Professional Documents
Culture Documents
Fraud and Cybercrime How To Protect
Fraud and Cybercrime How To Protect
& CYBERCRIME
HOW TO PROTECT
YOUR COMPANY?
Credit: Shutterstock
Hello Kate,
Regards,
Kate
1. Raise your team’s awareness about fraud, cyber risks and information dissemination risks.
Hold regular sessions (do not forget newcomers, short term employees) for various staff profiles: accounting, treasury, purchasing, P.A., etc.
11
1. Impersonation fraud
The three most frequent impersonation fraud schemes:
?
Fake CEO Scam Fake Vendor Scam
Credit: Shutterstock
kim@vendor.com
Hello,
Best Regards,
Shelia Bodo
18
19
Protect against fake vendor scam
?
Fake CEO Scam Fake Vendor Scam Fake Technician Scam
Credit: Shutterstock
Somewhere, abroad…
0 825 000.. Your e-banking will be migrating Could you please go to
Germany Mr Martin from BNP to a new version, and will be www.is.gd/migration so that I
Paribas speaking, unavailable for 72 hours. can proceed with verification.
do you remember me?
An
accountant
receives a
call…
Please enter your I have the control of your PC. I’m done. Wait 3 days before
session key 281 199 250. I’m checking the transfers… Go using your tool: meanwhile, send
for a coffee if you want! your payments by paper orders
Establish Support Connection
Type your name and the support key
received from your technician
Your Name: Support Key:
Credit: Shutterstock
Continue
- $355,087.11
Protect against technician scam
Awareness raising
Call-back procedure
Option: “RAT1”black listing
Anonymous Anonymous
Israel
?
China Poland Cyprus Latvia Bulgaria Hong Kong Czech Rep.
France
Germany Greece United Kingdom Slovakia Hungary Spain Estonia Belgium
…
Romania Macedonia Italy Slovenia San Marino Portugal Sweden Croatia Monaco Cambodia 30
2. Cyber fraud: a rising threat
Frequent phishing attacks…
1. Reception of emails… … or SMS
06/03/2014 07:26
Message from: “BNP Paribas” < @bnpparibas.com>
To:
Subject: BNP Paribas messages
Your mailbox
40
2. Cyber fraud: a rising threat
2. Theft of password 3. Theft of SMS validation code
41
2. Cyber fraud: a rising threat
1 3 5
invoice
invoice
credit transfer
2 4
43
Credit: Shutterstock
Regular login page Bogus page : signature request at login
OK OK
Ransomware alert BUT... BUT...
AN EMAIL WITH URGENT LET’S GO, I DON’T
WHAT'S THIS THING?
ANTIVIRUS UPDATE... HAVE ALL DAY...
46
Protect against cyber fraud
Awareness raising
Good “IT hygiene”
Segregation of duties1
Frequent secured backups2
… And if possible, blocking VBA attachments
1. If possible, use offline validation (e.g. one-time password) and raise user awareness against fake validation pages
2. Regular backup, disconnected from your IT network, regularly tested to make sure it is not encrypted
48
3. Data theft: a major risk
Malware can steal:
Your browsing history
Your id and passwords (web banking,
webmail ...)
Your credit card numbers
Your contact information (address,
phone, email ...)
Your lists of customers and suppliers,
account numbers...
Awareness raising1
and culture of risk
Authentication
of correspondents2
Protection of files
To raise awareness: “Protecting
information” training kit
Credit: Shutterstock
1. Awareness in order to create a culture of risks, and identify sensitive information: be cautious when publishing info on social networks, over the phone, by email…
2. Verification procedures in case of sensitive solicitations (e.g. call-back to authenticate tax authorities requests, etc.)
