ralph gagliardi traci schwartzbauer...cbi – sections investigations forensic services •...
TRANSCRIPT
Identity Theft, Fraud & Cyber Crime Units
Ralph Gagliardi Traci Schwartzbauer
CBI CSP DCJDFPC
DHSEMCICJIS SSRC
CBI – SECTIONSInvestigationsForensic Services
• Collection, Preservation, and Analysis of Evidence Found at the Crime Scene.• Dedicated Forensic Scientists Will Work With Each and Every Agency in Order to Provide Timely and Accurate Results.
InstaCheck Identification Crime Information Management Unit (CIMU)
CCIC, NCIC, CO State Sex Offender RegistryMaintain and Update all Information Stored in the Automated Fingerprint Identification System (AFIS)
CBI - Investigations UnitIdentity Theft / Fraud & Cybercrime• ID Theft / Financial Crime• Cyber Crimes• Victim Assistance
Gaming• Gaming / Organized Crime
Marijuana• Black Market Marijuana Enforcement
Sex Offender / Fugitive• Fail to Register SXO & Fugitives
Major Crimes• Death Investigations • General Crimes• Cold Case• Missing Persons (Amber Alerts)• Human Trafficking
Task Force / Offsite • JTTF – Joint Terrorism Task Force• Safe Streets Task Force• Front Range Drug• RMRCFL – Computer Forensics
TRENDING NOW !!!!!
BUSINESS EMAIL COMPROMISE
Business Email Compromise (BEC) is a sophisticated scam targeting businesses and individuals who regularly perform wire transfer payments
The scheme compromises email accounts to conduct unauthorized fund transfers to a bank account(s) the fraudsters control
BUSINESS EMAIL COMPROMISE
Businesses Affected:Public & Private
City / County / State Title Company / Real Estate Transactions Law Offices CPA / Bookkeeping Firms Any Business or Person – who routinely wires money
Weak Link is YOU!
Fraudsters are depending on our habits. They do their homework about YOUR (office /corporate information).
They count on the email recipient doing many things at once and not taking the time needed to be certain whom they are communicating with.
Don’t be so Quick to Click!
Scams Can Include: WIRE FRAUDPHISHING (Spear Phishing) 92 % of Every Breach!MALWARE – RansomewareROMANCE SCAMS Other INTERNET SCAMS (work from home etc…)W-2 FRAUDPAYROLL DIVERSION
Don’t be so Quick to Click!
Scam Tactics – Used to Get Your Attention!!
Tactics - Get Your Attention!! Social Engineering Open Source Research Identity Theft - Past Breaches (Passwords Same?) Phishing - Spear Phishing - 92% of EVERY Breach
‾ Fake Links ‾ Malware ‾ Gather Credentials
RISK VS. REWARD
Average Amount of Money Stolen in Bank Robbery?
Risk vs Computer Enabled Crime “CYBER CRIME”
BUSINESS EMAIL COMPROMISE
Losses According to the FBI:
$2.9 billion - U.S. victims (October 2013 thru May 2018)
$12.5 billion - Globally (October 2013 thru May 2018)
Real estate scams increased 1,100% 2015 to 2017
BUSINESS EMAIL COMPROMISE
Reported U.S. losses due to Business Email Compromise scams targeting the real estate industry, shown quarterly, with peak losses indicated. (Source: IC3)
Ransomware - Malware
BUSINESS EMAIL COMPROMISE
Tactics - Get Your Attention!! Social Engineering Open Source Research Identity Theft - Past Breaches (Passwords Same?) Phishing - Spear Phishing - 92% of EVERY Breach
‾ Fake Links ‾ Malware ‾ Gather Credentials
Romance ScamWooing Begins Immediately• Promises of Love / Marriage• Excuses as to why can’t meet in person• Ask to Send Money For a Phone Help a Family Member
Her Own MoneyMoney Mule – Open Bank Account ($$$$ From Other Scams)
Accept Packages / Re-Ship
Payroll Diversion - Vender Impersonation
Cybercriminals Target – via Phone or Email: Employees / Employers Human Resources
They want YOU to change bank account information!
Utilize: Phishing emails – (Capture creds or Malware Installed) Spoofed emails (or Fax) Social Engineering
From your HOME or PERSONAL accounts - Hulu?
