Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business Fraud Presented by Robert J. Rebhan Financial Crimes Expert.

Similar presentations

Presentation on theme: "Business Fraud Presented by Robert J. Rebhan Financial Crimes Expert."— Presentation transcript:

1 Business Fraud Presented by Robert J. Rebhan Financial Crimes Expert

2 Inside Out Vulnerabilities Exploiting Trust

3 President Obama: “I want a kill switch for the Internet.” Richard Skinner: “We can’t protect secrets.” Federal Trade Commission: “Shut down access to any system that has been infected by virus or malware.”

4 Malware

5 Botnets DDoS (Distributed Denial of Service Attacks

6 Botnets 10,000 Bot Servers Bot Herders – use exploits Bot Wars Underground Economy

7 Botnets What else can Botnets do with control? –Send Spam –Store Images & Data on PCs & Servers –Attack Your Financials Keystroke Capture Man-in-the-End-Point Attacks Man-in-the-Middle Attacks

8 Trend: Hit Small to Mid-Size Businesses

9 Case Study: Rubbermaid Atlanta, Georgia Loss: $150,000.00 Systems Repair Suspect: Bob Bentley – 17-year-old Floridian Method: Exploited Server Vulnerability

10 Case Study: Hillary Machinery Houston, Texas Loss: $600,000.00 Suspects: Russians, Estonians and other East Europeans Method: Cyber Thieves wire transferred funds to American accounts Bank’s Position: Their security is commercially reasonable

11 Case Study: Experi-Metal Sterling Heights, Michigan Loss: 1.9 Million Suspects: Russians, Estonians and other East Europeans Method: Cyber Thieves monitored legitimate email and later “spoofed” a demand to renew EMI’s digital certificates Bank’s Position: Their security is commercially reasonable

12 So How Do Cyber Criminals Do It? Drive-By Downloads Spoofing & Teasing Note: 15-20% of home and business systems are now in the hands of cyber criminals Note: 90% of web threats come from trusted sites

13 Best Practices for Protecting Your System and Assets Hire a Competent Tech Guy Update Systems Regularly Disable USB Ports Stop Employees From Risky Behavior Monitor Bank Accounts Regularly by Telephone

14 Best Practices for Protecting Your System and Assets Train Staff Separate Systems Regulate Personal Devices on Property –Create Personal Use Computer for Employees (Workstation) For Personal Emails For browsing the Internet without risk

15 Corporate Incident Response The Team: –Executives –Risk Manager –Legal –HR –IT Manager –Chief Information Officer –Marketing Officer (Press Release) Start a Log Notify the Feds

16 Checking Accounts Inside-Out Attacks –Cyber –Local Criminal –Employee Embezzlement

17 Checking Accounts Criminals have... Altered Checks Counterfeited Checks Stolen Blanks

18 Checking Accounts Employees have... Written Checks to Phantom Employees Received Kickbacks on Vendor Overpays Altered Returned Checks

19 Checking Accounts When Reordering, or Opening New Accts: Use Initials (Gender Mysterious) P. O. Box Remove SSN, B.D., Phone, Etc. Pick up Checks at the Bank Upgrade to Safe Checks

20 Checking Accounts When Hand Writing a Check (At Home or in Business): Use Gel Ink 9 or Uniball 207 (Never Felt Tip) Perfect Signatures No Spaces Between Text and Digits Only Use to Pay a Reputable Entity Check Balance Frequently by Telephone

21 Checking Accounts Suggestions: Remote Deposit Capture – Reject It! (Vulnerabilities) Stop Pay Shelf Life Use Laser Printer For Text Watch Your Ink Temperatures – Cool vs. Hot Print Text in Size 14 Font

22 Checking Accounts Suggestions (continued…) Test Checks used to Verify the Accuracy of Your Printer Should be Voided and Shredded Immediately –Keep in mind copiers and PDAs have memory Keep Check Stock Locked in a Vault or Other Secure Location –If forger gets blank stock, you can be held liable even with Pos Pay and blank stock Have Bank Statements Mailed to a Secure Location –Home

23 Checking Accounts Suggestions (continued…) Separate Tasks: –Do not allow the person who prints or writes the checks to reconcile the account Closed Accounts... –Can be reactivated by simply depositing a discarded check –Solution: Shred the old checks Employee Background Checks on Accounting & Mailroom Staff and Anyone Handling Increased Corp. Responsibility

24 Checking Accounts Suggestions (continued…) Mailroom Procedures and Personnel should be Monitored (Charity) Use Positive Pay Set Up Wire Transfers – “Deposit Only” Move Funds to Secure Accounts Not Linked to Web Report Break-Ins Immediately Monitor Accounts Daily

25 Checks Security Features: Desolving Ink Chemical Sensitive Paper Micro Printing Thermochromatic Ink Expiration Date Toner Anchor Warning Band Pantographs, Holograms, Watermarks, etc.

26 Employee Embezzlement Prevention Starts With... If you like mysteries, read one; don’t hire one If you like mysteries, read one; don’t hire one

27 Employee New Hire Application Research: Get Waiver Search Social Networking Sites Background Checks – Criminal & Civil Phone All References Solicit Explanation of Anomalies

28 Employee Once Hired... Notice – Handbook Customized for Position MonitorVerifyAudit

29 Quick Tips For Safer Financials Tell your staff about “social engineering.” This method of gleaning confidential information about staff, systems, and operations, can occur by phone, in person, or computer phishing.

30 Quick Tips For Safer Financials Clean Desk Policy Lock All Files Restrict Cleaning Crew Access Record Copier Counter Number

31 Quick Tips For Safer Financials Shred all discarded confidential information, including all invoices and statements. For ID thieves, office trash bags and bins are favored hunting grounds.

32 Radio Frequency I.D.

33 R.F.I.D. Radio Frequency Identification Active Devices Passive Devices The technology permits issuing every object on the planet a unique identification number

34 R.F.I.D. - Size Seed

35 Wafer

36 Ticks

37 R.F.I.D. – Can Be Found In Credit Cards “Blink” Speed Pass Library Books Passports Store Merchandise TiresAnimals –Livestock –Fish –Horses –Pets Humans –Medical –Secure Location Access

38 R.F.I.D. – Applications Inventory Control Identifying Lost Pets Security Access Toll Road Billing Spying

39 R.F.I.D. – The Downside A hacker can make a reader for $20.00 A bomb can be rigged to go off when a certain person goes by Individual rights can be abused by tracking a person’s movement It has been broken by hackers

40 ATM Security

41 ATM Overlay

42 Bank PIN Pad

43 Resources

44 Resources What to Read: 2600 magazine RSS feeds

45 Resources What to Listen to: The Tech Guy – Leo LaPort Kim Komando

46 Resources Develop Relationships With: Local Law Enforcement Feds

47 Resources What to Join: InfragardIAFCI

48 Resources Create a Position: Asset Protection Info Tech Assistant – Employee or Kin

49 Robert J. Rebhan Financial Crimes Expert Founder IPFC Institute for the Prevention of Financial Crimes (818) 991-4546

Download ppt "Business Fraud Presented by Robert J. Rebhan Financial Crimes Expert."

Similar presentations

Ads by Google