U.S. Department of Homeland Security United States Secret Service MCPF PRESENTATION Evolving Financial CrimeTrends & The Gateway ECTF ASAIC Doug Roberts

U.S. Department of Homeland Security United States Secret Service Financial Crimes Investigations Evolving Trends  Crimes are getting more complex with larger fraud losses  Increasing use of new technologies  Multiple suspects involved in higher percentage of investigations  Organized crime and international links  Eastern Europe; Ukraine, Romania, Bulgaria, etc  U.S. is not alone. Australia, Spain, UK, etc

U.S. Department of Homeland Security United States Secret Service Financial Crimes Investigations How Account Numbers Are Obtained Consumer Level:  Card skimming  ATM skimming  Gas pump skimming  Wireless skimming  Phishing Industry Level:  Network Intrusions / Data Breaches  Collusive employees  Malware, Trojans, Worms

U.S. Department of Homeland Security United States Secret Service Financial Crimes Investigations What is ATM Skimming?  The copying of account information that is electronically stored on a bank card during an attempt to use an ATM. This is coupled with a stolen PIN via pin hole camera, keypad overlay, etc.  The stolen data/information is re-encoded on “white plastic” or counterfeit cards to make unauthorized withdrawals.

U.S. Department of Homeland Security United States Secret Service Average Bank Robbery Loss: $4,854 Average ATM Skimming Loss: $33,000 Financial Crimes Investigations The Cost of ATM Skimming

U.S. Department of Homeland Security United States Secret Service The equipment is available over the Internet. The software and hardware are very user friendly and extremely mobile. The skimmed information can be transmitted via anywhere in the world within hours after it is skimmed. Skimming devices attached to ATM’s to read users' card details increasingly return their data to criminals via SMS text messages. The new generation of skimming devices no longer store the data over a period of time for later collection, but transmit it via SMS direct to the criminals, allowing them to clone accounts from the comfort of their own living room. Financial Crimes Investigations Why is Skimming popular

U.S. Department of Homeland Security United States Secret Service Fraudulent transactions frequently occur within hours of the compromise Financial Crimes Investigations Skimming Usually the fraud stops after days because the account is depleted or the criminals realize that the risk of the compromise being discovered is greater Usually do not skim cards at any one location for more than a couple of days.

U.S. Department of Homeland Security United States Secret Service Financial Crimes Investigations ATM Skimming

U.S. Department of Homeland Security United States Secret Service PIN hole camera assembly mount placed above key pad to capture PINs Mounted over original ATM card reader Financial Crimes Investigations ATM Skimming

U.S. Department of Homeland Security United States Secret Service

U.S. Department of Homeland Security United States Secret Service

U.S. Department of Homeland Security United States Secret Service What Do The Criminals Do Next With The Information?

U.S. Department of Homeland Security United States Secret Service Counterfeit Card Lab

U.S. Department of Homeland Security United States Secret Service Counterfeit Cards “White Plastic”

U.S. Department of Homeland Security United States Secret Service “Dumped” Card Information is Transmitted Overseas and Sold on the Internet – Carding Portals

U.S. Department of Homeland Security United States Secret Service What are Carding Portals?  Transactional Site  Stolen Credit Card Data  Stolen Databases of Personal Information  Online Banking  Online Payment Systems  Online Credit Card Processors  Online Auction Fraud  Counterfeit Identity Documents  Recruitment  Finding Partners for Complex Fraud Schemes  Knowledge Sharing  Technical Vulnerabilities  Sensitive Info on How Financial System Works  How to Defeat Security and Anti- Fraud Measures  Criminal Infrastructure Provision  Hacking Services / Custom Malware Development  Phishing Services  Specialized Equipment (Card Writers, Embossers, Blank Credit Cards, Holograms, etc.)  Reshipping Services  Credit Reports and Personal Info Services

U.S. Department of Homeland Security United States Secret Service The St. Louis Metropolitan Area has started to see an increase in traveling groups committing fraud via skimmer and malware. Methods and vulnerabilities are often shared on the carding portals.

