B2B Tech Talk with Ingram Micro
B2B Tech Talk with Ingram Micro

Episode · 2 years ago

How to Prevent Fraud in Your Business | Security Series

ABOUT THIS EPISODE

With robocalls, phishing emails and Slack attacks, the likelihood you will encounter a fraudulent attack is nearly 100%. Whether you fall victim to that attack is a different story. Ingram Micro’s Director of Safety & Security in the US, Cris Paffrath, and Senior Manager of Corporate Security, Bill Vogtsberger, fill us in on how to limit the risk of fraudulent attacks.They cover everything from business email compromise to scams happening over instant messenger apps. 

Security has always been a passion.Amine have always viewedd it as as a chess gaing we're always trying to stayone step ahead of ing the bad actors that are out there. You're listening to be to be TEC, tokedwith ingro micro, the place to learn about new technology and technologicaladvances before they become mainstream. This Pied Gast is sponsored by dealingtechnology, make your home, smarter, safer and truly seamless, let's getinto it, welcome to be to be tacktop with anger,a d micro, I'm your host, Kerry Roberts and our guests today are Chris Pafra,the director of safety and security in the US, with Inger Micro and billboxsburger. The senior manager with corporate security at angr microwelcome crestend bell so excited to have you here today: Pxcary Ere, HaviBeer, yes lik OES! So today we're chatting about how to prevent fraud inyour business, but before we get into that, I know that you both started outstudying the same sort of thing criminology and criminal justice. Caneach of you give us a brief overview of why security is something you're sopassionate about and what your role entails now and anger, a micro and billwill start with you, we'e been within remigro now for about fourteen yearsand N, my current roll is e senior manager of corporate security. I assistChris and maintaining our physical security programs at all of our. U S,facilities and conduct frag investigations reported to ourfraudnetwork security has always been a passion. Amine AVD always vewed it asas a chess gang we're always trying to stay one step ahead of n the bad actorsthat are out there that are making attempts to try to the security programs of our companiesand our our partners yeah, and for me, Carey, I I always kindof joke. I wasraised on security. My father was law enforcement and then worked thirtyyears: Corporate Security with United Parcial Service. So I I was kind ofraised on the craft of security, but I...

...was originally pursuing law enforcementmyself and then had an opportunity at Inger migro about fourteen years agoand jumped at it and have not really lookedback. Since my current role is the director of security for safety andsecurity is obviously to protect the folks, the inge microassociates, aswell as the assets and the brand name. So we certainly got into much like bill.We we get into this job because a we wan to do something different everysingle day, and I think security offers that opportunity for us, and then youknow, I think, ultimately, we want to help so we're helping our organizationwe're helping the people within our organization and and even our customersand value out. Ed resellers. Yes- and we definitely appreciate that, can youprovide us with some stat or data on fraud, for example? How likely it is tohappen to a business and why shouldn't organization be more concerned about it?The likelihood of someone experiencing fraud, whether it be an organization orpersonal, is, is high, probably nearly a hundred percent. If you think aboutit, we see it on a regular currence. Most of US ignore it now because we'reused to it, but it's either in our personal emails, even in our mailbox athome Um, the Robo calls that we might get so the likelihood of interactingwith fraud or being subject to a fraud attempt is high Um, whether you fall avictim to it is another story: Hen, let's face it. Frog really is a growingindustry. We one in talk, in particular a business ewill compromise as seen ahundred percent increase in identified, exposed losses remported to the PPIfrom May twenty eighteen through July, thosnd, a ND nineteen heugu lists, tosedollar losses for this frod at twenty six Po, two billion dollars Oter lastthree years, and that's just o one specific type of frond. I think the theCertified Frod examiers twenty eighteen port ofthe nations even set on average.Most businesses well lose five percent of their annual revenue to Frau. Soit's out there it's it's...

