*Financial Fraud In Cyber Space Flashcards Preview

CIC Module 4 > *Financial Fraud In Cyber Space > Flashcards

Flashcards in *Financial Fraud In Cyber Space Deck (33)
Loading flashcards...

➢ estimates Identity Theft generates 1 B (USD) per year globally.

➢Automated Teller Machine (ATM) Fraud (Philippines)


Bangko Sentral ng Pilipinas (BSP) confirmed 220 million pesos lost in ATM FRAUD

United Nations Office on Drugs and Crime (UNODC)


is one of the emerging forms of numerous variances of financial fraud in the Philippines.

➢The “budol-budol” and “dugo-dugo” modus-operandi now has its own online versions.
➢This art of deception find its way in the cyber space. The culprit now finds their victims through email, social media, dating sites, forums and even some fraud websites.

➢Through the social engineering method, the culprit will send email, chat message and text message, claiming to be close relative or friend of the victims who are based abroad and then offer a proposal such as mobile phone load business and the like.

➢Other more technically knowledgeable suspects executed the scheme through the hacked email or social media accounts, making the victims more convinced that the persons behind the transaction were their real relatives or friends.
➢If hacking is not possible a spoofing method then would play its role

Online Financial fraud



ATM Fraud
Credit Card Fraud


●Thieves use hidden electronics to steal the personal information stored on your card and record your PIN number to access all that hard-earned cash in your account.
●That's why skimming takes two separate components to work.
●The first part is the skimmer itself, a card reader placed over the ATM's real card slot
●The second is a camera which is surreptitiously positioned to capture the PIN. Some use a keypad overlay for this purpose.



This device is overlaid onto an existing ATM machine keypad and allows the ATM machine to function properly while it records the keystrokes

ATM keypad overlay and ATM Card Skimmer


August 8, 2016 hacking of Automated Teller Machine (ATM) at Bonifacio High Streets Branch, BGC, Fort Bonifacio, Taguig City.

➢Recovered from the ______ suspect was a key to open the ATM



➢ are using a combination of low and high-tech attacks to make ATMS spit out cash.

➢ These attacks first started in 2016, when several banks in ______ discovered empty ATMs with a hole drilled in one of their sides.


Europe and Russia


➢ATM thieves will drill a small hole, wide of about _____ centimeters (1.5 inches), on the side of the ATM's PIN (numbers) pad. This hole was right near a crucial ATM component, a 10-pin header.



Attackers connected and hijacked ATM's main bus
➢This _______ wasn't just any connector, but the header for connecting straight to the ATM's main bus, which interconnected all the other ATM's components, from the screen to the PIN pad, and from the internal cash store to the ATM dispenser.

10-pin header


Attackers took complete control over ATMs
➢ATMs special software and use encryption is very easy to.
➢ATM operations is very easy to understand, which allows to reverse engineer the ATM's inner workings.
➢There are plenty of ATM programming guides that have leaked online in the past.
➢The only downside of this attack was that crooks needed to carry a ____ with them in order to send commands to the ATM.



Purchases of goods utilizing credit cards that are:
➢altered or forged from different banks
➢Acquired the bank account details
➢skimming devices
➢persons manning the sales at different gas stations
➢different casinos-hotels and other merchants
On-line transaction:
➢international debit card accounts
➢acquired from the Business Processing Outsource (BPO) clientele.
Part of the scam:
➢acquire rooms by online booking
➢sell the room accommodations to players at the Casino for a lower price.

➢ You simply have to type credit card number into www page of the vendor for online transaction
➢ If electronic transactions are not secured the credit card numbers can be stolen by the hackers who can misuse this card by impersonation the credit card owner

Credit card fraud


Skimming Device

Card reader and writer.


Credit card companies for the most part have moved away from “swipe and signature” credit cards to _________ by this point; the technology known as EMV (Europay, MasterCard, and Visa) which is supposed to provide consumers with an added layer of security

chip and pin cards


The cyber criminals had miniaturized the backpack setup into a tiny ____, a cheap and programmable device used by DIY hobbyists.
➢The size of the chip was not larger than the regular security chip used in credit cards. This may increase the thickness of the chip from 0.4mm to 0.7mm, but perfectly feasible when inserted into a PoS system.
-The criminal removed the chip from the original, solder it to the FUN card chip, and fixed both chips back-to-back onto the plastic body of another stolen card.

