3rd Interim EAST Meeting – National and Global Members

A third Interim Meeting of EAST National and Global Members took place on Wednesday 10th February 2021. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Martine Hemmerijckx from Worldline.

Law enforcement overviews were provided by Europol and the Gulf Cooperation Council Police (GCCPOL).  Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered recent successful cross-border operations; the other covered Physical ATM attacks across Europe.  The GCCPOL presentation covered payment and fraud issues seen by their 6 member countries – it focussed on Technological Fraud (crimes committed using different forms/types of machines and technology) and Non-Technological Fraud (conducted directly against the victim).

Updates were received from 26 countries, either directly or via a global update by Worldline.  Each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).  A key issue, highlighted by most of the countries, is the importance of raising consumer awareness to counter the rising threats related to social engineering.

EAST Fraud Update 1-2021 will be produced during March, based on the country updates provided at the Interim EAST Meeting.  EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.

The next meeting of this group, scheduled for 9th June 2021, will also be a virtual Interim meeting.  The 1st EAST Global Congress is now scheduled to be held in October 2021, dependant on the prevailing status of the Covid-19 pandemic.

Cybercriminals will leverage AI as an attack vector and an attack surface

A jointly developed new report by Europol, the United Nations Interregional Crime and Justice Research Institute (UNICRI) and Trend Micro looking into current and predicted criminal uses of artificial intelligence (AI) has been released.  It provides law enforcers, policymakers and other organisations with information on existing and potential attacks leveraging AI and recommendations on how to mitigate these risks.

The report concludes that cybercriminals will leverage AI both as an attack vector and an attack surface.  Deep fakes are currently the best-known use of AI as an attack vector.  However, the report warns that new screening technology will be needed in the future to mitigate the risk of disinformation campaigns and extortion, as well as threats that target AI data sets.

For example, AI could be used to support:

  • convincing social engineering attacks at scale;
  • document-scraping malware to make attacks more efficient;
  • evasion of image recognition and voice biometrics;
  • ransomware attacks, through intelligent targeting and evasion;
  • data pollution, by identifying blind spots in detection rules.

The paper also warns that AI systems are being developed to enhance the effectiveness of malware and to disrupt anti-malware and facial recognition systems.

The EAST Payments Task Force is focussed on payment issues related to social engineering, malware, ransomware and other cyber threats, and notes that this report is an important step forward in assessing the rapid evolution of cybercrime.

The three organisations make several recommendations to conclude the report:

  • harness the potential of AI technology as a crime-fighting tool to future-proof the cybersecurity industry and policing;
  • continue research to stimulate the development of defensive technology;
  • promote and develop secure AI design frameworks;
  • de-escalate politically loaded rhetoric on the use of AI for cybersecurity purposes;
  • leverage public-private partnerships and establish multidisciplinary expert groups.

For more information and to download the report visit Europol’s website

EAST Publishes Fraud Update 3-2020

EAST has just published its third Fraud Update for 2020. This is based on country crime updates given by representatives of 18 countries in the Single Euro Payments Area (SEPA), and 8 non-SEPA countries, at the 2nd (virtual) EAST Interim Meeting held on 7th October 2020.

The following countries supplied full or partial information for this Update:

Armenia, Austria; Canada; Cyprus; Finland; France; Germany; Greece; Hong Kong; Italy; Liechtenstein; Luxembourg; Mexico; Netherlands; Norway; Portugal; Romania; Russia; Slovakia; South Africa; Spain; Sweden; Switzerland; Turkey; Ukraine; United Kingdom.

FRAUD TYPE

Fraud Update

To date in 2020 the EAST Payments Task Force (EPTF) has published one related Payment Alert and the EAST Expert Group on All Terminal Fraud (EGAF) has published ten related Fraud Alerts.

Fraud Update

FRAUD ORIGIN

To date in 2020 the EPTF has published three related Payment Alerts.

To date in 2020 EAST EGAF has published thirteen related Fraud Alerts.

DUE DILIGENCE

PHYSICAL ATTACKS

To date in 2020 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published five related Physical Attack Alerts.

The full European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

2nd Interim EAST Meeting – National and Global Members

A second Interim Meeting of EAST National and Global Members took place on Wednesday 7th October 2020. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Rui Carvalho, EAST Development Director.  The 1st EAST Global Congress is now scheduled to be held in February 2021, dependant on the prevailing status of the pandemic.

Law enforcement overviews were provided by EuropolINTERPOL and the Gulf Cooperation Council Police (GCCPOL).  Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered the recent publication of their Internet Organised Crime Threat Assessment (IOCTA 2020), focussed on criminal trends relating to Covid-19, and prevention and awareness; the other covered Physical ATM attacks across Europe.  The INTERPOL presentation covered the impact of Covid-19 on Financial crimes from the global perspective and the GCCPOL presentation covered payment and fraud issues seen by their 6 member countries.

