Tag Archives: Cyber Crime

Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

Batten Down the Hatches: Watch Out for Whale Phishing

Posted on by

Many risk managers and corporate counsel are in a quandary over the latest crime wave to strike businesses—a flood of incidents involving what is known as whale-phishing. This occurs when criminals use a combination of emails and phone calls to perpetrate a fraud and scam companies out of large sums of money through fraudulent wire transfers.

Here is how a typical whale-phishing episode unfolds. A perpetrator sends a “spoofed” email (indicating it came from an email address other than the one that was actually used) to a company employee.  The spoofed email address is usually that of a senior company official, which is why the term “whale” is attached to these phishing emails.

The email message is usually sent to a mid- or lower-level manager in the finance department or person with access to banking funds.

buy cozaar online shadidanin.com/wp-content/uploads/2023/10/jpg/cozaar.html no prescription pharmacy

 The email is typically worded as “highly confidential.” The perpetrator often selects an employee who has had minimal contact with the senior executive whose email address is spoofed. Thus, the employee will not be familiar with the executive or his or her mode of interacting with employees on fund transfer matters.

The spoofed email message typically refers to a “project” for which significant funds are required immediately, but emphasizes that the funds need to be transferred discretely. The message also informs the individual handling the transaction to expect a phone call from a trusted official outside the company, typically an attorney or accountant, who will provide instructions for transferring the funds.

The employee gets the follow-up call and usually transfers the money. Once funds are transferred, if the scam goes undetected, a second email is sent from the same executive thanking the employee for helping with the transaction and providing instructions for the next transaction.

buy imodium online shadidanin.com/wp-content/uploads/2023/10/jpg/imodium.html no prescription pharmacy

Another call is placed to the employee, who then unwittingly arranges the second, often significantly larger, transfer of funds. This process continues until the fraud is detected.

At that point, however, the transferred funds and the perpetrators usually are long gone. These criminals are difficult to apprehend, and their accounts are almost impossible to trace.

buy flexeril online shadidanin.com/wp-content/uploads/2023/10/jpg/flexeril.html no prescription pharmacy

The challenge for the risk manager then becomes trying to collect on a crime insurance policy. Unfortunately, however, insurers have been denying coverage.

With respect to crime/fidelity insurance, there often is some policy language pertaining to losses due to computer fraud. Since a portion of the scheme is carried out via a telephone call or fax, insurers contend that the fraud was not perpetrated by a computer.

Insurers also have issued denials based on their contention that the email is not a financial instrument and/or the email does not constitute a forgery of a financial instrument. Furthermore, they point out that in these situations a company employee, not an outside perpetrator, was directly responsible for the loss.

As the number of whale-phishing incidents continues to increase, risk managers and their brokers need to confirm with their insurers that they expect these types of losses to be covered under their crime insurance policies. Indeed, policy language should be reviewed carefully in this context.

To help prevent such frauds, senior leadership and all individuals with access to company bank accounts need to be made aware of the potential for such scams. Procedures should be in place to validate any and all requests for money transfers and there should be adequate redundancy in the approval process that takes place outside of email.

Be forewarned and prepared; phishing scams are out there and they can lead to large losses.

Home Depot Confirms Massive Data Breach

Posted on by

Home Depot Data Breach

On Monday, Home Depot confirmed that a breach of its payment data systems may have exposed customer card data across the United States and Canada. The breach appears to have begun in April, allowing hackers to steal an untold amount of shopper information including credit card numbers.

online pharmacy ocuflox with best prices today in the USA

The home improvement giant disclosed on Sept. 2 that it was investigating reports of “unusual activity” and, a week later, determined that any customers who used a card in the U.S. or Canada is at risk, though the breach does not appear to impact shoppers online or at retail stores in Mexico. In an official statement, the company assured that no one would be held responsible for fraudulent charges and offered free identity protection services, including credit monitoring, to anyone who has shopped at one of its locations since April.

As with the massive Target data breach, the Home Depot news was first broken by cybersecurity journalist Brian Krebs. The data went up for sale on rescator. So, the same underground store that sold credit card information from the Target and P.

online pharmacy zoloft with best prices today in the USA

F. Chang’s breaches, and may have been stolen by the same group of hackers. Krebs reported, “In what can only be interpreted as intended retribution for U.S. and European sanctions against Russia for its aggressive actions in Ukraine, this crime shop has named its newest batch of cards ‘American Sanctions.’ Stolen cards issued by European banks that were used in compromised U.S. store locations are being sold under a new batch of cards labeled ‘European Sanctions.'”

Given the five-month duration, this breach may be many times larger than the Target attack, which exposed 40 million credit and debit cards and the personal data of 70 million customers in three weeks. The Target breach led to the resignation of its CEO and cost the company almost $150 million in the second quarter alone, according to the New York Times. In fact, the toll may reach ever higher. “I don’t see how they’re getting out of this for under a billion, over time,” John Kindervag, the vice president and principal analyst with Forrester Research, told the Times, adding, “$150 million in a quarter seems almost like a bargain.” Beyond the company itself, Javelin Strategy and Research reported at the time that total damage to banks and retailers could surpass billion, and consumers could be liable for more than billion in uncovered losses and other costs.

online pharmacy clomid with best prices today in the USA

One of the most promising ways to increase point-of-sale security is through the adaptation of EMV chip technology, as discussed in the March issue of Risk Management. In Europe, 81% of cards have EMV chips, and countries that have adopted the technology saw sharp declines in credit card fraud. In England, for example, the amount of fraud per transaction has dropped 57% since 2002, while it has risen almost 70% in the United States over the same period, according to consulting firm Celent. As part of its breach response, Home Depot announced plans to escalate adoption of EMV, installing “chip and PIN” checkout terminals throughout its U.S. stores by the end of the year. Target made a similar move in April, saying that it will issue its branded REDcard credit, debit and co-branded credit cards with MasterCard chip technology beginning next year.

