Electronic Fraud –
Techniques, Methodologies,
and Countermeasures
Michael Schirling
April 2008
Context
Extortion Credit card generators
Fraud Schemes
Trojan Horse scenarios
Stock Trading Scams
Murder
Child Exploitation
Fraud
Identity Theft
Context
Armed bank robberies net an average of
$7,500 each for an annual total of
approximately $60 million. One-sixth of
the money is recovered and 80% of
offenders are incarcerated.
The FBI estimates that cyber criminals
net $10 billion annually, averaging
$250,000.00 per heist with less than one
percent of offenders going to jail (old
figure circa 2000).
Cyberspace offenders:
A non-exhaustive list
Preferential sex offenders
Terrorists
Spies
Hackers – trespasses for achievement
Pranksters – defies authority
Phreakers/Crackers
Common criminals – for profit
Disgruntled insiders *****
In August of 2001, a few men were hanging out in a
parking lot near the Arlington, Virginia, Department
of Motor Vehicles (DMV) office. This was nothing
new. Their fee was no more than $100 and most of
their customers were illegal immigrants.
“According to an FBI affidavit, on August 2, the men in
the parking lot were approached by “three Arab
males” in a van. The three men were asking about
acquiring official identity cards. They accompanied
the men in the van to a nearby attorney’s office and
swore to their Virginia state residency. The three
men in the van returned to the DMV offices with the
proper documentation and were issued Virginia
identification cards…….”
“On September 11, they were among
the 19 terrorists who hijacked the
jetliners that crashed into the World
Trade Center and the Pentagon.
Apparently, more than half of the 19
hijackers boarded the aircraft with
phony ID’s. Moreover, the terrorist
who was convicted last year in the
plot to blow up Los Angels
International Airport used 13
identities that were pilfered from the
membership roster of a Boston,
Massachusetts, health club.”
“Clearly, identity theft is no longer
confined to computer hackers and
scam artist who are out to make a
fast buck….”
Sanford Wexler, Law Enforcement
Technology, April 2002, P28
STEALING THE OLD
FASHIONED WAY
Small gain, great
risk
Victim can ID you
Victim can fight back
Police can chase
you
Gun enhancements
Long prison terms
STEALING VIA ELECTRONIC
MEANS
High profit- low risk
No victim contact
No weapon use
Police undermanned
and overwhelmed
If caught- probation or
misdemeanor
The loot is delivered!
Top Personal Fraud
Schemes
Based on Yahoo Internet Life
Assessment
Top Schemes
Identity Theft
Work at Home Fraud
Credit Card Fraud
Medical Treatments / Weight Loss
Chain Letters
Multilevel Marketing
Free Goods
Bioterrorism Products
Auction Fraud
Top Schemes
Advance Fee Loans
Credit Repair
Vacation Prize Promotion
Advance-Fee Fraud
International Sweepstakes
Web Cramming
Common fraud mechanisms
Acquiring key pieces of someone’s
identifying information in order to
impersonate them

Name

Address

Date of Birth

SSN

Mother’s maiden name

Account Numbers
Frauds

Take over financial accounts

Open new bank accounts

Applying for loans

Applying for credit cards

Applying for social security benefits

Purchase/Sell cars & merchandise

Renting apartments





Renting apartments to further other
criminal enterprise
Establishing services with utility and
phone companies
Forge/Counterfeit Checks
Fraudulent use of stolen credit
(checks/credit cards/etc)
Commit crimes in another name
How They Do It
Use low and high tech methods
Shoulder surfing at ATMs
Steal your mail
Stealing your pocketbook/wallet
Dumpster diving
Corrupting employees with access to
data
Check washing
Check creation software
Hacking
Unlawful entry, trespass, damage to
computer systems
Leaving/taking/changing information on
the computers that are infiltrated
Computer Viruses
Computer programs that can damage
computer systems
Virus’s spread from one computer to
another via media, network, internet
Virus Software protects your computer
(Norton, McAfee, PCcillin and Others)
Updates – ensure your software is
updated at least weekly
Web Page Fraud / Phishing
“Nigerian” Letter Scam
Protecting Yourself Businesses
Business Exposure
Hardware theft
Software theft
Data theft
Data corruption
Loss of competitive/proprietary information
Loss of employee productivity
Business Fraud Damages
Your reputation
Productivity
Profitability
Cost of Workplace Fraud
$400 billion annually according to the
Association of Certified Fraud Examiners
Insurance Fraud alone = $120 billion
Approximately 6% of a companies annual
revenue is lost to fraud
Preventing Internal Fraud –
Your #1 Exposure
Hiring practices
Know your people
Treat people fairly (FBI Espionage
Examples)
Implement and maintain controls
Require countersignatures & stamp
incoming checks “deposit only”
Have a code of ethics
Conduct random audits
Use passwords protection and encryption
Avenues of Deception
Live – insiders and associates
Social engineering attack
On-line
Policies
Have a policies
Post the policies
Enforce the policies
Make it known that you enforce the
policies
Revisit the policies regularly
Response Procedures
Have an incident response protocol
Practice it
Keep good logs, even it it costs you a bit
more to store them
Train your response personnel
Develop a relationship with law
enforcement and security vendors
BEFORE an incident occurs
Check Fraud
Risk