FUN card chip


Section 33. Penalties. - The following Acts, shall be penalized by fine and/or imprisonment,

R.A. 8792


with refers to unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic documents shall be punished by a minimum fine of One Hundred Thousand pesos (P 100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years;

a) Hacking or crackling


In one of the largest cyber heist in the history, hackers ordered the Federal Reserved Bank of New York to transfer $81 Million from Bangladesh Bank to accounts in the Philippines

Bangladesh Bank Heist/ Hacking


Its is technique of pulling out confidential information from the bank/financial institutional account holders by deceptive means


Actual website
Deceptive website


Sale of information regarding of thousand bank accounts holder

Database Selling






Modus Operandi:

➢Suspect get profile of would-be victims online
➢Suspects & victims Communicate online or thru phone call
➢Suspect offers sale of shares of stocks
➢Victim send payment to account number provided by suspects.



Modus Operandi

➢Agents of the “paluwagan” business scheme will encourage a person to invest.
➢The ‘investment’ amount will grow as high as 66% the moment a newly- recruited member or investor can recruit more members for the group

Online Paluwagan



Money Remittance Companies abroad, which are catering Filipino Overseas Worker (OFW) is not spared by the hackers.

➢ In a case of a Philippine based company subsidized Money Remittance Agency abroad, our investigation presumed that hacker already established connections with their remittance system longtime ago.

➢. This is based on the documents provided to the investigator by INTERPOL, which disclosed that fake accounts had been created few years ago, without funds.
These accounts were used to remit money to several persons here in the Philippine through their newly opened bank accounts.

➢Correspondence was sent to the Philippine based Company for their formal complaint to proceed with the investigation but no response has been received yet as of this writing.
➢Another case under investigation by PNP ACG is the money remittance from a foreign branch of a local bank.

➢Using the username and password of the branch manager, the hacker was able to transfer a huge amount of money to another branch in Mindanao.

➢The remittance was withdrawn over the counter and was deposited again to different local bank less the commission of the withdrawer.
➢The branch manager suspected that his credentials were compromised after receiving and opening an email that purportedly a warning message from the FBI.

➢The hard drive of the computer system of the Branch Manager should be subjected for Digital Forensic Examination.

➢The Branch Manager account’s access logs must also be provided by the bank IT Department to prove the alleged illegal access.






➢The modus operandi of the hacking of email account can be associated to the “______” attack.

➢an attacker hijacks communications between two machines, he then sets up his computer to filter the communications between the two compromised accounts, allowing him to view and alter the communications.



-is the creation of an account (email, social media account, etc.) that looks like the same of the original, which the receiver cannot distinguish at the first instance.
-occurs when a scammer targets an organization and sends personalized emails.

➢Emails may appear to have been sent from a trustworthy source such as an employer or staff member.

➢The scammer’s aim is to convince you that the email requires urgent action for fund transfer taking advantage of the unsuspecting receiver.

Email spoofing


occurs when a scammer targets an organization and sends personalized emails.

•Using almost similar email account instruct Company A to pay to a different bank account.

Email Spoofing


The group will call an unsuspecting victim in China to introduce themselves as members of the Chinese police.
➢The suspects would then tell the victims that their bank accounts were being used for money laundering and other illegal activities.
➢The syndicate will then tell the victim to transfer their money to a 'safe account' that the suspects will provide, to which most of the victims have agreed out of fear of any action by 'police authorities' if they refuse to comply

Through Social Engineering)


PNP ACG conducted operation on a group of telecom hackers

• A US telecom company was the victim

• In cooperation with FBI and US Embassy in Manila

(Through Account Hacking)


The group allegedly hacked lines for international calls of Globe Telecom and rerouted them to mostly foreigners living in the Philippines, charging them less than half the normal international call rate.

➢The suspects used GSM (Global System of Mobile Communication) an apparatus connected to the computers which have a software capable of rerouting international calls.

___ is an illegal act in the country because it deprives government of unrealized revenues.

➢On the other hand, Telecom is losing huge amount of money because international calls were being charged an rerouted a mere local calls.