Selling Agent
Assistant
Buyer One
Buyer Two
Listing Agent
Assistant
Seller One
Seller TwoMortgage Lender
Loan Officer
Processor
Closer
Title CompanyExaminer
Closer
Processor
Transaction Coordinator
BUSINESS EMAIL COMPROMISE
REAL FAKE
[email protected] [email protected]
[email protected] [email protected]
Hover Over ‘From’ NameFrom:Date: January 24, 2018 at 3:08:25 PM ESTTo: Subject: Re: Parking Meters
Display name is:“[email protected]” or “Jim”
Email is actually:“[email protected]” - Bad
John Smith
Hover Over ‘From’ NameFrom:Date: January 24, 2018 at 3:08:25 PM ESTTo: Subject: Re: Parking Meters
John Smith
Display name is:“[email protected]”
Email is actually:“[email protected]” - Bad“[email protected]” - Bad
Take Quick Action for Return of Fund$!
BEC Victim Should Gather & Be Ready to Provide:◦ E-mail requesting funds - with wiring instructions◦ E-mail headers and IP’s (Request they get assistance from their I.T. or other trusted expert)
◦ Ensure victim has contacted their bank!
Email to CBI: [email protected]: ReportWireFraud.com
Report to:FBI website is: www.ic3.govFTC website is: www.ftc.gov
What Does The CBI Do?
• Take Quick ActionReporting through Email / Website
• Communication with Bank – All HopsUtilize proper LE Bank Contacts
• EducationWebinars – Flyers – Target Audience
• Persistence / DiligenceNo Loss Threshold, No Time Limit
• Make banks aware - Even When Funds Have Not Been Sent• PREVENT Other Victimization
• Return of Funds• Hold Harmless / Letter of Indemnification• Court Order / Seizure Warrant• Communication with Victims and Banks
• FBI – Financial Fraud Kill Chain• Over $50k• U.S. Bank to Overseas• Occurred within last 3 business days
What Does The CBI Do?
BUSINESS EMAIL COMPROMISE
Number of Victims Attempt Loss
Loss Recovered
Recovery Percentage
FY 16 16 $1,219,203 $1,051,873 $427,154 40.61%FY 17 17 $2,699,060 $542,102 $470,800 86.85%FY 18 36 $6,314,025 $5,174,221 $4,667,121 90.20%
FYTD19 59 $12,078,832 $7,979,021 $6,996,453 87.69%Total 128 $22,311,120 $14,747,217 $12,561,528
As of May 29, 2019
Business Email Compromise
PREVENTIONNEVER EVER EVER – Provide: Money, credit card, social security number or other identifying information over the phone or via the internet.
TRUSTED SOURCEWho called who?How? Why?
PREVENTIONTraining and Policy/ProceduresFollow it! Continued and frequent training / remindersLook for abnormalities in email Be aware of subtle changes in email addressesNotify – Employees and Customers/Vendors what you WILL and WILL NOT do
Policy on?Requests for Bank Account ChangesRequests for PII - W2’s etc…Contact - in person / on the phone - Last known numberCEO / Execs need to have buy-in
Establish Policy and Follow it!!!!
PREVENTIONEmailUtilize I.T. for best practices
Do not use “Reply” – use “Forward” – address from contact list
Who is email sender?Hover over the ‘From’ in the email name display to see addressLook closely at the email address for subtle changes
PREVENTIONEmailBe Aware of Other IndicatorsUnusual grammar or phrases In your service – Blessed Day - Kindly
Odd TimesSense of UrgencyOther Oddities?
PREVENTIONEmail
PREVENTIONPasswords:Don’t use the same one for all of your accountsUse sentences, phrases, lyrics, etc. to be able to remember longer passwordsPassword Manager
Two-Factor Authentication:A second authorization must be provided before signing in, or before transfersAvailable on everything from Gmail to bank accountsThink about how to build this into all of your accounts and your
interactions with clientsPersonal & company accounts
PREVENTION• Careful Clicking: Embedded malware
• Public Wi-Fi:Do not “auto connect”Connect to secure websites and appsRefrain from banking activities in an unsecured environmentKey loggersVPN – How and why to use themhttps://www.privateinternetaccess.com/pages/how-it-works/VPN/Proxy/Tor: What happens to your stolen data
PREVENTIONEMAIL AUTHENTICATION: • Email authentication technology makes it a lot harder for a scammer to send phishing emails
that look like they’re from your company.
• Allows a receiving server to verify an email from your company and block emails from an imposter — or send them to a quarantine folder and then notify you about them.
WHAT TO KNOW• Your domain name might look like this: yourbusiness.com. And your email may look like
this: [email protected]. Without email authentication, scammers can use that domain name to send emails that look like they’re from your business. If your business email uses your company’s domain name, make sure that your email provider has authentication tools.
PREVENTION:
QUESTIONS?
Thank you!
Ralph Gagliardi, CFEAgent in Charge
ID Theft & Fraud / Cyber Unit303-239-4287
Traci Schwartzbauer, CFEAgent
ID Theft & Fraud / Cyber Unit303-239-4656
Email to CBI: [email protected]: ReportWireFraud.com