U.S. Department of Homeland Security United States Secret Service Sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments  BOTH  BOTH suppliers and their customers are victims of this scam  Targets CFO, CTO, or some high-ranking executive Compromise via social engineering or computer intrusion techniques Formerly known as the man-in-the- scam, the BEC was renamed to focus on the business angle of this scam

U.S. Department of Homeland Security United States Secret Service Asian banks, located within China and Hong Kong, are the most commonly reported destination for these fraudulent transfers. The fraudsters will use the method most commonly associated with their victims’ normal business practices. (i.e. web-based accounts, checks, wire transfers, company branding).

U.S. Department of Homeland Security United States Secret Service Version 1 Scenario One A business receiving a request for wire transfer  A request, on behalf of this business executive, is forwarded to a second employee for a wire transfer to a fraudster controlled bank account.  The second employee complies with the business executive’s request and sends the payment.  The fraudster spoofs or hacks a business executive’s account and contacts the bank directly, asking for an “urgent wire transfer.”  The fraudster hacks or spoofs a business executive’s account…usually the CFO, CTO, CO, etc. Version 1 Scenario One A business receiving a request for wire transfer  A request, on behalf of this business executive, is forwarded to a second employee for a wire transfer to a fraudster controlled bank account.  The second employee complies with the business executive’s request and sends the payment.  The fraudster spoofs or hacks a business executive’s account and contacts the bank directly, asking for an “urgent wire transfer.”  The fraudster hacks or spoofs a business executive’s account…usually the CFO, CTO, CO, etc.

U.S. Department of Homeland Security United States Secret Service Version 1 Scenario Two A business employee’s An employee of business “A” has his/her hacked, not spoofed. Requests for invoice payments are sent from this employee’s to multiple customers identified from this employee’s contact list. These requests contain fraudster controlled accounts. Business “A” does not become aware of the multiple fraudulent requests until they are contacted by their customers. Version 1 Scenario Two A business employee’s An employee of business “A” has his/her hacked, not spoofed. Requests for invoice payments are sent from this employee’s to multiple customers identified from this employee’s contact list. These requests contain fraudster controlled accounts. Business “A” does not become aware of the multiple fraudulent requests until they are contacted by their customers.

U.S. Department of Homeland Security United States Secret Service Characteristics of a Fraudulent Scam dates coincide with business travel dates for executives whose s were spoofed  Fraudulent wire transfer requests are similar to normal business transaction amounts  Fraudsters use company branding, invoice formats, signatures of targeted supplier IP addresses frequently trace back to free domain registrars “code to admin expenses” or “urgent wire transfer”

U.S. Department of Homeland Security United States Secret Service Reducing the fraud has to be a collective effort between businesses (retail, corporate, and financial) and law enforcement. Success is obtained when there is communication.

U.S. Department of Homeland Security United States Secret Service The Task Force and Working Group approach enhances communications and builds relationships that enable those involved to solve problems and carry out specific missions.

U.S. Department of Homeland Security United States Secret Service National Computer Forensics Institute A collective effort between: * Department of Homeland Security * Secret Service * State of Alabama * Alabama District Attorneys Association * City of Hoover, Alabama **County of Shelby, Alabama

U.S. Department of Homeland Security United States Secret Service National Computer Forensics Institute NCFI training courses are offered to state and local law enforcement, prosecutors and judges through funding from the federal government. Travel, lodging, equipment (in some classes), and course fees are provided at no costs to attendees or their agencies.

U.S. Department of Homeland Security United States Secret Service The Gateway Electronic Crimes Task Force/Working Group is evolving to fit the current financial and electronic crime trends and climate. The Gateway Task Force will combine the communications and liaison efforts used through the Quarterly Meetings and advisements to address electronic crimes and financial crimes.

U.S. Department of Homeland Security United States Secret Service Doug Roberts Assistant Special Agent in Charge U.S. Secret Service St. Louis Field Office Office/Direct: 314/ Cell: 314/