1 00:00:00,170 --> 00:00:02,100 Fraud and Scams. 2 00:00:02,100 --> 00:00:05,400 In this lesson we're going to talk about some fraud and scams 3 00:00:05,400 --> 00:00:08,060 because these are types of social engineering. 4 00:00:08,060 --> 00:00:10,260 Now, the first thing I want to talk about is fraud. 5 00:00:10,260 --> 00:00:12,790 What exactly is a fraud? 6 00:00:12,790 --> 00:00:14,170 Well, when you're dealing with a fraud, 7 00:00:14,170 --> 00:00:16,500 you're dealing with the wrongful or criminal deception 8 00:00:16,500 --> 00:00:19,890 intended to result in financial or personal gain. 9 00:00:19,890 --> 00:00:22,310 So if I'm trying to commit fraud against you, 10 00:00:22,310 --> 00:00:25,160 I'm trying to essentially steal from you in some way. 11 00:00:25,160 --> 00:00:27,260 But I'm not really stealing like picking your pocket, 12 00:00:27,260 --> 00:00:28,670 you're actually giving it to me, 13 00:00:28,670 --> 00:00:30,380 because I'm going to trick you into doing it. 14 00:00:30,380 --> 00:00:33,070 And that's why this is part of social engineering. 15 00:00:33,070 --> 00:00:34,950 Now, one of the most common frauds that we deal with 16 00:00:34,950 --> 00:00:38,000 inside of cybersecurity is identity fraud. 17 00:00:38,000 --> 00:00:40,300 Identity fraud is the use by one person 18 00:00:40,300 --> 00:00:42,570 of another person's personal information, 19 00:00:42,570 --> 00:00:45,850 without their authorization, to commit a crime or to deceive 20 00:00:45,850 --> 00:00:49,560 or defraud that other person or some other third party. 21 00:00:49,560 --> 00:00:52,490 Really what this sounds like is identity theft, right? 22 00:00:52,490 --> 00:00:54,720 We hear that term a lot these days. 23 00:00:54,720 --> 00:00:55,670 When we talk about somebody who stole 24 00:00:55,670 --> 00:00:58,420 your social security number, or your date of birth, 25 00:00:58,420 --> 00:01:01,020 or your personal information, or where you were born. 26 00:01:01,020 --> 00:01:04,240 All of that information can be used to steal your identity. 27 00:01:04,240 --> 00:01:05,980 Now when somebody commits identity theft, 28 00:01:05,980 --> 00:01:08,420 they're actually stealing another person's identity 29 00:01:08,420 --> 00:01:10,030 and using it as their own. 30 00:01:10,030 --> 00:01:12,410 So they're going to actually become you. 31 00:01:12,410 --> 00:01:14,040 They want to take your social security number, 32 00:01:14,040 --> 00:01:16,650 and they're going to apply for new credit as if they're you. 33 00:01:16,650 --> 00:01:17,830 They're taking over your identity. 34 00:01:17,830 --> 00:01:19,590 That's the idea with identity theft. 35 00:01:19,590 --> 00:01:21,410 Now, often we hear identity fraud 36 00:01:21,410 --> 00:01:24,740 and identity theft being used interchangeably. 37 00:01:24,740 --> 00:01:26,380 Now there's really a misconception here 38 00:01:26,380 --> 00:01:28,470 because there is a difference between identity fraud 39 00:01:28,470 --> 00:01:29,660 and identity theft. 40 00:01:29,660 --> 00:01:30,750 With identity fraud 41 00:01:30,750 --> 00:01:32,380 I might just take your credit card number 42 00:01:32,380 --> 00:01:34,420 and then go make charges as if I'm you. 43 00:01:34,420 --> 00:01:36,200 That's not technically identity theft, 44 00:01:36,200 --> 00:01:37,830 that's just identity fraud. 45 00:01:37,830 --> 00:01:40,590 But these days, most people will use both terms 46 00:01:40,590 --> 00:01:43,630 interchangeably and more commonly you'll hear identity theft 47 00:01:43,630 --> 00:01:44,750 as the term. 48 00:01:44,750 --> 00:01:48,590 For the exam though, they prefer the term identity fraud. 49 00:01:48,590 --> 00:01:51,030 Now, the next thing I want to talk about is scams. 