...o probability that you will have todeal with it eventually yeah. I just heard that a number recently, twentysix pointy two billion dollars over on th the TV which is craziness one of thetopways fraud is happening, is through email. What does a fraudulent emaillook like today and how is that information being taken? Well with abusiness ou compromise attack? It looks no different than a normal businesscommunication in this attack. A criminal will compromise a customersemail account through the use of social engineering, rother antrusiontechniques. Once inside the the reseler's network. The attacker willthen be able to send and receive emails using the businesses, a legitimateemail, biling people who receive these emails will be completely unaware thatthey 're talking to a criminal and not the cender listed in the address. Whatmakes the attack so devastating is that criminal will have access to all thecompany documents that were set over that email ccount like Pel, partiseolders, for instance, the bad actor will be able to requestand approve quotes for materials or even transfer fonds. So an emocompromise is a devastating attack on a reseller andit looks no different than just a normal business email, and so that getstaken just from that one response. Yes, one fishing attempt one click on a linkwith moware going to a fraudulent landing siht getting your network, Idecompromised is all it takes, and those e talkers are ending your network.Now it's been said that fishing scams are more common now than now, wherewhat is a fishing scan and what are some recent ones that businesses shouldbe on the lookout for well, fishing emails are becoming more and moredifficult to spot. The days of the poorly worded Nigerian prince emalesare gone. They just don't exist anymore. Bad guys are always improving theirdelivery system, but the one thing you can always count on is these emailswill always fall a normal pattern. They...

...will always incentivize through athreat or reward. The email will threaten adebmemanoutstanding memo thatwill require an en user to log into a page to provide banking information oriltheofferriward through future government contracts. The emails alsorequests personal sense of material there'll, be a need for a high sense ofprivacy or urgency. They wanted to feat fraug protocols, the email will containlinks or attachments to Eliver malware to steal credentials. All the time,youll still see a lot of smelling and grammar mistakes, ind thise emails,because they're being written by people who, for the most part English, is not theirfirst language. The emails will often time appear canned or they're whenyou're reading them Wey'l feel like they're coming from a tempelat they're,not very personalized, but he would expect rom a normal email before we jumped straight back intotoday's episode. We wanted to let you know about one of the industry's mostimportant events: Inger Micros, one thousand and nineteen, even on Novembereighteenth through November, twenty first at the Gay Lord Rocky'sConvention s, one is your chance to experience. What's new and excitinginsecurity, Iot cloud and more also you'll be able to network with otherbusinesses, industry experts, Kingra, Mipro, associates and or vendorparterscontact, our INGRA micro representative for details on how to register todayall right, let's get back to the show now, there's also been quite a fewattacks now starting to happen through Messaging Apps, like slack and FacebookMessenger. Why is this now? The new place forstamps to happen, and whatdoes that look like, so as how we communicate te walls with each other,so will fraug social media and messaging ats? These are a large partof our Dai lives and how we talk with each other. It's only makes sense thatcriminals Woll target these, as as a high value target for fauld. I alsothink people believe that these modes...

...of commication are somehow more secure.The'R less vulnerable than Internet forms fishing emails. I think we sortof let our guard dout when we're using a mobile messaging out for some reason,but an all reality, an attack whether it's coming through a fishing email orthrough a messaging ot, we'll follow the same potter. It will still havethat same threat or reward. It will still have a request for personalinformation. It will still have a a lingk. You know, it'll be t the papallcout scan. It's telling you. You got to click on this link because your Townh'sbeen compromised and really that lenks Takin e to a fraudulant landing site.That is there sool purpose of stealing your credentials. So really it it's nodifferent. It's just the mode or the means of communication is changed, butthe fraud is still teset. Now I know it's the internal teams that aregenerally the ones getting targeted on things like what we've been chattingabout. Can you give some actionable steps that companies can take toprevent, or at least limit the risk of this happening to their organization? If I would give you the top threeactional items, at least in my mind, first and Foremot, she got to be a hardtarget against fishing scaps. So sharing on lot, your job descriptions,your duties, you're out of office, your hierarchical information. These are allthings that a bad guy criminal's going to key in on when he creates hisfishing attacker. A spearfishing attack opening emails from unknown porties,not scrutinizing the email address, not soorting emails, but reply eing else byfording emails. You are correct, you are choosing the correct address froman address book versus a smooth'd address, so really these things thatyou can do to be a hard target against fishing or are probably first oforemost yeah and carry. I think I would. I would add too, that you know.Obviously, those things that that bill called out are are are great examplesof how we're getting a attacked and what we can do to try and prevent it.But you know, at the end of the day we're we're asking our folks in peoplein general, just to be more diligent in...

