Advanced Strategies Against Identity Theft and Cyber Fraud Tactics

Identity Theft Using a Layered Defense Against Advanced Cyber Fraud Tactics 1

Leo Taddeo Leo Taddeo is the strategic security advisor for Easy Solutions. Mr. Taddeo, former Special Agent in Charge of the Special Operations/Cyber Division of the FBI s New York Office, is responsible for analyzing the cybersecurity market to help shape Easy Solution s vision for security products. Mr. Taddeo provides deep domain insight into the techniques, tactics and procedures used by cybercriminals, to help Easy solutions continue to develop disruptive techniques that enable customers to defend against advanced threats. Mr. Taddeo received his degree in applied physics in 1987 from Rensselaer Polytechnic Institute. After completing his studies at Rensselaer, Mr. Taddeo served as a tank officer in the US Marine Corps. In 1991, he was awarded a Purple Heart and Bronze Star Medal for valor for his service in the Gulf War. Following his service in the Marines, Mr. Taddeo earned a Juris Doctor from St. John s University. Upon graduation, he joined the law firm of Mound, Cotton & Wollan in New York, where he practiced in the field of civil litigation until entering on duty with the FBI. Mr. Taddeo is a graduate of the CISO Executive Program at Carnegie Mellon University. He also maintains the Certified Information Systems Security Professional (CISSP) and GIAC Certified Incident Handler certifications. 2

More Identity Theft Each Year Identity data has been widely compromised Harvested from social media Purchased from data aggregators Open sources Deep and dark web sites Criminals are assembling vast portfolios of compromised information Security questions less effective

Identity Data More Valuable Than Ever Criminal Groups Financial Fraud Tax fraud Healthcare Schemes Nation States Unknown Actor China 4

Law Enforcement Approach Interdict All Stages of the Fraud Lifecycle Ensure Layers Are Connected Layered Approach Preparation Execute Scheme Cash Out Profits More opportunities to catch criminals Adds complexity and cost to criminals Integrate layers Leverage intelligence

Interrupting the Preparation Phase What You Should Do: What Criminals Do: Monitor who visits your websites Collect data on your visitors such as time of day, geo- location, screen resolution, etc. Compare normal behavior to criminal behavior Monitor for web scraping Prepare Before Executing Scheme Gather information their targets Visit your website Scrape your Website about Setup and Launch Planning and Targeting Cashing

Interrupting the Execution Phase What You Should Do: What Criminals Do: Provide safe access to log-in pages Know the device your customer is using Link device with user Steal Identity (credentials) Emails with malware attached Links directing customers to phishing sites Manipulate social media Setup and Launch Planning and Targeting Cashing

Interrupting the Cash-Out Phase What Criminals Do: What You Should Do: Look for anomalies in customer transaction behavior Identify suspicious transactions Require strong authentication for suspicious transactions Device authentication One-time Passwords Challenge questions Cash out. Move compromised their account Use mules to move money around and origin Makes recovery difficult money from a account to conceal the Setup and Launch Planning and Targeting Cashing

Integrate Intelligence with Protections Collect and analyze endpoint and user attributes. Collect and analyze customer behavior. Compare to baseline to Identify anomalous activity. Use Risk-Based Approach to Security. Prevent suspicious users from gaining access. Step up controls to match threat.

Total Fraud Protection Multi-Channel End-to-End Fraud Detection Setup and Launch Planning and Targeting Cashing ATM Debit Account Takeover Phishing/Pharming ACH/Wire Malware Intel Gathering Targeting Mobile Apps Brand Intelligence 10

Thank you! Strategic Security Advisor, Easy Solutions