2nd Interim EAST Meeting – National and Global Members

A second Interim Meeting of EAST National and Global Members took place on Wednesday 7th October 2020. Due to the Covid-19 situation, it was conducted as a virtual meeting. The meeting was chaired by Rui Carvalho, EAST Development Director.  The 1st EAST Global Congress is now scheduled to be held in February 2021, dependant on the prevailing status of the pandemic.

Law enforcement overviews were provided by EuropolINTERPOL and the Gulf Cooperation Council Police (GCCPOL).  Two presentations were made by Europol: one from the European Cybercrime Centre (EC3) covered the recent publication of their Internet Organised Crime Threat Assessment (IOCTA 2020), focussed on criminal trends relating to Covid-19, and prevention and awareness; the other covered Physical ATM attacks across Europe.  The INTERPOL presentation covered the impact of Covid-19 on Financial crimes from the global perspective and the GCCPOL presentation covered payment and fraud issues seen by their 6 member countries.

Updates were received from 28 countries, either directly or via a global update by HSBC. As with the previous meeting, the key focus remained on the impact of the coronavirus crisis and each update covered Fraud Types, Fraud Origin, Due Diligence and Physical Attacks (ATM, ATS and CIT).

EAST Fraud Update 3-2020 will be produced during October, based on the country updates provided at the Interim EAST Meeting. EAST Fraud, Payment and Physical Attack Updates are available on the EAST Intranet to EAST Members.

IOCTA 2020 Published by Europol

IOCTA 2020Europol has published its Internet Organised Crime Threat Assessment for 2020 (IOCTA 2020).   This highlights the dynamic and evolving threats from cybercrime and provides a unique law enforcement focused assessment of emerging challenges and key developments in the space.  The data collection for the IOCTA 2020 took place during the lockdown implemented as a result of the COVID-19 pandemic.  Indeed, the pandemic prompted significant change and criminal innovation in the area of cybercrime.  Criminals devised both new modi operandi and adapted existing ones to exploit the situation, new attack vectors and new groups of victims.

So much has changed since Europol published last year’s IOCTA. The global  pandemic forced the reimagination of our societies and the reinvention of the way we work and live.  During the lockdown, people turned to the Internet for a sense of normality: shopping, working and learning online at a scale never seen before.  The IOCTA 2020 seeks to map the evolving cybercrime threat landscape and understand how law enforcement responds to it.  Although the COVID-19 crisis has shown how criminals actively take advantage of society at its most vulnerable, this opportunistic behaviour should not overshadow the overall threat landscape. In many cases, COVID-19 has enhanced existing problems, some of which are shown below:

CROSS-CUTTING CRIME

  • Social engineering and phishing remain an effective threat to enable other types of cybercrime.  Criminals use innovative methods to increase the volume and sophistication of their attacks, and inexperienced cybercriminals can carry out phishing campaigns more easily through crime as-a-service.  Criminals quickly exploited the pandemic to attack vulnerable people; phishing, online scams and the spread of fake news became an ideal strategy for cybercriminals seeking to sell items they claim will prevent or cure COVID-19.
  • Encryption continues to be a clear feature of an increasing number of services and tools.  One of the principal challenges for law enforcement is how to access and gather relevant data for criminal investigations.  The value of being able to access data of criminal communication on an encrypted network is perhaps the most effective illustration of how encrypted data can provide law enforcement with crucial leads beyond the area of cybercrime.

MALWARE REIGNS SUPREME

  • Ransomware attacks have become more sophisticated, targeting specific organisations in the public and private sector through victim reconnaissance.  While the COVID-19 pandemic has triggered an increase in cybercrime, ransomware attacks were targeting the healthcare industry long before the crisis. Moreover, criminals have included another layer to their ransomware attacks by threatening to auction off the comprised data, increasing the pressure on the victims to pay the ransom.  Advanced forms of malware are a top threat in the EU: criminals have transformed some traditional banking Trojans into modular malware to cover more PC digital fingerprints, which are later sold for different needs.

PAYMENT FRAUD: SIM SWAPPING A NEW TREND

  • SIM swapping, which allows perpetrators to take over accounts, is one of the new trends in IOCTA 2020.  As a type of account takeover, SIM swapping provides criminals access to sensitive user accounts.  Criminals fraudulently swap or port victims’ SIMs to one in the criminals’ possession in order to intercept the one-time password step of the authentication process.