Updates were received from 28 countries, either directly or via a global update by HSBC. As with the previous meeting, the key focus remained on the impact of the coronavirus crisis and each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).

EAST Fraud Update 3-2020 will be produced during October, based on the country updates provided at the Interim EAST Meeting. EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.

IOCTA 2020 Published by Europol

IOCTA 2020Europol has published its Internet Organised Crime Threat Assessment for 2020 (IOCTA 2020).   This highlights the dynamic and evolving threats from cybercrime and provides a unique law enforcement focused assessment of emerging challenges and key developments in the space.  The data collection for the IOCTA 2020 took place during the lockdown implemented as a result of the COVID-19 pandemic.  Indeed, the pandemic prompted significant change and criminal innovation in the area of cybercrime.  Criminals devised both new modi operandi and adapted existing ones to exploit the situation, new attack vectors and new groups of victims.

So much has changed since Europol published last year’s IOCTA. The global  pandemic forced the reimagination of our societies and the reinvention of the way we work and live.  During the lockdown, people turned to the Internet for a sense of normality: shopping, working and learning online at a scale never seen before.  The IOCTA 2020 seeks to map the evolving cybercrime threat landscape and understand how law enforcement responds to it.  Although the COVID-19 crisis has shown how criminals actively take advantage of society at its most vulnerable, this opportunistic behaviour should not overshadow the overall threat landscape. In many cases, COVID-19 has enhanced existing problems, some of which are shown below:

CROSS-CUTTING CRIME

  • Social engineering and phishing remain an effective threat to enable other types of cybercrime.  Criminals use innovative methods to increase the volume and sophistication of their attacks, and inexperienced cybercriminals can carry out phishing campaigns more easily through crime as-a-service.  Criminals quickly exploited the pandemic to attack vulnerable people; phishing, online scams and the spread of fake news became an ideal strategy for cybercriminals seeking to sell items they claim will prevent or cure COVID-19.
  • Encryption continues to be a clear feature of an increasing number of services and tools.  One of the principal challenges for law enforcement is how to access and gather relevant data for criminal investigations.  The value of being able to access data of criminal communication on an encrypted network is perhaps the most effective illustration of how encrypted data can provide law enforcement with crucial leads beyond the area of cybercrime.

MALWARE REIGNS SUPREME

  • Ransomware attacks have become more sophisticated, targeting specific organisations in the public and private sector through victim reconnaissance.  While the COVID-19 pandemic has triggered an increase in cybercrime, ransomware attacks were targeting the healthcare industry long before the crisis. Moreover, criminals have included another layer to their ransomware attacks by threatening to auction off the comprised data, increasing the pressure on the victims to pay the ransom.  Advanced forms of malware are a top threat in the EU: criminals have transformed some traditional banking Trojans into modular malware to cover more PC digital fingerprints, which are later sold for different needs.

PAYMENT FRAUD: SIM SWAPPING A NEW TREND

  • SIM swapping, which allows perpetrators to take over accounts, is one of the new trends in IOCTA 2020.  As a type of account takeover, SIM swapping provides criminals access to sensitive user accounts.  Criminals fraudulently swap or port victims’ SIMs to one in the criminals’ possession in order to intercept the one-time password step of the authentication process.

CRIMINAL ABUSE OF THE DARK WEB

  • In 2019 and early 2020 there was a high level of volatility on the dark web. The lifecycle of dark web market places has shortened and there is no clear dominant market that has risen over the past year. Tor remains the preferred infrastructure, however criminals have started to use other privacy-focused, decentralised marketplace platforms to sell their illegal goods. Although this is not a new phenomenon, these sorts of platforms have started to increase over the last year. OpenBazaar is noteworthy, as certain threats have emerged on the platform over the past year such as COVID-19-related items during the pandemic.

EAST Publishes Fraud Update 2-2020

EAST has just published its second Fraud Update for 2020. This is based on country crime updates given by representatives of 20 countries in the Single Euro Payments Area (SEPA), and 8 non-SEPA countries, at the 1st (virtual) EAST Interim Meeting held on 10th June 2020.  For this meeting EAST adopted a new template for country reporting which means that data analysis can be more accurately assessed across the key reporting headings, as shown below.

The following countries supplied full or partial information for this Update:

Armenia, Austria; Belgium; Bermuda; Canada; Finland; France; Germany; Greece; Hungary; Italy; Liechtenstein; Luxembourg; Malta; Mexico; Netherlands; Norway; Portugal; Romania; Russia; Slovakia; South Africa; Spain; Sweden; Switzerland; Turkey; Ukraine; United Kingdom.

