1. CT Bar Association Larry Selnick, SVP, Director of Sales 9.18.14 Fraud Awareness Seminar: “Protecting Your Escrow Account”

2. 2 AGENDA Setting the Stage Types of Fraud How to Mitigate Risk Fraud Awareness Case Study

3. 3 SETTING THE STAGE The number of attacks is now so large and their sophistication so great, that many organizations are having trouble determining which new threats and vulnerabilities pose the greatest risk. ► Attackers may be able to access information, monitor your actions, modify programs, or perform other functions on your computer without being detected. ► Fraud is a “career” ► Estimated that 35 million machines are infected

4. 4 “There has been a shift in the online criminal world from primarily targeting individuals to increased targeting of corporations” (FS-ISAC). Unlike consumers who enjoy strong federal protection, a business may be liable under Uniform Commercial Code (UCC) rules (FS-ISAC). AS A BUSINESS YOU SHOULD KNOW…

5. 5 NOT A CASE OF IF, BUT WHEN Nobody is ever 100% secure. The threat environment is simply moving too fast. Rather than bulletproof security, organizations need to focus on ways to make the cost of breaching their security more trouble than the data that could be obtained is worth ► using a layered, risk-based approach to maintain the balance between security and customer experience. 41% of all data breaches are a result of criminal attack Source: Aite' RSA Study & First Data

6. 6 NOT A CASE OF IF, BUT WHEN Organized crime rings are responsible for the majority of attacks. Lone hackers, who are in it for either individual financial gain or the thrill of the chase, still initiate a small percentage of cyberthreats. Hackivists are individuals who use the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose. There are still some breaches that appear to be linked to insider activity.

7. 7 Source: 2012 AFP Payments Fraud and Control Survey, Tower Group 60% of organizations experienced attempted or actual payments fraud in 2013. 27% of survey respondents report that incidents of fraud increased in 2013 compared to 2012. Checks were the dominant payment from fraudsters, with 82% of affected organizations reporting their checks had been targeted. Among organizations that did suffer a financial loss resulting from payments fraud in 2013, the typical loss was $23,100. Prevalence of Attempted Fraud in 2013: Payment Channel All Respondents Checks82% Credit/debit cards43% ACH debits22% Wire Transfers14% ACH Credits9% WHERE IS FRAUD OCCURING?

8. 8 CYBER TERMINOLOGY Term:Definition: BotAutomated computer program, or robot. Malware Malicious software designed to infiltrate a computer system without the owner’s knowledge or consent. Phishing The process of attempting to acquire sensitive information such as usernames, passwords etc by masquerading as a valid entity in an electronic communication. Whaling Like phishing – but for the bigger “Fish” – the process of attempting to acquire sensitive information such as usernames, passwords etc from executives. Man in the Browser Gives the malicious software the ability to lay dormant on a victims computer and spring to life when the victim visits a banking site.

9. 9 Stolen valid online banking credentials ► Username, password ► Answers to security questions Theft of valid online banking credentials occurs by social engineering or when business gets infected with malware. Malware downloaded via email or through a hot linked website ► Man in the Browser ► Invokes key logging which records key strokes to capture online banking credentials Business accounts are accessed and ACH and/or Wires are generated “Mules” hired to open accounts and forward the funds to international destinations WHAT IS BUSINESS ACCOUNT TAKE OVER FRAUD?