CRIMINAL ABUSE OF THE DARK WEB

  • In 2019 and early 2020 there was a high level of volatility on the dark web. The lifecycle of dark web market places has shortened and there is no clear dominant market that has risen over the past year. Tor remains the preferred infrastructure, however criminals have started to use other privacy-focused, decentralised marketplace platforms to sell their illegal goods. Although this is not a new phenomenon, these sorts of platforms have started to increase over the last year. OpenBazaar is noteworthy, as certain threats have emerged on the platform over the past year such as COVID-19-related items during the pandemic.

EAST Publishes Fraud Update 2-2020

EAST has just published its second Fraud Update for 2020. This is based on country crime updates given by representatives of 20 countries in the Single Euro Payments Area (SEPA), and 8 non-SEPA countries, at the 1st (virtual) EAST Interim Meeting held on 10th June 2020.  For this meeting EAST adopted a new template for country reporting which means that data analysis can be more accurately assessed across the key reporting headings, as shown below.

The following countries supplied full or partial information for this Update:

Armenia, Austria; Belgium; Bermuda; Canada; Finland; France; Germany; Greece; Hungary; Italy; Liechtenstein; Luxembourg; Malta; Mexico; Netherlands; Norway; Portugal; Romania; Russia; Slovakia; South Africa; Spain; Sweden; Switzerland; Turkey; Ukraine; United Kingdom.

FRAUD TYPE

EAST Fraud Update

To date in 2020 the EAST Payments Task Force (EPTF) has published one related Payment Alert and the EAST Expert Group on All Terminal Fraud (EGAF) has published five related Fraud Alerts.

EAST Fraud Update

FRAUD ORIGIN

EAST Fraud Update

To date in 2020 the EPTF has published three related Payment Alerts.

To date in 2020 EAST EGAF has published ten related Fraud Alerts.

DUE DILIGENCE

PHYSICAL ATTACKS

To date in 2020 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published three related Physical Attack Alerts.

The full European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

Investment fraud gang taken down in Bulgaria and Serbia

Investment fraudA large criminal network involved in investment fraud, money laundering and social engineering was taken down in an international investigation, launched one year ago. The action day, which took place in Belgrade and Sofia, went ahead on 2 April despite the current lockdown.

Estimated total losses were €80 million and the fraud affected over 1,000 victims in Germany and Austria, as well as people in other countries.  In Austria  it is estimated that 850 victims lost around €2.2 million, while in Germany hundreds of victims suffered estimated losses of about €10 million.

The suspects, believed to be members of a large criminal network, offered bogus investments in trading products such as binary options and contract for differences (CFDs) on online trading platforms.  The investments started at around €250 and Agents from call centres in Bulgaria and Serbia then manipulated the victims to make much higher investments in non-existent trading products including CFDs and forex (foreign exchange currency market).

During the action day Law enforcement authorities from Bulgaria and Serbia carried out 11 house searches and arrested 9 individuals (5 in Serbia and 4 in Bulgaria). Two of the leaders of the criminal network were arrested in Sofia. The seizures include five properties in Serbia, €2.5 million from a bank account in Germany, electronic equipment and other evidential material. 30 other bank accounts were put under surveillance.  

Advisory Group on Financial ServicesEuropol and Eurojust supported the investment fraud investigation, which involved law enforcement and judicial authorities from Austria, Bulgaria, Germany and Serbia.  

Europol facilitated information exchange and provided analytical support, cross-checking operational information in real-time against its databases to provide leads to investigators in the field, and a Joint Investigation Team between Austria and Germany was set up by Eurojust to coordinate judicial matters.

EAST and Europol have worked together since 2004 and EAST provides secure platforms for public/private sector cooperation in the fight against organised criminal groups engaged in financial crime.  Click here for more information on EAST’s law enforcement relationships.

The EAST Payments Task Force (EPTF) has a specific focus on tackling social enginnering  This Group, which meets twice a year, adds value to the payments industry by using the unique and extensive EAST National Member platform and Associate Member network to provide information and outputs that are not currently available elsewhere.

EAST Publishes European Fraud Update 3-2019

European FraudEAST has just published its third European Fraud Update for 2019. This is based on country crime updates given by representatives of 16 countries in the Single Euro Payments Area (SEPA), and 4 non-SEPA countries, at the 49th EAST Meeting held in London on 8th October 2019.

Payment fraud issues were reported by seventeen countries. Social engineering is a key concern. Seven countries reported phishing attacks. One of them stated that fraudsters are using phishing to get targets for fake web campaigns where consumers can win money, and another reported fake web surveys aimed at getting consumer data. In one country the quality of vishing calls is improving, where the people making the spoof calls are very believable and often have local accents from the customer’s home area. Impersonation fraud was reported by four countries – in one of them police officers are impersonated, and another reported spoof calls being received by customers from bank call centres.