FRAUD TYPE

EAST Fraud Update

To date in 2020 the EAST Payments Task Force (EPTF) has published one related Payment Alert and the EAST Expert Group on All Terminal Fraud (EGAF) has published five related Fraud Alerts.

EAST Fraud Update

FRAUD ORIGIN

EAST Fraud Update

To date in 2020 the EPTF has published three related Payment Alerts.

To date in 2020 EAST EGAF has published ten related Fraud Alerts.

DUE DILIGENCE

PHYSICAL ATTACKS

To date in 2020 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published three related Physical Attack Alerts.

The full European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

Investment fraud gang taken down in Bulgaria and Serbia

Investment fraudA large criminal network involved in investment fraud, money laundering and social engineering was taken down in an international investigation, launched one year ago. The action day, which took place in Belgrade and Sofia, went ahead on 2 April despite the current lockdown.

Estimated total losses were €80 million and the fraud affected over 1,000 victims in Germany and Austria, as well as people in other countries.  In Austria  it is estimated that 850 victims lost around €2.2 million, while in Germany hundreds of victims suffered estimated losses of about €10 million.

The suspects, believed to be members of a large criminal network, offered bogus investments in trading products such as binary options and contract for differences (CFDs) on online trading platforms.  The investments started at around €250 and Agents from call centres in Bulgaria and Serbia then manipulated the victims to make much higher investments in non-existent trading products including CFDs and forex (foreign exchange currency market).

During the action day Law enforcement authorities from Bulgaria and Serbia carried out 11 house searches and arrested 9 individuals (5 in Serbia and 4 in Bulgaria). Two of the leaders of the criminal network were arrested in Sofia. The seizures include five properties in Serbia, €2.5 million from a bank account in Germany, electronic equipment and other evidential material. 30 other bank accounts were put under surveillance.  

Advisory Group on Financial ServicesEuropol and Eurojust supported the investment fraud investigation, which involved law enforcement and judicial authorities from Austria, Bulgaria, Germany and Serbia.  

Europol facilitated information exchange and provided analytical support, cross-checking operational information in real-time against its databases to provide leads to investigators in the field, and a Joint Investigation Team between Austria and Germany was set up by Eurojust to coordinate judicial matters.

EAST and Europol have worked together since 2004 and EAST provides secure platforms for public/private sector cooperation in the fight against organised criminal groups engaged in financial crime.  Click here for more information on EAST’s law enforcement relationships.

The EAST Payments Task Force (EPTF) has a specific focus on tackling social enginnering  This Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.

EAST Publishes European Fraud Update 3-2019

European FraudEAST has just published its third European Fraud Update for 2019. This is based on country crime updates given by representatives of 16 countries in the Single Euro Payments Area (SEPA), and 4 non-SEPA countries, at the 49th EAST Meeting held in London on 8th October 2019.

Payment fraud issues were reported by seventeen countries. Social engineering is a key concern. Seven countries reported phishing attacks. One of them stated that fraudsters are using phishing to get targets for fake web campaigns where consumers can win money, and another reported fake web surveys aimed at getting consumer data. In one country the quality of vishing calls is improving, where the people making the spoof calls are very believable and often have local accents from the customer’s home area. Impersonation fraud was reported by four countries – in one of them police officers are impersonated, and another reported spoof calls being received by customers from bank call centres.

Card Not Present (CNP) fraud was reported by six countries. One of them reported CNP fraud at digital media players. Contactless fraud was reported by two countries – in one of them it is related to lost and stolen cards, and in the other card present (CP) transactions are being made at small merchants up to the allowed limit. To date in 2019 the EAST Payments Task Force (EPTF)  has issued five related Payment Alerts.

ATM malware and logical attacks were reported by five countries – one reported a new way of getting malware onto an ATM, that did not succeed, and four reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash. To date in 2019 the EAST Expert Group on All Terminal Fraud (EGAF) has published seven related Fraud Alerts.

Card skimming at ATMs was reported by thirteen countries. Overall skimming incidents in Europe continue to decline. Three countries reported the usage of ‘M3 – Card Reader Internal Skimming devices’, and the most recent variants continue to be made of transparent plastic. To date in 2019 EAST EGAF has published thirteen related Fraud Alerts. Year to date International skimming related losses were reported in 41 countries and territories outside SEPA and in 4 within SEPA. The top three locations where such losses were reported remain Indonesia, India and the USA.

Four countries reported card trapping attacks, one of them reporting such attacks at fake terminals, designed to resemble lobby door opening devices at bank branches.

