Current Fraud Trends
Kathy Druckenmiller, CFCI, CIRM, ACT Specialist
April 29, 2014
4/29/2014
Social Engineering
Phishing
Vishing
Smishing
Hijacked Email
Social Media
Sweetheart Scams
Online Job Scams
4/29/2014
Social Engineering
Phishing
Phishing
Using electronic communication
to manipulate
into
Using
electronicsomeone
communication
to manipulate
giving private information
someone into giving private information
4/29/2014
Social Engineering
Vishing
Utilizing VOIP or traditional telephone
lines to trick someone into giving
confidential information
4/29/2014
4
Social Engineering
Smishing
Using SMS test messages to
obtain sensitive data
4/29/2014
5
Social Engineering
Hijacked Email
Taking over a personal email
account and masquerading as
the customer
4/29/2014
6
Social Engineering
Social Media
Using social media as resource to obtain your
identity or commit fraud against you
4/29/2014
7
Social Engineering
Sweetheart Scams
Fraudsters trolling online dating websites
and social media sites, looking for partners
that will ultimately send their own funds to
the fraudster or will be used to launder
stolen funds through their personal
accounts
4/29/2014
8
Social Engineering
Online Job Applications
Phony job postings placed on legitimate
employment websites that trick applicants into
becoming money mules for stolen funds
4/29/2014
9
Social Engineering
Mitigation for Social Engineering Fraud?
Education for Customers – to avoid involvement
in scams
Education for Employees – to recognize the signs
of transactions that may be the result of social
engineering
4/29/2014
10
Current Debit and Credit Card Fraud
Counterfeit “Skimmed” Debit and Credit Cards
Data Breaches
Cybercrime
4/29/2014
11
Counterfeit/Skimmed Cards
Skimmer
 Clone Magnetic stripe data
 Capture CVV and CVD codes
 Data can be transferred to card stock or “white
plastic”
Skimming Equipment:
 Handheld skimmer
 Alternate skimmers
 Skimming device placed over legitimate card reader
4/29/2014
12
Skimming Equipment
Handheld Skimmer
 Requires human assistance
 Requires card to be out of site of customer
 Targets restaurant patrons
 Information re-encoded onto plastic or sold on internet
“carder” sites
4/29/2014
13
Skimming Equipment
Handheld Skimmer
4/29/2014
14
Skimming Equipment
Alternate Skimmers
4/29/2014
15
Skimmed Cards
Reader placed directly over legitimate card
reader:
 Does not requires human assistance
 Does not require card to be out of site of customer
 Targets: ATM machines, Gas pumps and readers that are
remote and can be tampered with without witnesses.
 Information re-encoded onto plastic or sold on internet
“carder” sites
4/29/2014
16
ATM Skimming Equipment
ATM Skimmer Examples
4/29/2014
17
ATM Skimming Equipment
ATM Skimmer Examples
4/29/2014
18
EMV (Europay, MasterCard and Visa)
Chip and PIN technology
Fraud liability shift to POS merchants October 2015, ATMs - October 2016 and Gas
Pumps - October 2017
EMV will not affect Data Breaches
4/29/2014
19
EMV (Europay, MasterCard and Visa)
EMV Chip and PIN reader
4/29/2014
20
Data Breaches
Data Breaches
Malware that targets corporate servers
Operation can be completely remote
Mass amounts of data at once
Information sold on internet “carder” sites
EMV removes the magnetic stripe, compromised
data cannot be re-encoded onto card
4/29/2014
21
QUESTIONS ?
4/29/2014