2016 May Luncheon

June 29, 2016

ACFE Newsletter July-Aug 2016.pdf - Adobe Acrobat Pro

Addie Lui, AVP and Information Security Officer at Hawaii National Bank discussed the latest in Electronic Scams and Fraud Trends, such as the most used tactics by hackers, which include the following:

  • Phishing is a type of scam that often uses email messages that appear to be from legitimate sources, in order to collect money, passwords, account numbers or other non-public information from unsuspecting individuals
  • Other forms of social engineering include calls apparently coming from the IT staff to allow remote control into your computer, USB drive in the parking lot marked “company salaries” or a visit from a utility company such as Hawaiian Tel or HECO to perform “maintenance” or fake social media profiles as ploys to install malware.
  • Exploitation of weaknesses in IT systems, i.e. old fashioned hacking

Examples of these attacks include:

  • CEO/Executive impersonation – using information gained from LinkedIn or other social media sites, contact staff via email and request confidential information or electronic transfer of funds
  • W-2 scheme – impersonation of payroll company or company officer requesting HR staff for copies of W-2’s which can be used for ID theft and/or filing false tax returns
  • Ransomware – tricking a user into clicking on links to install ransomware, which encrypts files and locks it, holding them “hostage” until you pay a fee for an encryption key.

Companies such as health care firms, law firms and CPA firms are particularly vulnerable.