Ram raids and ATM burglary were reported by nine countries and twelve countries reported explosive gas attacks. After one such attack collateral damage of over €200,000 was reported. Six countries reported solid explosive attacks. The usage of Triacetone Triperoxide (TATP) for solid explosive attacks is increasing across Europe. This explosive is also known as the ‘Mother of Satan’. Mixing TAPT is a complicated procedure that requires good knowledge of the chemicals, as there is a danger of setting off an unexpected explosion.

The spread of such attacks is of great concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings. To date in 2019 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published nine related Physical Attack Alerts.

The full European Fraud Update is available to EAST Members (National and Associate).

EAST participates at Europol Training on Payment Card Fraud Forensics

card fraud forensics EAST Development Director Rui Carvalho presented at the fifth edition of the Europol Training Course on Payment Card Fraud Forensics and Investigations at the Spanish National Police Academy in Ávila, Spain. His talk gave an overview of EAST, shared the latest statistics and trends on terminal fraud in Europe from the perspective of the private sector, and covered trends in payments, including an overview of regional and global e-wallets.

The Europol training, which ran from 8 to 12 July 2019, covered a wide range of topics  in the area of payment fraud, including online skimming, logical attacks on ATMs, card data analysis, cryptocurrencies, social engineering attacks and loyalty card fraud.

The training course was attended by 53 Investigators, forensic experts, and accredited trainers from 25 countries in the European Union, as well as from Colombia, Moldova and the United States.  Presentations were given by Europol staff and by key private sector organisations (including EAST). Since the first training in 2015 over 250 international students have benefited from the training programme, which has been supported by EAST from the outset.

This kind of event highlights the importance of close cooperation between the public and private sectors in the fight against cybercrime and all emerging threats in the field of payment card fraud. Such cooperation is enhanced by regular training, and by shared updates on investigative techniques and the improvement of forensic capabilities.

Europol and EBF launch cyberscams awareness campaign

avoid cyberscamsEuropol’s European Cybercrime Centre (EC3), the European Banking Federation (EBF) and their partners from the public and private sector have launched the cyberscams awareness campaign (#Cyberscams) as part of the European Cyber Security Month (ECMS). The ECMS is an EU awareness campaign that promotes cyber security among citizens and organisations, highlighting simple steps that can be taken to protect their personal, financial and professional data.

Over the next week, law enforcement agencies from all 28 EU Member States, 5 non- EU Member States, 24 national banking associations and banks and many other cybercrime fighters will be raising awareness about this criminal phenomenon. This pan-European endeavour will be driven by a communication campaign via social media channels and national law enforcement, bank associations and financial institutions.  The EAST Payments Task Force (EPTF) focuses on tackling such cyberscams.

Europol’s Internet Organised Crime Threat Assessemtnt (IOCTA) 2018 recommendations highlight that the most effective defence against social engineering is the education of potential victims – that’s each and every one of us when online! Raising awareness among the general public on how to identify cyberscams will help to protect us and keep our finances safe online.

Awareness-raising material in 27 languages is available for public download – this includes information on the 7 most common online financial scams, and how to avoid them.  These are:

  • CEO fraud: scammers pretend to be your CEO or senior representative in the organisation and trick you into paying a fake invoice or making an unauthorised transfer out of the business account.
  • Invoice fraud: they pretend to be one of your clients/suppliers and trick you into paying future invoices into a different bank account.
  • Phishing/Smishing/Vishing: they call you, send you a text message or an email to trick you into sharing your personal, financial or security information.
  • Spoofed bank website fraud: they use bank phishing emails with a link to the spoofed website. Once you click on the link, various methods are used to collect your financial and personal information. The site will look like its legitimate counterpart, with small differences.
  • Romance scam: they pretend to be interested in a romantic relationship. It commonly takes place on online dating websites, but scammers often use social media or email to make contact.
  • Personal data theft: they harvest your personal information via social media channels.
  • Investment and online shopping scams: they make you think you are on a smart investment… or present you with a great fake online offer.

Some general tips to help avoid falling victim to the above cyberscams are:

  • Check your online accounts regularly.
  • Check your bank account regularly and report any suspicious activity to your bank.
  • Perform online payments only on secure websites (check the URL bar for the padlock and https) and using secure connections (choose a mobile network instead of public Wi-Fi).
  • Your bank will never ask you for sensitive information such as your online account credentials over the phone or email.
  • If an offer sounds too good to be true, it’s almost always a scam.
  • Keep your personal information safe and secure.
  • Be very careful about how much personal information you share on social network sites. Fraudsters can use your information and pictures to create a fake identity or to target you with a scam.
  • If you think that you have provided your account details to a scammer, contact your bank immediately.
  • Always report any suspected fraud attempt to the police, even if you did not fall victim to the scam.

Don’t become a cyberscams victim!  Stay aware and spread the word