the card followed by pound. Return Call from Target
The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved Emerging threats Example Romanian Hacking Group Government instituted reforms to educate younger generations in technology to get out of Russian control Generations of organized, specialized, highly trained, out of work technologists Romania has one of the poorest economies in the European Union Anti-American sentiment and culture that supports Unskilled and poorly equiped law enforcement
The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved Russia - Georgia Conflict Physical and cyber warfare operations coincided with the final "All Clear" for Russian Air Force between 0600 and 0700 on August 9,2008 Physical and cyber warfare shared targets, media outlets and local government communication systems in the city of Gori Further cyber warfare operations against new targets in Gori coincided with traditional physical warfare target
The Information Security Experts Copyright © 2008 SecureWorks, Inc. All rights reserved Incident 3 Malware Installed on target's machine Gmail username and password stolen Criminals track personal life of target Learn target is going to Hawaii for 2 weeks When the target leaves they Have his postal mail forwarded (www.usps.gov) Get his phone number changed Get his cell phone disconnected Fill his account with porn. Steal $1,000, from account Bank can not contact customer and allow transfer to occur
ING Fraud Collection GPCE Credit Union has arranged a collection of scams, outlining the most prevalent financial scams. We want our members to be aware,
Personal Privacy Identity protection in this wired world.
Identity Theft A consumers guide to protecting your personal identity and finances Offered by the Michigan State Police.
CYBER SECURITY TRAINING Virginia Marine Resources Commission MIS Dept. October 2012.
Company LOGO Data Protection Fundamentals Sensitisation MQA By : Mrs. Pravina DODAH Mr. Hemrajsingh BHUGOWON Date : 09 Nov 2012.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking – Slide 1 Funded by a grant from Take Charge America,
Objective 7.03 Understand ways to avoid identity theft. Identity Theft.
Identity Theft Presented by Lawrence County Sheriffs Office and Lawrence County Information Systems & Technology.
Identity Theft and You Identity Theft and You Updated May of 2007.
Introduction to Telecommunication Equipment: PBX, ACD, IVR, CMS, CAS and Workforce Management or How to Select Telephone Systems & Services to Fit Your.
2013 PCI Data Security Awareness Training. What is PCI-DSS? The Payment Card Industry Data Security Standards (PCI-DSS) are regulations that were created.
Identity Theft What You Need to Know. Learning Goals Define Identity Theft Learn how your identity is stolen Learn how you become a victim Learn what.
Richmond Municipal Identification Cards. Something we all can use…
Identity Theft Don't Be a Victim Revision II. Course Data Author: Lynne Presley, Staff Organization & Development, Oklahoma Dept. of Corrections Course.
Personal Information Security and Malware Awareness Workshop Bard College at Simons Rock Information Technology Services (ITS) Summer 2012 (Please sign.
Overview of Data Privacy and Security Breaches, Laws and Risk Mitigation Measures Presentation to the Greater Washington, DC Chapter of ARMA International.
Preventing Its More Than Just Your Wallet…. Identity Theft One New Identity Theft Victim Every 3 Seconds in 2012 (Javelin Strategy & Researchs 2012 Identity.
GlobalCash Paycard Program Program Guide FCGCC
M-COMMERCE Md. Rashedul Hasan. The Wireless Revolution We are seeing a widespread convergence in wireless technology and the services it offers. If content.
Mount Auburn Hospital Information Security Awareness Training How to protect electronic information at work and at home.
CYBER SECURITY October 2009 ARE YOU AWARE? The Federal Trade Commission reports that: For the seventh year in a row, identity theft tops the list, accounting.
This webinar is brought to you by Community Law School (Sarnia-Lambton) Inc., a nonprofit, registered charitable organization devoted to public legal education.
CONSUMER ACTION - Credit Card Fraud Training Credit Card Fraud An Educational Partnership of Consumer Action and Chase ©2009.
Logical IT Security By Prashant Mali.
Cyber crime issues – current state of cyber security readiness and cyber crime enforcement capability Viet Nam Hitech Crime Investigation Department Dr.
INTERNET MARKETING CHAPTER 6 Electronic Payment Systems Pranjoy Arup Das
Avoid Identity Theft TCU Technology Resources Information Security Services.
IT Security Auditing. Topics Defining IT Audit Risk Analysis Internal Controls Steps of an IT Audit Preparing to be Audited Auditing IT Applications Who.
UNCLASSIFIED1 CELL PHONE VULNERABILITIES!. UNCLASSIFIED2 Be Aware! Your cell telephone has three major vulnerabilities 1. Vulnerability to monitoring.
Copyright © 2014 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 9 Telephone Techniques TEACH Lesson Plan Manual for Kinns The Medical.
© 2016 SlidePlayer.com Inc. All rights reserved.