10. 10 I KNOW YOUR PASSWORD

11. 11 Hacking into a voicemail account can be as easy as 1-2-3-4. Certain password configurations are very popular showing many people aren’t using random numbers (over 200,000 iPhone users surveyed) PIN UsedRank Same digit (0000,1111,etc.)1 Years (from 1900-2011)2 ABAB format (1010, 2121, 3131, etc.)3 12344 2580 or 0852 (center of keypad)5 5683 (spells LOVE)6 Source: Big Brother Camera Security, Daniel Amitay EASY TO GUESS PASSWORDS OPEN DOOR TO HACKERS

12. 12 Dedicate a computer or system for online banking, especially EFT (ACH transaction and wire transfers). Use multifactor authentication with independent mechanism. Log and monitor key computers or systems. Segregate EFT controls. Reconcile EFT transactions daily. Dedicate clearing accounts using “just in time” deposits. Use a “run as needed” bootable CD that cannot be contaminated by a virus or malware for the computer accessing online EFT (FDIC recommendation). Source: Journal of Accountancy HOW YOU CAN MITIGATE YOUR RISKS?

13. 13 Each Control Provides Security in Layers Recommend dedicated accounts for receivables, operating and disbursement: Cash Inflow Information Reporting Cash Outflow ► Post no debits ► No ACH or wire origination capability ► Mandatory Alerts ► Check Positive Pay ► ACH Positive Pay ► Controlled Disbursement ► Daily Review/ reconciliations ► Mandatory Alerts ► Dual Control/Tiered security (separate and distinct access) ► Limits set to business needs JIT Funds Receivable Account ► (2x) Daily Cash Position ► Just in Time (JIT) Transfers ► Mandatory Alerts Disbursement Account Operating Account ► Separate Account for check and EFT activities ► Dedicated PC (segregate from network) ► Trusteer required security for devices that access Web-Link

14. 14 Checks cashed at other banks ► Checks are matched against the file of issued checks. ► If on the file, the Payee Name is also matched against the file of issued checks. ► Exceptions are submitted to Webster Web-Link ® daily to be reviewed and decisioned by the customer. ► Enroll for Positive Pay Exception Event Notification to receive an email alert when you have exceptions to review Checks cashed at Webster Branches ► The teller enters the check information, the system automatically verifies the check against the issuance information on file. Match – check is cashed No-Match – teller will not cash the check, “refer to maker” HOW DOES CHECK POSITIVE PAY WORK

15. 15 Webster Check Positive Pay ► Your file of issued checks is sent to Webster and compared—by serial number and amount—against checks presented for payment against your account. Webster Payee Name Positive Pay ► Check Positive Pay takes Positive Pay one step further in that it also compares the payee line information, serial number and dollar amount against those on your file of issued checks. Payee Name Positive Pay is the more secure option. Webster ACH Positive Pay and Debit Block ► ACH Positive Pay protects your account from fraudulent ACH debit entries by allowing you to block or filter unauthorized electronic transactions. PREVENT FINANCIAL LOSS FROM FRAUD

16. 16 Don’t unplug – malware resides in computer’s memory and not the hard drive. Turning off a computer erases the memory, and with it many traces of the hack. Call in the Pros Keep a chain of custody – record every time someone touches a compromised computer or server and everything that’s done to it Stop the bleeding – Figure out how the hacker broke in, and fix that hole. Find out what they stole Figure out who to tell Be apologetic – in your customers minds, its your fault! WHAT TO DO IF YOU’VE BEEN HACKED

17. 17 Establish “Dual Control” authorizations Review your limits for ACH and Wire to determine if they suit your business needs Consider a “stand alone” computer that is used exclusively for online banking Review your internal controls Schedule a meeting with your Webster Banker to review your total risk exposure and learn how to mitigate those risks. WHAT SHOULD YOU DO NEXT? (TODAY!)

18. 18 FRAUD CHECKLIST Engage your Partners: ► Accountants ► Insurance ► Legal ► IT Consultant ► Banker

19. 19 The true costs to business from threats are far greater than merely the financial implications. In addition to direct cost there are: ► The cost of computer downtime ► Plummeting productivity ► Lost sales opportunities VALUE OF YOUR REPUTATION = PRICELESS!

