Airtight fraud prevention is not possible but just how vulnerable are we if thieves can heist $45 million in a matter of hours?
We recently got a taste of the possible consequences of unchecked hacker prowess following an ATM scam of catastrophic proportions. An international group of thieves managed to walk away with money from the prepaid debit cards of innocent users in countries all over the world.
U.S. Attorney Loretta Lynch announced charges against eight defendants on Thursday. Thieves hacked into banks’ systems in the United Arab Emirates and Oman to increase the amount available on pre-paid MasterCard debit cards. Then they used those cards to withdraw money from ATMs. This heist shows that cyber security in the global financial system is only as strong as the weakest link, and the weakest link in this an other breaches is usually a human being.
While the hackers were sophisticated in gathering and manipulating information within the banks, common criminals made the ATM withdrawals. Lynch described the group as a “virtual criminal flash mob.” Money.CNN.com states that during the first attack in December 2012, the New York group allegedly withdrew $400,000 in 750 separate ATM transactions in more than 140 different NY locations in less than three hours.
Though eight of the members involved have been caught and police throughout the world are working to put this right, the sheer technical scope of the attack shows how sophisticated hackers have become.
Ignoring fraud training as the foundation of your cyber security strategy is like counting on Google to educate your kids. Technology is a critical tool in the fight, but without well educated users, guided by knowledgeable teachers, the tools are a waste of your money.
Thanks to President Obama’s state-of-the-union plug for increased cyber security, the Chinese hacking of the New York Times and Wall Street Journal, and the hacking of a prominent celebrities, America is waking up to the tangible value of virtual data. Awareness is definitely the first step, but it is only the tip of the privacy iceberg. Just as in the age before the internet, the only thing keeping employees from selling secrets or participating in fraudulent activity are the human controls that discourage the practice. But it’s all the more hair-raising to think of the amount of digital secrets an employee has access to at any given time. The new tale of a Reuters journalist gone cyber-rogue adds a chilling wrinkle to the perils of protecting the data that keeps corporate profits ticking.
Businesses may already be rushing to protect their financial information, but other kinds of personal data are at risk, too. Case in point: medical records.
Big companies with huge profit margins might seem like the most attractive targets for identity theft and fraud. After all, what more direct way to get at your money? But there are other ways an outsider could infiltrate your personal data. Right now, security around healthcare information is a big concern, and fraudsters are lying in wait to pounce on gaps in the system.
Recently, the Montgomery Advertiser reported the story of National Guardsman Zane Purdy, who fell victim to a particularly nasty bit of fraud that cost him his high-paying job. Now he's a waiter making fewer than eight dollars an hour, barely enough to support his wife and two kids. Purdy's story is heartbreaking, and he's only one of the more than 800 people taken advantage of by the same criminal.
Fraud prevention isn't just about building a wall: It's about making sure you have the right bricks.
During tax season, anyone who sees your pay stubs or tax forms could put them to nefarious use, and could do so without you being aware. As former clients and relatives of one California tax preparer were shocked to find out recently, the stability of their "brick walls" against fraud were filled with weak spots.
Imelda Sanchez of California confessed to using the names and personal data of other people to file fraudulent tax returns. She also used other falsified tax documents to apply for a loan worth more than $1.5 million. Her sentencing is scheduled for May, when she could be slapped with a prison sentence upwards of 30 years or more. As a tax preparer, she was in a unique position to set this plan in motion. Sanchez could also be given a fine around $1.25 million – just a touch under the amount of money she tried to steal.
How sure are you that your company’s computers aren’t being used against you for purposes of fraud and identity theft?
Recently, Bloomberg.com reported a case in which Microsoft and the antivirus company Symantec joined forces to take down a massive botnet group. Known as Bamital, this ill-intentioned family of bugs is believed to originate from somewhere in Eastern Europe, and operated by distributing malicious software to unsuspecting computers. Once the targets had been infected, the hackers on the other end could take control of Web browsers and drive them wherever they wanted, re-routing searches and addresses to dubious websites that could infect them further.
According to the article, at least a quarter of a million computers were hit in this most recent attack. Globally, Bamital’svictims are reckoned to number in the millions.
Most inside fraud is committed using the barbecue approach – “low and slow.”
A recent study conducted by Carnegie Mellon University’s CERT Insider Threat Center examined 80 instances of insider fraud. What researchers discovered is that the most damage to companies and their clients was done when criminals pilfered small amounts over extended periods of time. This makes it easier for them to evade detection and cause serious harm.
If you’ve never watched the Food Network, low and slow is the best way to cook barbecue. Really, it’s the only way. You get the juiciest meat and best flavor. When miscreants apply this approach to fraud, they get the same result. There’s no sudden flare-up that catches anyone’s attention and they can usually make off with more of your money than if they tried for one big score. Fraud detection efforts have to account for this if they are to be successful.
The havoc wrought by insider fraud can have far-reaching consequences for both your company and clientele. Several recent examples have proven how damaging fraud can be in the financial sector. But, in truth, there isn’t a single industry today that can afford to forego implementing safeguards.
According to an article at online news source Bank Info Security, one such incident in Ohio earlier this month lead to the collapse of a credit union and a man being sentenced to 37 months in prison for loan fraud and money laundering. About a week prior, two former employees of Chemung Canal Trust Company Bank pleaded guilty to masterminding a seven-year embezzlement scam that cost the bank roughly $325,000.
Insider fraud, also known as friendly fraud, is a difficult topic for many businesses to tackle because it involves trusted employees betraying the companies they are supposed to be – and often appear to be – loyal to. However, the dangers are far too real to be ignored, and fraud detection must be a top priority.
Fraud Training Expert John Sileo has appeared recently on 60 Minutes, Anderson Cooper, Fox Business, Fox & Friends and in Newsweek and USA Today. He speaks around the world on the dark art of deception (identity theft, social engineering, fraud detection, manipulation defense, data breach, social media privacy) and the powerful use of trust. His satisfied clients include the Pentagon, FDIC, Pfizer, FTC, Blue Cross, among hundreds of others. Learn more about protecting your bottom line by training your organization on proactive fraud detection. Watch John perform a humorous but effective fraud training in front of an audience of thousands.
Get monthly strategies and tips for protecting yourself and your business delivered right to your Inbox. Signup now and you'll immediately receive John's 7 Survival Strategies for Starving Data Spies!