Card Not Present (CNP) fraud was reported by six countries. One of them reported CNP fraud at digital media players. Contactless fraud was reported by two countries – in one of them it is related to lost and stolen cards, and in the other card present (CP) transactions are being made at small merchants up to the allowed limit. To date in 2019 the EAST Payments Task Force (EPTF)  has issued five related Payment Alerts.

ATM malware and logical attacks were reported by five countries – one reported a new way of getting malware onto an ATM, that did not succeed, and four reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash. To date in 2019 the EAST Expert Group on All Terminal Fraud (EGAF) has published seven related Fraud Alerts.

Card skimming at ATMs was reported by thirteen countries. Overall skimming incidents in Europe continue to decline. Three countries reported the usage of ‘M3 – Card Reader Internal Skimming devices’, and the most recent variants continue to be made of transparent plastic. To date in 2019 EAST EGAF has published thirteen related Fraud Alerts. Year to date International skimming related losses were reported in 41 countries and territories outside SEPA and in 4 within SEPA. The top three locations where such losses were reported remain Indonesia, India and the USA.

Four countries reported card trapping attacks, one of them reporting such attacks at fake terminals, designed to resemble lobby door opening devices at bank branches.

Ram raids and ATM burglary were reported by nine countries and twelve countries reported explosive gas attacks. After one such attack collateral damage of over €200,000 was reported. Six countries reported solid explosive attacks. The usage of Triacetone Triperoxide (TATP) for solid explosive attacks is increasing across Europe. This explosive is also known as the ‘Mother of Satan’. Mixing TAPT is a complicated procedure that requires good knowledge of the chemicals, as there is a danger of setting off an unexpected explosion.

The spread of such attacks is of great concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings. To date in 2019 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published nine related Physical Attack Alerts.

The full European Fraud Update is available to EAST Members (National and Associate).

EAST participates at Europol Training on Payment Card Fraud Forensics

card fraud forensics EAST Development Director Rui Carvalho presented at the fifth edition of the Europol Training Course on Payment Card Fraud Forensics and Investigations at the Spanish National Police Academy in Ávila, Spain. His talk gave an overview of EAST, shared the latest statistics and trends on terminal fraud in Europe from the perspective of the private sector, and covered trends in payments, including an overview of regional and global e-wallets.

The Europol training, which ran from 8 to 12 July 2019, covered a wide range of topics  in the area of payment fraud, including online skimming, logical attacks on ATMs, card data analysis, cryptocurrencies, social engineering attacks and loyalty card fraud.

The training course was attended by 53 Investigators, forensic experts, and accredited trainers from 25 countries in the European Union, as well as from Colombia, Moldova and the United States.  Presentations were given by Europol staff and by key private sector organisations (including EAST). Since the first training in 2015 over 250 international students have benefited from the training programme, which has been supported by EAST from the outset.

This kind of event highlights the importance of close cooperation between the public and private sectors in the fight against cybercrime and all emerging threats in the field of payment card fraud. Such cooperation is enhanced by regular training, and by shared updates on investigative techniques and the improvement of forensic capabilities.

Europol and EBF launch cyberscams awareness campaign

avoid cyberscamsEuropol’s European Cybercrime Centre (EC3), the European Banking Federation (EBF) and their partners from the public and private sector have launched the cyberscams awareness campaign (#Cyberscams) as part of the European Cyber Security Month (ECMS). The ECMS is an EU awareness campaign that promotes cyber security among citizens and organisations, highlighting simple steps that can be taken to protect their personal, financial and professional data.

Over the next week, law enforcement agencies from all 28 EU Member States, 5 non- EU Member States, 24 national banking associations and banks and many other cybercrime fighters will be raising awareness about this criminal phenomenon. This pan-European endeavour will be driven by a communication campaign via social media channels and national law enforcement, bank associations and financial institutions.  The EAST Payments Task Force (EPTF) focuses on tackling such cyberscams.

Europol’s Internet Organised Crime Threat Assessemtnt (IOCTA) 2018 recommendations highlight that the most effective defence against social engineering is the education of potential victims – that’s each and every one of us when online! Raising awareness among the general public on how to identify cyberscams will help to protect us and keep our finances safe online.