Checks stored with other material
accessible to unauthorized employees (or
individuals).
Maintenance & service personnel have
access to that area.
Both blank checks & outgoing written
checks are left unattended.
Creates employee temptation.
PR aspect of fraudulent checks with your
company name on them being returned to
victims.
Check Fraud
Prevention Measures:



Store blank check stock in a controlled
area.
Consider dual access controls
Consider a computer program to print
blank checks from blank stock
Be sure to enforce the computer
access controls
Review/delete bank authorization
immediately after Employees leave the
department.
Accounts Payable
Controls
Risk:

Improper wire, ACH or check payments
Internal fraud payments


Register states one payee;check another
Counterfeit bills
Prevention Measures:



Use an established institution for
conducting ANH & wire transaction
Establish a secure electronic transaction
system with dual signoff required
Pre-establish daily you’re a/P issue report
Other Suggestions:
Encourage employees to use direct deposit
If an employee check is lost or stolen, be
sure that they notify payroll immediately.
Place a stop payment on the check.
Purchase quality checks with security
features:


Void feature if someone tires to copy your
check.
Chemical-sensitive paper with background
patterns to reduce the risk of alterations.
Other Suggestions:
Conduct employee screening check
 Social security check
 Reference checks (verify phone
numbers)
 Credit check
 Criminal check
Document, train & enforce
personnel policies & procedures
On the Business Side…
People will try to defraud you of your products
and money
Insist on full address and phone information on
all orders – and verify it
Do not accept orders with free e-mail accounts
as the return address
Use automated IP checking
Beware of new payment methods like virtual
checks until they have been fully accepted and
tested
How to respond to a payment
Fraud
Check Fraud
 Contact Account Officer immediately
 If a check or draft item, obtain a copy of the
front & back of the item
 Identify all “hands” that handled the check
(Internally & externally for the investigation).
 File a police report;provide a copy to your
Account Officer
 Obtain & complete an Affidavit of Forgery for
each item (Provided by Account Officer)
 Notify your insurance carrier (if applicable)
 Anticipate 60-90 days to process claims
How to respond to a payment
Fraud
Employee fraud with loss:


Consider filing a 1099 for the amount of
the loss (You have 3 years to file)
Consider offering the employee the option
to pay over time within three years at a
defined pace to avoid tax filing & related
tax consequences
ACH Debit Fraud
Contact your Banking Account Officer
immediately


Account Officer can initiate an
“unauthorized transaction” return
Account Officer can provide transaction
detail, including the identification of the
originator to enable you to approach the
originator directly for repayment (be sure
to ask for proof of authorization).
ACH Debit Fraud
File a police report; provide your
Account Officer with a copy.
Notify your insurance carrier, if
applicable
Expect 60-90 days to process claims
If an employee fraud with a loss:

Consider filing a 1099 for the amount of
the loss
Wire Transfer Fraud:
Notify your Account Officer immediately
 It may be possible for the Bank to request the funds to
be returned to your account, if the receiving account has
not used the funds.
 Be prepared to provide enough detail to your Account
Officer to identify the wire transaction
Your Bank account number
Date transaction posted to your account
Dollar amount
Currency exchange sued
Transaction reference number
Receiving beneficiary's Bank name & beneficiary's
name
Wire Transfer Fraud:
Bank will likely start the process of
requesting the funds from the bank that
initiated the wire
If a series of banks were involved, the transaction
must be processed in reverse order thru each bank
Shut down the vulnerability that allowed the
fraud to occur!




De-activate the breached PIN
De-activate the User ID/Password
Block the account for wire activity
If your account number was compromised,
transfer to a new bank account number
Wire Transfer Fraud:
If the Bank is unable to collect, you may
have a loss.
If the fraud was accomplished by your
employee:

