Professional Documents
Culture Documents
Aly Aasi Notes 1.38 2.06
Aly Aasi Notes 1.38 2.06
Aly Aasi Notes 1.38 2.06
POINTS TO DISCUSS:
A. MOST COMMON SOCIAL ENGINEERING ATTACKS
B. FRAUD CONCEPTS: DEFINITION, ELEMENTS, AN FRAUD TRIANGLE/DIAMOND/PENTAGON
MODEL.
C. FRAUD PREVENTION, DETECTION, AND RESPONSE
- FIRST VIDEO PRESENTED: A PERSON INVITED A FEW OF THE WORLD’S BEST HACKERS TO TRY
AND HACK HIM TO SHOW WHERE HIS VULNERABILITIES ARE. THE HACKERS ARE ALLOWED TO
HACK USING A PHONE AND THE INTERNET – WITHOUT ANY CODE.
- THE FIRST SAMPLE THEY DID WAS CALLED A VISHING CALL. ACCORDING TO JESSICA CLARK, THE
SOCIAL ENGINEER HACKER, VISHING IS VOICE SOLICITATION TO EXTRACT INFORMATION OR
DATA POINTS THAT CAN BE USED IN A LATER ATTACK. TO ILLUSTRATE, JESSICA CALLED THE
HOST’S CELLPHONE PROVIDER TO SEE IF THE LATTER CAN GIVE HER HIS EMAIL ADDRESS.
- IT IS SURPRISING HOW THE PROVIDERS NOT ONLY GAVE JESSICA THE HOST’S EMAIL ADDRESS
BUT ALSO PERSONAL ACCESS TO HIS ACCOUNT – ALL WITH THE HELP OF A FAKE BABY CRYING
SOUND, A TAD BIT OF ACTING, AND PHONECALL.
- AFTER THE VIDEO PRESENTATION, SIR GERALD POINTED OUT THAT VISHING IS ONE OF THE
MOST COMMON ATTACKS THAT EXIST TODAY. ACCORDING TO HIM, VISHING IS A TYPE OF SCAM
IN WHICH A FRAUDSTER CONTACTS A POTENTIAL VICTIM OVER THE PHONE PRETENDING TO BE
SOMEONE, AND TRIES TO CONVINCE THEM TO SHARE PERSONAL INFORMATION.
- PHISHING, ON THE OTHER HAND, IS WHEN THE FRAUDSTER SENDS MESSAGES PRETENDING TO
BE A TRUSTED PERSON OR ENTITY.
- . SIR GERALD ADVISED THE VIEWERS TO ALWAYS BE MINDFUL AND VIGILANT, AS THESE
FRAUDSTERS ALSO TARGET THE INDIVIDUALS BUT ALSO EMPLOYEES IN THE ORGANIZATION, AS
THEIR WAY OF INTRUDING ITS NETWORK.
FRAUD PREVENTION
Management investigations
Stringent end-of-day reviews
Supporting departments (2nd line of defense)
Internal audit
RED FLAGS
Behavioral Red Flags
(does not necessarily say that they are fraudsters, but indicates that something is wrong)
o Living beyond means
o Financial difficulties
o Unwillingness to share duties
Mandatory leave – employee’s function can be transferred to another person
(habang nasa leave sya) as a control
o Irritability, suspiciousness, defensiveness
Opportunity Red Flags
o Rapid turnover of key employees
o Low control/fraud consciousness
Engagement Red Flags
o Missing/incomplete records
o Delayed recording/submission of records
o Conflicting Records
o Altered Records
FRAUD RESPONSES