Awareness-raising material in 27 languages is available for public download – this includes information on the 7 most common online financial scams, and how to avoid them.  These are:

  • CEO fraud: scammers pretend to be your CEO or senior representative in the organisation and trick you into paying a fake invoice or making an unauthorised transfer out of the business account.
  • Invoice fraud: they pretend to be one of your clients/suppliers and trick you into paying future invoices into a different bank account.
  • Phishing/Smishing/Vishing: they call you, send you a text message or an email to trick you into sharing your personal, financial or security information.
  • Spoofed bank website fraud: they use bank phishing emails with a link to the spoofed website. Once you click on the link, various methods are used to collect your financial and personal information. The site will look like its legitimate counterpart, with small differences.
  • Romance scam: they pretend to be interested in a romantic relationship. It commonly takes place on online dating websites, but scammers often use social media or email to make contact.
  • Personal data theft: they harvest your personal information via social media channels.
  • Investment and online shopping scams: they make you think you are on a smart investment… or present you with a great fake online offer.

Some general tips to help avoid falling victim to the above cyberscams are:

  • Check your online accounts regularly.
  • Check your bank account regularly and report any suspicious activity to your bank.
  • Perform online payments only on secure websites (check the URL bar for the padlock and https) and using secure connections (choose a mobile network instead of public Wi-Fi).
  • Your bank will never ask you for sensitive information such as your online account credentials over the phone or email.
  • If an offer sounds too good to be true, it’s almost always a scam.
  • Keep your personal information safe and secure.
  • Be very careful about how much personal information you share on social network sites. Fraudsters can use your information and pictures to create a fake identity or to target you with a scam.
  • If you think that you have provided your account details to a scammer, contact your bank immediately.
  • Always report any suspected fraud attempt to the police, even if you did not fall victim to the scam.

Don’t become a cyberscams victim!  Stay aware and spread the word

Viewpoint: Poll indicates malware and black box attacks are biggest fraud risk to the ATM channel

In a website research poll that ran from May to August 2017 participants were asked how they saw fraud risk developing for ATMs. 67% of respondents felt that malware and black box attacks were the biggest risk, 20% went for card skimming, 7% chose social engineering, and cash trapping and card trapping were each chosen by 3%. The poll results can be seen in the chart below.

black box

This poll result is in line with EAST’s published European ATM fraud statistics, with reports that date back to 2004.  Over the past thirteen years we have seen fraud trends change, particularly since the EMV (Chip and PIN) roll out commenced.  Most recently we have seen an increase in black box attacks, as highlighted in an ATM Crime Report published by EAST in April 2017 and covering the full year 2016.

The current website research poll, which closes at the end of December, is on Payment Fraud and asks if you have experienced losses due to payment fraud over the past two years, how long did it take to get reimbursed?  To take it, and to see all past results, visit the Payment and Terminal Research page on this website.

EAST presents at ISMG Fraud Summit in London

tower guoman hotelEAST Executive Director Lachlan Gunn presented EAST and the latest EAST European ATM Crime Report at a Fraud Summit held by the Information Security Media Group (ISMG) in London on 27th October 2015.

The event was held at the Tower Guoman Hotel beside Tower Bridge and the Tower of London.  A key theme of the summit was that fraud is a global problem and that to fight it global collaboration is essential.

Other speakers who covered payment fraud included Neira Jones, an independent cyber and payments security expert who focused on social engineering; and Jeremy King, the PCI Security Standards Council’s International Director, whose talk highlighted that European data breaches are under-reported.

More information can be found on The Fraud Blog by Tracy Kitten.

 

 

VIEWPOINT: ATM Fraud

ATM Security2In an EAST website research poll that ran from September to December 2014 respondents were asked the question ‘What do you feel is the biggest fraud risk to the ATM channel over the next few years?’

52% chose malware, 37% voted for card skimming, 4% for cash trapping, 3% for card trapping and 3% for social engineering.

EAST Poll Sep to Dec 14

Malware is an emerging fraud trend for the ATM channel. EAST has been reporting European ATM fraud statistics since 2004. Over the past decade we have seen fraud trends change, particularly since the EMV (Chip and PIN) roll out commenced. Most recently we have seen a shift from hi-tech skimming to lo-tech card and cash trapping. Our next European ATM Crime report, covering the full year 2014, is scheduled for publication in April 2015.

You can see some of our ATM Fraud definitions on this website. We define ATM Malware as either ‘cash out/jackpotting’ or ‘card and Pin compromise’ and a definition for social engineering is ‘the clever manipulation of the human tendency to trust’.

The current website research poll is on cardholder awareness and asks the question – ‘How often do you see fraud warnings and fraud prevention messages displayed on ATMs in your country?’ To take it, and to see all past results, visit the ATM Research Page on this website, or click on the button below.