...the interaction that they have ou now,as Yo were talking about the messaging nd and the different ways ofcommunicating with each other. Now in our world, it has made us morevulnerable. You know gone ar the days of of the regular one on oneinteractions face to face and even phone calls. Now everything is donethrough electronic male, instant messaging, you name it, but thevulnerability is higher now, because there's less verification in a lot ofways and who we are communicating with and what kind of information we'resharing. So you know really, you know a lot of this is just people being morediligent in in what they do every day. Now, where can people learn more aboutwhat we talked about today and or where can they connect with each of you? Noovera Frau one o one kind of education. There are a lot of great resources outthere in the association that certified fraud. Examiners is probably about oneof the first places you can go. They put out a report to the nations everyyear that discusss fraud, the FBI, Internet Crome, complait centerbreviated. I C three puts out public announcements on various types of fraud,their impact and red flags that you can look for which are advertised on their PSAS, which is agreat resource, and if they want to reach out to either bill or myselfdirectly, we obviously have linton pages that we can be contacted. Ouremail addresses would be found there. Also within Inger migro. We have afraud, email which is fraud, dot, alert at Ingra micro dcom. They can reach outthrough that avenue, to ask questions or get more information as well asreport any kind of suspicious activity or something that they might be seenHif. For some reason, somebody wanted to remain anonymous and report anyinformation to Inger Micro. They can do that through our hotline, which is oneeight, eight, eight Ingram two, that's I N G R, a m two and those are just acouple of different ways that they can...

...reach out and report some informationor ask for more additional information from US great and the last question welike to ask our guess on this show is: Where do you see technology goingwithin the next year and crist will start with you GRP? Well speaking, interms of security technology, we're starting to see some very interestingthings related to m asset tracking, whether it be for you know, our poweredindustrial equipment inside of a warehouse are inventory as it moveseither within the warehouse environment or from our doctor to the customersdocdor, even even to the ability of tracking people, and that's somethingthat we're starting to explore within our environment to see how we canbetter protect our assets as well as our associates. Certainly, I thinkdrone technology and robotic technology is quickly coming to a place where itmakes more sense in the corporate security environment. There's stillsome work to be done there, but I don't think it's long before they make that aregular tool for us in our day to day activities. I think videoanalytics willbe something that m will take more advantage of, as as the the abilitiesgrow and become more economical for us in the computer in the UM corporate world. So there's a lot of alot of interesting things that are going on with technology. You Know Ainin the in the security space that M yo N W M, I'm looking forward to watching,grow and and seeing how we can take advantage of it and use it n. Theprograms that we run every day, tecnology really is becoming moredecentralized, which also, I think, is a positive for a security companies arelooking to blockcan networks, ib M for instanceis running trials to useblockchainback systems for supply chain. Monitor these systems. Wilt, allow datato really be to be verified over very large prtepeer networks before beingsecurely added to a chain which will prevent individuals from being able toall l, alter individual blocks, O data...

...without having to alter an entire chain,which is virtually impossible, we're finding better and better ways tosecure that technology, which is gon, have vast improvements for our notonourresouce, but for our end users, yeah, and then I I think too, from atechnology standpoint, whether it be personal, professional security,whatever the case may again be again going back to our ability tocommunicate or how we communicate. That's only Eing to continue to grow.You know whether it be instant messaging face to face. I mean now,even in our our corporate environment, we're using instant messaging online,we're using skipe or using video conferencing we're using all thesedifferent ways of communicating and interacting that don't require the oneto one verification necessarily to say I know exactly who I'm talking to so.Yes, it's made our lives easier, but it's also made us more vulnerable. Sofrom a fraud standpoint. I certainly see that piece of technology becomingmore part of our everyday life and then thus making us a little bit morevulnerable to the bad actors who want to take advantage of that. Well, thankyou. So much both of you for sharing your knowledge and INS' today and welook forward to having you on I'm sure against soon we'll fix rous carry. Weappreciate it do't think very much if you like this episode or have aquestion join the discussion on twitter at Angram Texsol with the Hash Tag, Baobe tuktop. Thank you for tuning in and subscribing to be to be tec top withanger and micro. You've been listening to be to betectalked with Inger micro posted by cerry Roberts and sponsored by deelingtechnology. Btobetatak is a joint production, my sweetfish media andanger, migro Inger migro production handled by Laura Burton and ChristineFam to not miss an episode subscribe today in your favorite pitcast platform.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (331)