50 00:01:51,030 --> 00:01:53,160 What exactly is a scam? 51 00:01:53,160 --> 00:01:57,000 Well, a scam is a fraudulent or deceptive act or operation. 52 00:01:57,000 --> 00:01:58,760 That's it. It's really simple. 53 00:01:58,760 --> 00:02:01,200 Essentially it's somebody trying to deceive you 54 00:02:01,200 --> 00:02:02,680 into doing something. 55 00:02:02,680 --> 00:02:04,820 Now I can do that in a lot of different ways, 56 00:02:04,820 --> 00:02:06,570 but the one that we are most worried about 57 00:02:06,570 --> 00:02:08,770 as cybersecurity professionals is what's known 58 00:02:08,770 --> 00:02:10,330 as an invoice scam. 59 00:02:10,330 --> 00:02:11,960 This is because it is commonly used 60 00:02:11,960 --> 00:02:13,330 against small businesses, 61 00:02:13,330 --> 00:02:16,320 medium-sized businesses and large businesses. 62 00:02:16,320 --> 00:02:17,840 When we talk about an invoice scam, 63 00:02:17,840 --> 00:02:20,420 this is a scam in which a person is tricked into paying 64 00:02:20,420 --> 00:02:22,940 for a fake invoice for a product or service 65 00:02:22,940 --> 00:02:25,010 that they did not actually order. 66 00:02:25,010 --> 00:02:27,900 Now there's many different variations of this invoice scam, 67 00:02:27,900 --> 00:02:30,590 but the typical one is something like this. 68 00:02:30,590 --> 00:02:31,640 You get a phone call, 69 00:02:31,640 --> 00:02:32,960 and as you answer the phone call 70 00:02:32,960 --> 00:02:34,550 as the receptionist for your office, 71 00:02:34,550 --> 00:02:36,670 they ask you a couple of basic questions. 72 00:02:36,670 --> 00:02:37,560 They might ask you questions 73 00:02:37,560 --> 00:02:39,010 about the type of printer you have, 74 00:02:39,010 --> 00:02:40,740 or to verify an order that you've placed 75 00:02:40,740 --> 00:02:42,390 for a certain type of toner. 76 00:02:42,390 --> 00:02:45,980 So they'll say, "Oh, do you have an HP LaserJet XYZ model?" 77 00:02:45,980 --> 00:02:48,760 And you'll say, "Oh no, we have the YAZ model." 78 00:02:48,760 --> 00:02:50,080 They go, "Oh okay, I'll make sure 79 00:02:50,080 --> 00:02:51,710 I get that fixed on the order." 80 00:02:51,710 --> 00:02:53,480 And then a couple of days later 81 00:02:53,480 --> 00:02:55,490 on your doorstep is some toner. 82 00:02:55,490 --> 00:02:58,090 And you're like, okay, that tracks, I had the call. 83 00:02:58,090 --> 00:02:59,100 I ordered the toner. 84 00:02:59,100 --> 00:03:01,900 I verified the model and now the toner showed up. 85 00:03:01,900 --> 00:03:03,610 But when you look at that bill, 86 00:03:03,610 --> 00:03:04,760 you're going to get this invoice 87 00:03:04,760 --> 00:03:07,250 and it's going to be exceptionally large for what you got. 88 00:03:07,250 --> 00:03:09,110 And when you look at it, you may find that you paid 89 00:03:09,110 --> 00:03:12,900 two or five or 10 times the cost of what that toner is 90 00:03:12,900 --> 00:03:15,630 if you just went to Amazon or Office Depot to buy it. 91 00:03:15,630 --> 00:03:18,010 And that's why this is called an invoice scam. 92 00:03:18,010 --> 00:03:20,550 Now, once you get that bill, you're really surprised, right? 93 00:03:20,550 --> 00:03:22,060 And then your boss starts looking at it 94 00:03:22,060 --> 00:03:22,893 and they start saying 95 00:03:22,893 --> 00:03:25,150 "Hey, why is our toner budget all blown up? 96 00:03:25,150 --> 00:03:27,130 Why are we way over budget here?" 97 00:03:27,130 --> 00:03:28,710 And it's usually because somebody has fallen 98 00:03:28,710 --> 00:03:30,470 for one of these invoice scams. 99 00:03:30,470 --> 00:03:31,510 Now it's not just toner, 100 00:03:31,510 --> 00:03:33,140 although it's one of the more common ones, 101 00:03:33,140 --> 00:03:34,750 I've seen it done with printer paper, 102 00:03:34,750 --> 00:03:37,550 toner, office supplies, trash bags, 103 00:03:37,550 --> 00:03:40,130 janitorial services, all sorts of different things. 