* Kelli Ribeiro
Overview - How to identify and prevent fraud?
One of the side effects of the covid-19 pandemic was an increase in the number of cyber attacks targeting companies in different markets and size.
The network communication technologies, originating from the “Fourth Industrial Revolution”, have characteristics that make them vulnerable to cyber attacks that can occur in several ways, from data theft to the taking of systems with harmful and potentially large-scale consequences for people. companies that are targeted.
Every 5 seconds there is an attempt at cyber fraud according to the X-Ray of Fraud 2020, the most complete report in the Brazilian risk analysis market.
Given this scenario, it is extremely important that companies have protection mechanisms in order to respond adequately to this threat. Below we detail what and how some of these happen and measures that can be adopted for prevention and response.
Usually, the fraudster or criminal organization escalates privilege for hacking accounts and transferring funds, usually with the support of "oranges", and turns the funds into bitcoins.
Through the exploitation of vulnerabilities present in financial applications.
O "Hacker”Can rely on internal collaboration to find vulnerabilities.
The criminal organization learns about account movements and sets targets.
Fraud in services occurs due to the appropriation of products and services (Pay TV, deviation of goods, issuance of tickets etc.) or by obtaining privileged access credentials through social engineering and / / enticement of professionals involved.
Criminal organizations recruit Call Center, Service Desk and / or professionals responsible for access management to obtain credentials.
Employees with knowledge of internal procedures and internal security flaws, hide behind security flaws with the lack of logs and access monitoring and / or the accumulation of privilege in an access profile.
Fraud sale or leak of personal data
Identity theft is the term used for any type of scam that involves
appropriation of personal data for opening accounts, carrying out transactions and / or creating false documents.
The criminal steals scanned documents along with personal information the fraudster simply copies and sends the information to whoever is willing to pay.
SIM Swap Scams
The fraud SIM Swap is to transfer the phone line to a SIM chip different from the one on your cell phone. It can be done in some ways that almost always involve social engineering: criminals pretend to be the victim and, with their personal information, get the operator to activate the phone number elsewhere.
The criminal uses social engineering or “insider”Of the operator to perform the SIM exchange operation. The victim's cell phone number is changed to point the attacker's phone.
The attacker can then request unique access codes to reset victims' online accounts, facilitating access to email, social media and asset holding accounts. The criminal can also obtain a partner to attack, dividing the "gains" and obtaining greater chances of success. Eg credentials and passwords available at “DarkWeb"
Below we list some measures that support the fraud prevention process.
Identity management is essential in preventing fraud and access controls, such as:
- Strong authentication.
- Strong password.
- Alternative multi-factor authentication solutions - MFA (avoid SMS or phone calls).
- Access control based on the “least privilege” concept.
Monitoring, blocking, educating customers and users:
- Adopt technology to monitor and block information leaks.
- Conduct periodic audits and strict policies for internal controls.
- Monitor Internet, Deep web and DarkWeb to detect and remove leaked credentials, fake websites and documents.
- Promptly notify your customer and / or user and guide them to change their password and credentials by detecting information leak incidents.
- Promote awareness campaigns and safety tips to your customers and internal users.
It is necessary to improve at the most the fraud prevention strategy, betting on technology, communication, relationship with the user and assessment of the environment, since many frauds can occur due to human error or even “collusion”.
SAFEWAY can help your organization to implement fraud prevention controls through Risk Management controls and Compliance and monitoring of the environment through the Security Tower.
* Kelli Ribeiro is a GRC Specialist at [SAFEWAY]
THE SAFEWAY is an Information Security company, recognized by its customers for offering high added value solutions, through Information Security projects that fully meet business needs. In these years of experience, we have accumulated, with great pride, several successful projects that have earned us credibility and prominence in our clients, which constitute in large part, the 100 largest companies in Brazil.
Today through more than 22 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.
Let's make the world a safer place to live and do business!