20. 20 QUESTIONS

21. Internet Fraud Targeting Attorneys Kim Syrop Senior Vice President Fraud & Loss Management Webster Bank September 18, 2014

22. Attorney Beware! Attorneys nationwide have become the targets of sophisticated email scams. Con artists located overseas forward seemingly credible requests for legal representation to unsuspecting lawyers. The scammers rely on fake cashier’s checks to bilk their targets before the checks come bouncing back. Confirmed losses from this type scam are well over $1 billion. Arrests are unlikely since the suspects are located overseas in locales such as Asia and Africa.

23. Anatomy of a Scam Initial Contact ► Attorney receives email from someone who claims to be working in a foreign country who needs help with a legal problem “in your jurisdiction” The Legal Problem ► The sender of the email needs help collecting on a judgment, a contract, or a divorce settlement Bad Grammar ► Note that the email usually contains grammatical errors, though not always Easy Work ► The debt is described as being easy to collect by simply sending a demand letter ► In some cases, the debtor has already agreed to pay and the lawyer’s job is simply to serve as the intermediary

24. Anatomy of a Scam Quick Payment ► As predicted by the client, the opposing party quickly pays the money owed with a large bank or cashier’s check ► The purported cashier’s check will look legitimate, and may contain little or no clues as to its fraudulent nature ► The check is made out to the lawyer, to be deposited into trust ► The lawyer will then take his own fees from the trust account transaction, and pay the balance to the client Funds Wired to Overseas Account ► Client makes immediate and repeated requests to wire out the funds ► The attorney sees that the deposit has posted to his trust account, presumes the funds have cleared, and wires the money to the client’s bank account

25. Anatomy of a Scam Bad News ► A few more days pass and the attorney gets some bad news: the check has bounced and the money has been debited out of the lawyer’s trust account ► In most cases, the check was a counterfeit ► The client has vanished, and the account that the lawyer wired the money to has closed, or at least no longer has any funds in it ► The lawyer’s trust account is either overdrawn or at least is substantially depleted of hundreds of thousands of dollars

26. Available vs. Cleared Funds ► Individuals wrongly assume that after several days the check they deposited must be good, absent hearing otherwise from the bank. ► They may even contact the bank and hear the phrase “the funds are available” and interpret that to mean the check has cleared as good. ► This statement from the bank merely means that the funds are available, not that the check is good. ► The Expedited Funds Availability Act (12 USC Section 4001- 4010) requires that deposits of various funds must be made available to a bank’s customers even before the funds have technically been cleared.

27. Steps to Avoid Becoming a Victim Carefully scrutinize unsolicited email/phone calls from individuals or entities with whom you have no prior dealings requesting your services, particularly if the email/phone calls originate from a foreign country. Take steps to independently verify the information provided by your “client”. If possible, take steps to identify and verify “client” information. Be suspicious of a solicitation that offers a relatively large fee or commission for little or no work or that appears outside of your usual practices areas. Educate your staff to be on the lookout for these types of schemes. Periodically review law enforcement websites for information on current fraud schemes.

28. Steps to Avoid Becoming a Victim If you have doubts concerning the validity of a check you receive, contact the institution on which the check is drawn to request confirmation. When contacting the bank, DO NOT use the telephone number provided on the check, as this number is generally not associated with the financial institution but rather with the scammer. Locate the issuer’s phone number from another source. You can locate a bank’s contact information at the FDIC website. Never be in a rush to disperse funds by wire transfer, particularly from your trust account.

29. New Email Scam Email phishing attack targeting attorneys Random email advising that your IOLTA account has “insufficient funds” to pay an outstanding check Sender claims to be National Bankruptcy Services LLC of Dallas All versions refer to a check of approximately $19,000 A.zip file attachment purportedly containing additional information is presumed to contain malware.