New Studies Highlight Sources, Patterns of Data Breach—And How to Do Better

Posted on by

Three recent studies provide a great reminder of the threats of data breach—and the role workers and IT departments play in either maintaining a company’s defense or letting malware storm the gates.

In its 2014 Data Breach Investigations Report, Verizon identified nine patterns that were responsible for 92% of the confirmed data breaches in 2013. These include: point of sale intrusions, web application attacks, insider misuse, physical theft/loss, miscellaneous errors, crimeware, card skimmers, denial of service attacks, and cyber-espionage. They have also identified the breakdown of these patterns in various industries, highlighting some of the greatest sources of cyber risk for your business:

Verizon Data Breach Investigations Report

Verizon’s report also offers specific information about the patterns and advice on how to respond to them.

Many sources of vulnerability come from within, and there is less variation than you might expect in terms of who the riskiest workers may be.

buy atarax online www.handrehab.us/images/patterns/jpg/atarax.html no prescription pharmacy

A survey by the Pew Research Center found that 18% of adults have had important personal information stolen online, including Social Security number, credit card, or bank account information—an 8% increase from just six months ago. Further, 21% of adults who use the internet have had an email or social networking account compromised. Two groups that make up a large part of the workforce were hit particularly hard during this period: young adults and baby boomers. The percentage of individuals in these groups who had personal information stolen online doubled between July 2013 and January 2014.

buy symbicort online www.handrehab.us/images/patterns/jpg/symbicort.html no prescription pharmacy

stolen personal data by age

But as this chart shows, all age ranges have experienced a significant amount of data theft as of the beginning of the year.

Indeed, according to meetings-software company TeamViewer, 92% of IT administrators have seen troublesome habits among office workers using company computers. These risky behaviors are frequently known to open the work system to viruses or other malware, including:

  • Browsing social media websites (reported by 82% of IT admins)
  • Opening inappropriate email attachments (57%)
  • Downloading games (52%)
  • Plugging in unauthorized USB devices (51%)
  • Plugging in unauthorized personal devices (50%)
  • Illegal downloads, such as pirated movies, music or software (45%)
  • Looking for other jobs (39%)

Further, nine out of 10 IT administrators reported witnessing problems to company equipment because of these actions, including viruses (77%), slow computers (74%), crashed computers (55%), mass popups (48%) and inability to open email (33%). Not only do these behaviors leave corporate infrastructure at risk, but they may endanger the overall HR program, as a vast proportion of IT workers report feeling frustrated, angry and discouraged.

buy xenical online www.handrehab.us/images/patterns/jpg/xenical.html no prescription pharmacy

Up to 12% even said that they were considering quitting over these bad behaviors and increased strain on the IT department.

So what can you do? Administrators agreed that better security software, using remote access to fix problems, installing disk cleanup software, integrating automatic backup solutions, and offering the ability to telecommute would all help mitigate these issues and make their jobs easier.

U.S. Fraud Up, Prevention Down

Posted on by

Although fraud has increased for U.S. organizations in the past two years—45% of U.S. organizations experienced fraud, compared to a global average of 37%—companies are doing less to prevent fraud than in 2011, according to a survey by PricewaterhouseCoopers.

The Global Economic Crime Survey 2014 found that the less proactive approach was consistent with the upward trend in economic crime in most fraud categories since 2011. Slightly more than half (53%) of organizations performed fraud risk assessments annually or more often, a significant drop from 70% of organizations that performed fraud risk assessments annually or more in 2011.

The report also found that the most serious economic crime experienced by U.S. respondents within the past 24 months was more likely committed internally (50%) than externally, (44%), but that external fraudsters are closing the gap. This trend is consistent with more organizations engaging in business opportunities in high-risk markets.

“The United States has proved to be fertile ground for domestic economic crime in recent years. Catastrophic coastal events on the Eastern and Gulf coasts have generated rampant insurance fraud that squanders taxpayer dollars and undermines community relief and reconstruction efforts. Farther inland, natural gas exploration and fracking have led to boom towns sprouting overnight in places like North Dakota, Wyoming, Utah, and Texas. Many of these towns do not have the infrastructure or governance capability to handle the influx of people, and crime, that inevitably accompany boom-town dynamics.

Land lease and mineral rights agreements, zoning ordinances, permits, and licenses have become particularly vulnerable to exploitation.” PwC Global Economic Crime Survey 2014

According to the report:

• More than half of U.S. organizations that experienced fraud in the past two years reported increased occurrences.

• 67% of U.S. respondents said their organizations now have, or plan to have operations in high-risk markets, compared to only 58% of global respondents.

• 57% of U.S. respondents said their organizations pursued opportunities in markets with high-levels of corruption risk within the past 24 months, versus 38% of global respondents.

Fraud levels are climbing:

• 24% of U.S. organizations that reported economic crime experienced accounting fraud in 2009. While this dropped to 16% in 2011, accounting fraud increased to 23% in 2014.

• In 2014, bribery and corruption doubled from 2011 levels of 7%, after dropping by more than a half, to 16% since 2009 PwC said.