Fraud Detection and Prevention

What is prevention?
  • Prevention controls are designed to keep fraud from occurring..
What is detection?
  • Detection controls are designed to detect frauds.

What is fraud?
  • An illegal act involving the obtaining of something of value through willful misrepresentations.

What are the common myths about fraud?
  • It won't happen to me.
  • Its not big deal.
  • We have our controls in place.
  • Someone else will take the loss.
What are the types of frauds?
  • Check Fraud
  • Cyber Crimes
    • ACH Fraud
    • Wire Fraud
Types of Cyber Crime?
  • Hacking
  • Trojan Horse
  • Phishing
  • Spyware
  • Keylogger
What is hacking?
  • Illegal intrusion into a computer systems without the permission of the owner.
  • Virus Dissemination
    • Virus, Key-logger, Trojan Horse
  • Email
    • High school friends, unknown senders
  • Hyperlink
    • They know what you like 
  • Software download
    • Games, screen savers.
What is Trojan horse?
  • Virus hidden in file or a program
  • Downloaded from internet
  • Downloaded from emails.
What is spyware?
  • Spyware is a type of malware that is installed on computers and collects little bits of information at a time about users without their knowledge. The presence of spyware is typically hidden form the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's personal computer.
    • Watch sites you visit
    • Read you emails
What is Key-logger?
  • Keystroke logging (often called key-logging) is the practice of tracking (or logging) the keys struck on a keyboard, typically in a convert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous key logging methods, ranging from hardware and software-based to electromagnetic and acoustic analysis.
    • From virus
    • USB Port
    • Purchase online
What is phishing?
  • Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as trustworthy entity in a electronic communication. Communications purporting to be from popular social websites, auction sites, online payment processors or IT administrations are commonly used to lure the unsuspecting public.
  • A technique of pulling our confidential information from the bank account holder by deceptive means.
  • Fake login page.
  • Deceptive login(looks like bank website)
  • Sometime link to real website
  • phishing email with link verify important information
What is vishing?
  • Are attacks in which bank customers are contacted by email or phone told that their checking accounts have been compromised. Instead of referring to a website you are given a toll-free number to call.
Key Points in preventions:
  • Watch for warning signs.
  • Listen to employees
  • Follow established hiring practices
  • SCAN Computers often
  • Follow policies and procedures
  • Strong internal controls
Key Points in Detection:
  • Bank reconciliations
  • Positive pay
  • ACH Debit Blocks and Filters
  • Alters
  • Audit
  • Watch for warning signs
  • Something is different 
  • Alert Employees


Comments

Post a Comment

Popular posts from this blog

basic introduction about networking and its components.

Image
Network: Network is connected collection of devices (computer, routers, switches and interconnections)that communicates with each other by providing the means for users to share hardware and applications. LAN: LAN Stands for Local Area Network. LAN is a network that is located in limited area with the computers and other components, that are part of this network, located relatively closed together. Ethernet Switches: Ethernet switches divides the collision domains and reduce the number of devices that are competing for bandwidth. Ethernet switches selectively forward individual frames from a receiving port to the destination port. Optical Fiber: Optical fiber permits transmission over longer distances and higher data rates. Switch: Switch creates and maintains MAC address table by using the source MAC address of incoming frames and port number through which the frames entered the switch. Components of Network: 1) Endpoints: Send and receive data. 2) Interc...
Read more

Tools for cyber forensic investigation and analysis

Which are the tools useful for forensic investigation and analysis? Here we have listed some important tools which will be useful in forensic investigation as well as crime scene while seizing the evidences, also helps in analysis and reporting of cyber crimes. NMAP: NMAP stand for Network Mapper. It is most popular tool for mapping networks and security system auditing. It also support for all operating systems like Windows, Linux, Red Hat, Mac OS. Forensic Investigator: Forensic investigator is best tool in cyber forensics. It is helpful in many types likes WHOIS/GeoIP lookup, ping, port scanner, banner grabber, URL decoder/parser, XOR/HEX?base64 converter, SMB Share/Net-BIOS viewer, virus-total lookup. Hash Calculator: Hash calculator is software useful for calculating hash values for any files as well as any folder. It generates MD5 and SHA-1 hash value. USB write blocker: USB write blocker is most important tool in prevention of data altering in our systems withou...
Read more

Introduction to Cyber Forensic

What is Cyber Forensic? Cyber forensic is a branch of forensic science. Cyber forensic also known as computer forensic. Cyber forensic is nothing but the collection or acquisition , analysis and reporting of the digital evidences. The evidence includes following  computers , hard disks, pen-drives , CD, DVD, memory cards, mobile phones, etc.  There are some SOP's (Standard Operating Procedures) for cyber forensic which must be follow in every digital evidences. Verification Identification and Description Preservation, collection and  Acquisition Use forensic  toolkit Live Acquisition  is best Bit stream imaging Make no changes Take Hash Value Log  Everything Record and Preserve Chain of Custody Processing and Review Analysis Productions Presentation Reporting
Read more