Consider filing a 1099
Safeguarding Your Assets
Make security of information & accounts
a primary concern
Timely identification is critical
Contact your financial institution as
soon as you suspect anything
Financial institutions can assist with
services to help you effectively manage
these risks
Card Present
Key Entered Transaction
Higher risk of
accepting a
counterfeit card.
Check expiration
Date
Make imprint
Check terminal
Obtain signature
Match the account
number – front to
back
Verify Signature
Card Present – Unsigned
Card
Request a signature – Ask cardholder to
sign card & provide current government ID
Check signature on card to ID
Card Not Present
Obtain an authorization
Verify the card’s legitimacy
Use fraud prevention tools
 3 digit security code
 AVS
Still questioning the transaction
 Call your bank
 Check telephone number
 Hold item
e-Commerce
Payment Card Industry Data Security
Standard
 Build & maintain a secure network
 Protect cardholder data
 Maintain a vulnerability management
program
 Implement strong access control measures
 Monitor and test Networks
 Maintain an information security policy
Verified by Visa & MasterCard SecureCode
Employee Accountability
Fraud prevention training
Posting fraud prevention reminders
Prevent employee fraud scams
Offering rewards/incentives
Potential Signs of Fraud
First time shoppers
Larger then normal
orders
Orders include
several of the
same items
Rush or overnight
shipping
Shipping to
international
address
Transactions with
similar account
numbers
Multiple cards from
a single IP address
Potential Signs of Fraud (cont.)
Orders using free email services
Orders using relay
call service
Purchasing a lot
without regard to
size, style, color or
quality
Makes purchases,
leaves the store,
and returns to make
more purchases
Makes large
purchases right at
the opening of the
store or the closing
Customer requests
additional charge to
card & then wire
funds to another
Countermeasures
Computer Security
Up-to-date operating system patches
Virus Protection
Firewall


Hardware
Software
Preventive Actions
Promptly remove mail from your mail box or
public areas
Deposit outgoing mail in post office collection
mail boxes or at your local post office

Do not leave in unsecured mail receptacles
Never give personal information over the
telephone unless you initiated the call
Shred pre-approved credit card applications,
credit card receipts, bills and other financial
information you don’t want
Empty your wallet/purse of extra credit cards
and IDs
Preventive Actions
Order your credit report from the three credit
bureaus once a year to check for
discrepancies
Never leave receipts at bank machines, bank
windows, trash receptacles, or unattended
gasoline pumps
Memorize your SSAN and all your passwords
Sign all new credit cards upon receipt
Preventive Actions
Save all credit card receipts and match
them against your monthly bills
Be conscious of normal receipt of financial
statements

Contact sender if they are not received on
time
Preventive Actions
Notify credit card companies and financial
institutions in advance of any change of
address or phone number
Never loan your credit cards to anyone else
Never put account numbers on post cards or
on the outside of an envelope
If you applied for a new credit card and it hasn’t
arrived in a timely manner, call the bank or
credit card company involved
Preventive Actions
Report all lost or stolen credit cards
immediately
Know your expiration dates

Contact issuer if replacements are not
received promptly
Personal Preventive Actions
Beware of mail or telephone solicitations
disguised as promotions offering instant
prizes or awards designed solely to
obtain your personal information or credit
card numbers
Get a locking mailbox….
Internet and On-Line Services
Use caution when disclosing checking account
numbers, credit card numbers or other personal
financial data at any web site or on-line service location
unless you receive a secured authentication key from
your provider
When you subscribe to an on-line service, you may be
asked to give credit card information
 When you enter an interactive service site, beware
of con artists who may ask you to “confirm” your
enrollment service by disclosing passwords or the
credit card account number you used to subscribe
Credit Reports
Who to contact:
Equifax
P.O. Box 105873
Atlanta, GA 30348-5873
Telephone: 1-800-997-2493
Experian Information Solutions
(Formerly TRW)
P.O. Box 949
Allen, TX 75013-0949
Telephone: 1-800-397-3742
TransUnion
P.O. Box 390
Springfield, PA 19064-0390
Telephone: 1-800-916-8800
Action Steps For Victims
Contact all creditors, by phone and in writing, to inform
them of the problem
Call your nearest Postal Inspection Service office and
your local police
Contact the Federal Trade Commission to report the
problem – www.ftc.gov/idtheft
Call each of the three credit bureau’s fraud units to
report identity theft

Ask to have a “Fraud Alert/Victim Impact” statement
placed in your credit file asking that creditors call
you before opening any new accounts
Alert your bank to flag your accounts and to contact
you to confirm unusual activity
Action Steps For Victims
Request a change of PIN and new password
Keep a log of all contacts and make copies of all
documents
You may also wish to contact a privacy or consumer
advocacy group regarding illegal activity
Contact the Social Security Administration’s Fraud
Hotline
Contact the state office of the Department of Motor
Vehicles to see if another license was issued in your
name

If so, request a new license number and fill out the
DMV’s complaint form to begin the fraud
investigation process
Complaints Per Year
1992
35,000
1998
550,000
2005
2 Million
Est.
Federal Trade Commission
Federal Trade Commission
Helpful Links
Federal Trade Commission
http://www.ftc.gov/bcp/conline/pubs/credit/i
dtheft.htm
Internet Crime Complaint Center
http://www1.ifccfbi.gov/index.asp
State Laws pertaining to Identity Theft
http://www.identityrestoration.com/state_la
ws.htm
Deputy Chief Michael
Schirling
Burlington, VT Police
VT Internet Crimes Task Force
1 North Avenue
Burlington, VT 05401
(802) 658-2704 x131
mschirling@bpdvt.org