30. Text of Fraudulent Email

31. Questions

32. Webster Bank Case Studies

33. Title bar33 Case Study #1 Overseas Divorce Assistance

34. Initial Contact

35. The Story

36. The Divorce Decree

37. The Retainer Agreement

38. The Payment

40. The Check

41. Payment Confirmation

42. Title bar42 Case Study #2 Overseas Collection Request

43. The Story

46. Instructions

48. The Payment

50. The Check

51. Payment Confirmation

52. Scam Email Examples

53. Overseas Collection Request

54. Overseas Divorce Assistance #1

55. Overseas Divorce Assistance #2

56. Dying Charitable Benefactor

58. Business Collection Request

59. United States of America v. Emmanuel Ekhator, et al Kim Syrop Senior Vice President Fraud & Loss Management Webster Bank September 18, 2014

60. Portrait of a Fraudster Emmanuel Ekhator Member of Nigerian internet fraud syndicate 42 years of age Married Masters Degree from University of Bradford, West Yorkshire Residences in Canada and Nigeria

61. The Indictment

64. The “Collection” Scam A co-conspirator contacts a law firm, usually via email, and claims to be a foreign citizen or a representative of a foreign company. The co-conspirator represents that he is attempting to collect funds from a North American individual or entity owing monies from a transaction such as a real estate transaction, a divorce settlement, or a tort settlement. The co-conspirator represents that he is seeking legal representation from the victim law firm to collect monies. After agreeing to provide legal representation, the victim law firm is contacted by another co-conspirator posing as a representative of the entity purportedly owing the monies. This individual agrees to make payment on the monies owed.

65. The “Collection” Scam A co-conspirator purporting to be a representative of the entity owing the monies then mails a check that appears to be legitimate to the victim law firm via Canada Post, U.S. Mail, or a private courier such as FedEx or UPS. The information on the check was stolen from legitimate companies, with the amount, payee name, and phone number altered. If the victim law firm contacts the fraudulent phone number printed on the check, a co-conspirator answers the call and fraudulently verifies the amount to the check and its validity. The victim law firm deposits the check into a trust account and waits until it appears the check has cleared.

66. The “Collection” Scam Following instructions from the initial co-conspirator, the victim law firm then wires funds to a bank account, usually located in Asia. Typically, the fraud is detected when the check is returned because it is counterfeit.

67. “Collection” Scam Terminology Catcher – an individual who contacts the victim lawyer or law firm and initiates the purported attorney/client relationship. Runner – an individual who coordinates bank accounts and obtains checks from the individuals who create the counterfeit checks.

68. The Players Emmanuel Ekhator – the main facilitator of the fraud responsible for transmitting information, usually via e-mail, between “catchers” and “runners” and coordinating counterfeit check activity. He resided in Canada. ► Arrested in Nigeria and extradited to the United States ► Pled guilty to criminal conspiracy to commit mail fraud and wire fraud ► Sept 2013 - Sentenced to 100 months in federal prison, over $11 million in restitution, and forfeiture of properties in Canada and several bank accounts in Nigeria Yvette Mathurin – responsible for purporting to be a bank employee and falsely validating the amount of the check and its authenticity when a victim law firm called. She resides in Canada. ► Arrested and awaiting extradition from Canada

69. The Players Kingsley Osagie – responsible for coordinating bank accounts to launder the proceeds of the fraud and coordinating the wire activity to foreign bank accounts. He resides in Nigeria. ► Arrested as he arrived in the Atlanta area from Nigeria ► Awaiting trial in the Middle District of Pennsylvania Maxwell Nosa Omorere – responsible for coordinating money laundering activities and wire activities; providing co-conspirators the wording used in communications to victim law firms; and providing co-conspirators victim information. He resides in Nigeria. ► Active INTERPOL arrest warrant

70. The Players Nicholas Jonah Uangbaoje – responsible for providing co-conspirators with verification of deposits and wire transfers to accounts used to receive fraud proceeds. He resides in Nigeria. ► Active INTERPOL arrest warrant Ezeh Matthew Okechukwu – responsible for maintaining bank accounts in Korea used to receive the proceeds of fraud. He resides in Korea. ► Active INTERPOL arrest warrant

71. Press Release