104 00:03:40,130 --> 00:03:41,720 And so you want to make sure you're on the lookout 105 00:03:41,720 --> 00:03:44,370 for these types of things inside your organization. 106 00:03:44,370 --> 00:03:47,160 Now, when we talk about identity fraud and invoice scams, 107 00:03:47,160 --> 00:03:50,420 these are rather low-tech social engineering techniques. 108 00:03:50,420 --> 00:03:51,950 For example with identity fraud, 109 00:03:51,950 --> 00:03:53,290 I might call you up on the phone 110 00:03:53,290 --> 00:03:54,900 and get you to give me information, 111 00:03:54,900 --> 00:03:57,190 like your date of birth or your mother's maiden name 112 00:03:57,190 --> 00:03:58,140 or things like that. 113 00:03:58,140 --> 00:04:01,000 And then use that to steal pieces of your identity. 114 00:04:01,000 --> 00:04:02,540 But it doesn't have to be low-tech. 115 00:04:02,540 --> 00:04:04,620 It can be very technical as well. 116 00:04:04,620 --> 00:04:07,150 For example, there's a thing called prepending. 117 00:04:07,150 --> 00:04:09,580 And this is a very technical method that's used 118 00:04:09,580 --> 00:04:11,290 in social engineering to trick users 119 00:04:11,290 --> 00:04:13,500 into entering their usernames and passwords 120 00:04:13,500 --> 00:04:15,200 and other sensitive information 121 00:04:15,200 --> 00:04:18,050 by adding what's considered essentially an invisible string 122 00:04:18,050 --> 00:04:20,000 before the web link when they go to click 123 00:04:20,000 --> 00:04:21,470 on something in an email. 124 00:04:21,470 --> 00:04:23,410 So if we go and look at pretending, 125 00:04:23,410 --> 00:04:26,340 what we're going to see is that there's this prepended string 126 00:04:26,340 --> 00:04:28,400 that's called data:text. 127 00:04:28,400 --> 00:04:32,240 And anything beyond that is going to be some form of data 128 00:04:32,240 --> 00:04:33,310 that's now being converted. 129 00:04:33,310 --> 00:04:37,040 So in this case, I have data:text/html. 130 00:04:37,040 --> 00:04:38,410 What type of data is it? 131 00:04:38,410 --> 00:04:40,550 Well it's text or HTML data. 132 00:04:40,550 --> 00:04:42,410 Then there's a comma and everything 133 00:04:42,410 --> 00:04:45,720 beyond that is going to be what is treated as data. 134 00:04:45,720 --> 00:04:46,620 And so if you look here 135 00:04:46,620 --> 00:04:49,040 and I clicked on a link and I see https, 136 00:04:49,040 --> 00:04:53,910 accounts.google.com/ServiceLogin:service=mail. 137 00:04:53,910 --> 00:04:55,020 That looks normal. 138 00:04:55,020 --> 00:04:55,920 That's what you would get 139 00:04:55,920 --> 00:04:58,570 if you were trying to log in using your Gmail account. 140 00:04:58,570 --> 00:05:00,410 But what you're not seeing is everything else 141 00:05:00,410 --> 00:05:02,500 beyond that, as it goes past the scroll bar 142 00:05:02,500 --> 00:05:05,170 of that browser and all the rest of that could have things 143 00:05:05,170 --> 00:05:08,310 like small files that are inline of these documents. 144 00:05:08,310 --> 00:05:09,670 And so when you're going to that, 145 00:05:09,670 --> 00:05:11,430 instead of being brought to Google, 146 00:05:11,430 --> 00:05:12,263 you're actually being brought 147 00:05:12,263 --> 00:05:13,800 to a page that looks like Google. 148 00:05:13,800 --> 00:05:15,100 And when you enter that data 149 00:05:15,100 --> 00:05:16,880 it's now going to go into my system 150 00:05:16,880 --> 00:05:18,780 and I'm going to be able to steal your identity, 151 00:05:18,780 --> 00:05:20,030 perform an invoice scam, 152 00:05:20,030 --> 00:05:22,763 or other things by using this prepending technique.