53
4. Client risk, still at stake
Example: fake client fraud Example: supplier credit fraud
1. Order by a fake client (or a prospect) 1. Creation of a business relationship
2. Delivery at a bogus address and receipt of • Fraudster buys electronic devices from his victim
loaded trucks • Gradual increase in the amounts
3. Non-payment of invoices 2. Non-payment of the last delivery
• Provision of a copy of the credit transfer order
NB: affects particularly the businesses of the agri-food • Cancellation of the transfer order
industry
• Materials sent abroad
• Insolvency
NB: many other client frauds: supplier credit based on false information,
fake payment means (counterfeit money, loyalty card scam…)
54
4. Client risk: collection risks
Collection means Risks (client frauds…) Collection guarantee Recommendation
+ CREDIT TRANSFER Very low (rare cases of At account credit To be favoured when possible
cancellation or dispute) (within 24 hours)
B2B DIRECT DEBIT Very low (rare cases of At account credit To be favoured when possible
cancellation or dispute) (within 24 hours)
CARD (WITH PIN Low (commercial contestation At account credit Best solution for point of sales
OR 3D SECURE) up to 13 months – mostly foreign cards) (within 24 hours) and e-commerce
BILLS OF Medium (risk of unpaid bill After ~ 15 days, even in To be used with trusted
EXCHANGE and commercial dispute) case of bill discount clients only
Trust
STANDARD DIRECT Medium (repudiation within 8 weeks without motive, After 8 weeks For trusted clients, moderate
DEBIT contestation for mandate nullity within 13 months) amounts, service offering…
CASH Medium (counterfeit money, theft of cash After 72 hours following Amount < €1,000
at point of sale or during transportation) the remittance to bank (15.000 for foreigners)
CARD (WITH NO PIN, High (repudiation within 8 weeks After 13 months To be used with trusted clients,
AND NO 3D SECURE) without motive) duly authenticated
CHEQUE High (rubber cheque, cheque theft After 15 days* To be used with trusted clients,
- and falsification, overpayment scams…) duly authenticated
* Loss / theft: 8 days - Fraudulent use: 10 days - Signature not in conformity / falsification / false / irregular or missing endorsement / obligatory mention absent: 60 days - Insufficient provision: the alert for insufficient provision occurs during the presentation for payment to the sending bank, which must inform the 55
issuer of this and invite him to regularize the position of his account. A period of 24 or 48 hours is quite commonly practiced by the banks, but the latter may last up to 7 days depending on the practices of the bank of the issuer of the check.
Protect against client fraud
1. Written procedure in case of receipt of order, request for quotation or request for opening a customer account, for example: call-back upon receipt of the order - In case of foreign country, check by two channels - Use
safe contact, not those contained in the order, not by replying to the email - verify the email address of the request carefully ...
56
5. Internal fraud: most frequent cases Purchasing Fraud
Fake invoice, fake supplier…
20% Theft of receivables
Cash, cheques, Ponzi
Sources: PwC 2014 Global Economic Crime Survey – Association of Certified Fraud Examiners
schemes, fake discount… Asset Theft
Sources: PwC 2014 Global Economic Crime Survey – Association of Certified Fraud Examiners
Supply, tangible and
intangible assets
15%
Expense Reimbursements
10%
Unaccounted sales
Outgoing cheque
Payroll Fraud tampering
Fake employee,
fake timesheets…
5% Falsified Payments Receivables
transfer
Probability >
Procedures and
segregation of duties
Accounting follow-up
and bank reconciliation
Limitation of the means of
payment in circulation
Corporate Card, Purchasing Card, Virtual Card,
Secured Cheque Letter©, Chèque Confiance©,
Credit: Shutterstock
IBAN Check
Training kits 65
Protect your business
Fraud is not inevitable: corporates can protect themselves
4. Make good use of 5. Use improved 6. Build corporate
1 2 BANK 3
NOTIFY YOUR CONTACT YOUR FILE A
MANAGEMENT AND BANK COMPLAINT WITH
PRESERVE EVIDENCE IMMEDIATELY THE POLICE
• Before it happens, train your staff to ensure they react appropriately in case of fraud
• Ask your legal department to be prepared to file complaint in the beneficiary’s country if necessary
• Check issued transfers every day, with special attention to high-risk countries
…
China HK Poland Cyprus Latvia Bulgaria UK Hungary Czech Rep. Greece Slovakia Spain Estonia Belgium Turkey Lithuania Netherlands Austria Norway Switzerland Germany Denmark Romania Macedonia Italy Slovenia San Marino Sweden Croatia Singapore Portugal Monaco
Credit: Shutterstock