Fraud and the Internet Sandra Peaston Deputy Head of Financial Crime and Strategic Intelligence 10 th February 2015
This evening’s presentation What is Cifas The Identity Fraud Problem Reeling you in – how phishing works Fraud in Hammersmith and Fulham How to avoid being a victim What to do if you are a victim
What is Cifas? Preventing fraud through confirmed fraud data sharing since 1988 A not-for-profit membership organisation – National Fraud Database and Internal Fraud Database Funded and driven by 300+ organisations (public and private sector) Data is shared across organisations and law enforcement under the Data Protection Act (1998) and The Serious Crime Act (2007) Fraud data is non-competitive: Shared benefits from communication, cooperation and collaboration to prevent crime £4.1 billion in reported fraud prevention savings in the last 5 years
Fraud in 2014 277,000 fraud cases identified - ▲ 25% 300,000 250,000 200,000 150,000 100,000 50,000 0 2008 2009 2010 2011 2012 2013 2014
Identity Fraud 114,000 cases of Identity Fraud recorded - ▲ 5% 140,000 120,000 100,000 80,000 60,000 40,000 20,000 0 2010 2011 2012 2013 2014
Identity Fraud and the Internet 4 out of 5 Identity Fraud are perpetrated over the internet Anonymity Volume Speed Electronic identity verification But online security helps to counter the threat takeover of existing accounts ▼ 38% Intelligent data sharing prevents fraud Software solutions e.g. Device recognition
Where does the data come from? Open source information – Company’s House, Land Registry etc. Staff insiders Database breaches Malware – malicious software You – Social Engineering
Social Engineering “Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information” Wikipedia – Social engineering (security) http://en.wikipedia.org/wiki/Social_engineering_(security) The weak link in the chain is often human
Phishing Phishing – social engineering by email To convince the victim to transfer money directly and or disclose personal information To capture credentials via fake (spoofed) websites To infect computers with virus’ in malicious webpages To infect computers with virus’ in attachments 1 in 392 emails in 2013 (1 in 414 in 2012)
Really not sophisticated
More sophisticated
Really clever
Common “tells” Not expecting the email Not registered with the website Broken formatting Spelling/grammar mistakes Not in the email recipient list Not addressed by name Email requires action – click on link/open file Message conveys a sense of urgency Hovering over the link shows a different destination http://www.actionfraud.police.uk/report_fraud
Hacks This is not new – these have been going on for years Attacks were to obtain intellectual property Now attacks are for: Fun Disruption IP theft Personal data theft 1,367 confirmed data breaches in 2013 globally Verizon 2014 Data Breach Investigations Report
ID Crime victims in London
ID Crime victims in Hammersmith & Fulham
Fraud in Hammersmith & Fulham 1,400 1,268 1,201 1,187 1,200 1,000 800 697 614 573 600 400 200 0 2012 2013 2014 Frauds Victims of ID crime
Avoid being a victim Keep your identity safe limit the amount of personal information you give away on social networking sites update your computer's firewall, anti-virus and anti- spyware programmes never share your passwords or PINs with others, and do not write them down use strong passwords and PINs don't use the same password or PIN for more than one account shred all your financial documents before you throw them away If someone asks for your personal details either online or on the phone, and you have doubts about why they need them, check first. If you're in any doubt, don’t disclose https://www.cifas.org.uk/avoid_being_a_victim
Avoid being a victim Keep your devices secure Encrypt your wireless network to the highest possible setting - ideally WPA2 Delete your web browser history and cookies regularly Use different email addresses and different passwords for your various online accounts Never visit any website that uses financial details (such as banking or shopping) from a public wi-fi hotspot Block spam emails. Never respond to unsolicited emails Hovering the mouse cursor over a link will often reveal the real address of the page it's sending you to When using smartphones or tablets, make sure you use all the device's security features such as passwords and PINs. Remember to lock all devices when you're not using them Avoid publicising your travel plans or posting holiday pictures while you're away from home https://www.cifas.org.uk/avoid_being_a_victim
If you are a victim Check your bank, credit card and other financial statements If regular statements or other items of post don't arrive, contact the organisations concerned Do the same if you start receiving correspondence from companies about applications or accounts that you do not recognise Investigate any credit refusal - it could be a sign that your credit report has been damaged Contact one of the credit reference agencies. They can help you review your credit report and contact all of the organisations involved for you. They will also notify the other two credit reference agencies so they too can offer help Consider a Cifas Protective Registration
Cifas – Leaders in fraud prevention Protecting the public Protective Registration Service Protects those at a heightened risk of ID Crime Bulk services available to companies which have suffered a breach in order to protect their customers Protecting the vulnerable Designed for those subject to a court order of protection under the Mental Capacity Act 2005 and not able to request financial or other services Public messaging Key prevention messages
Questions?
Recommend
More recommend
