Ultrascan KPO

The Bank That Could Not Be Robbed - SWIFT

Central Bank to Federal Reserve Bank Treasury ID Theft

Impersonating authorized bank officers of treasury departments, to send payment orders to (National Reserve) correspondent banks, is a specialist wire fraud problem

Case:

• Between October 2010 and December 2012 Ultrascan-KPO investigated fraudulent payment orders to treasury departments of 26 correspondent banks on 4 continents, of which 21 National Reserve banks .

• Amounts varied between $98,000.00 and $530,000.00 in local currency.

• Banks confirmed,  that the calls/fax/mails are coming directly into the appropriate officer and are NOT going through the switchboard. This creates  several problems, messages not being recorded, etc.

• All contact information is only available to treasury staff, that is on their computer.

Ultrascan Techint and Humint investigations revealed:

• The IT service department, Laptops, PC's, personal and business eco systems, Treasurers signatures, current contact lists and signatures of bank division managers are compromised.

• The fraudsters researched and confirmed information through HUMINT in conversations with correspondent Banks. Learning the issues and changing their attacks based on what they got on the phone.

• Fraudsters impersonated authorized officers from " the Nostro department ", called the correspondent bank treasury, explaining that they were experiencing SWIFT issues at this time.

• Minutes later, the fraudster send a fax and/or email attachment - As a result of a swift outage we are experiencing, kindly accept and execute this MT202 payment order for today's value date - on official letterhead, with validated names and signatures.

• The technical support for phone/fax numbers, email and IP addresses was covered by anonymity proxy services and paid for by a Nigerian citizen in Lagos.

• Money-laundering was coordinated via a global network of (419) Advance Fee Fraud scammers who, either direct or via money mules, operated bank accounts under befitting names in South Africa, Japan, China, Canada and several European countries.

• Over 60 beneficiary bank accounts were operated by money mules or independent  business associates of the ultimate beneficiaries.

• The 3 ultimate beneficiaries originated from Nigeria, West Africa. One of them specialised in ID theft and 'bank to bank wire fraud' since 2003.

• For a large part a confidence fraud making use of the culture of confidentiality within Reserve Banks and  bank treasury departments and a high level of trust between correspondent banks.

• For several reasons the perfect crime with a very Low Probability of Detection and an even lower probability of 'public prosecution'.

• ......

We recommended both internal and external solutions that led to prevention, mitigation and disruption of the fraud organisation.

------

FYI - At SWIFT they see as key element "attackers concealing their fraudulent messaging activity on customers’ local systems" which is true, but only secondary to the insider disgruntled employee they did not yet Identify.

Central Banks robbed in 2016:

- Malware suspected in Bangladesh bank heist: officials

- Bangladesh Central Bank Found $100 Million Missing After a Weekend Break

Ultrascan‐KPO case: Anti Corporate ID Theft

Cyber‐Crime Targeting a Multi National Company (real name changed in to MNC)

Over the last three years we detected an exponential increase in the volume of online traffic by cybercriminals using the name of the MNC in Advance Fee Fraud (AFF) schemes. The inherent opennessand anonymity of the internet are creating unprecedented challenges for the Company. Crimes of fraud, brand abuse and unauthorized use of MNC intellectual property have moved online and are increasingly dangerous to the reputation of all international institutions. The Company trademarks, logo, informationand both the collective and individual identities of the Company are actively stolen by cybercriminals andused to conduct criminal activity on‐line.

While there has been no financial loss to the Company, there hasbeen a degradation of the reputation and image of the Company, which is often perceived to be part ofthe criminal network conducting this cyber‐crime.

CEO scam email phishing fraud cost businesses billions - ID Theft

A niche market for organised crime, the sending of correspondent payment instructions to Treasury departments of Federal Reserve and Central Banks, evolved into a slick corporate business ID theft .

A scam in which criminals impersonate chief executives, by spoofing their email addresses, has cost businesses around the world billions.

Corporate ID fraud

There is a sharp increase in “business email scams” a simple scam that is also known as “CEO fraud”, with thousands of victims affected globally.

In the scam, a criminal impersonates a chief executive’s email account and directs an employee to wire money to an overseas bank account. By the time one realises it is a fraud, the money is gone.

For this type of business frauds the fraudsters require a professional criss-cross  money laundering set-up to transfer large amounts over many bank accounts in many different international jurisdictions.

It concerns transnational organized crime and is a global problem.

To tackle these incidents, we’re working with criminal investigation and cyber crime experts in the Ultrascan research network .

The reported frauds can be partly attributed to companies detecting the crime, but it also reflects the simple nature of the scheme that can be run from anywhere around the globe. All you need is a computer.

Most of the bank accounts in which the money ends up are operated by a global criminal network of (419) Advance Fee Fraud scammers and located in Asia and Africa, where we coordinate counter initiatives.

Ultrascan‐KPO Anti Corporate ID Theft Program Deliverables

Researching & Disrupting Corporate Identity Theft and Counterfeiting

Part of The Intellectual Property Protection (IPP) initiative

The Intellectual Property Protection (IPP) initiative is a confidential and sensitive security initiative designed to provide a long term methodology using independent service providers focused specifically on protecting The Clients from all forms of identity theft and cyber-crime.

The inherent openness and anonymity of the internet are creating unprecedented challenges for The Clients. Fraud, brand abuse and unauthorized use of The Clients intellectual property have moved online and are increasing exponentially. We envision three key deliverables to protect The Clients