Inside Phone Fraud: The Home Depot Breach

15
2014 Pindrop SecurityConfidential INSIDE PHONE FRAUD The Home Depot Breach

description

In 2014, Home Depot suffered a massive security breach, with Fraudsters stealing card data from millions of customers. Here, Pindrop Security researchers break down exactly how fraudsters are using that information to steal identities and takeover accounts - in just 5 easy steps. Read more details on our blog at: http://www.pindropsecurity.com/home-depot-attack-leads-to-phone-channel-exploits/

Transcript of Inside Phone Fraud: The Home Depot Breach

Page 1: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

INSIDE PHONE FRAUDThe Home Depot Breach

Page 2: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

HOW THE HOME DEPOT BREACH LED TO PHONE FRAUD

Page 3: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

(IN 5 EASY STEPS)

Page 4: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

BUY STOLEN DATA1

Page 5: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

CARD DATA FROMHOME DEPOT CUSTOMERS

IS NOW FOR SALE ONLINE

Page 6: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

SHOPPING LIST: CARD NUMBER

FULL NAME

STORE ADDRESS

Page 7: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

USE THAT INFO TO FIND: LAST 4 DIGITS OF SS#

DATE OF BIRTH

CARD EXPIRATION DATE

Page 8: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

CALL THE BANK2

Page 9: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

(EXTRA CREDIT)SPOOF THE CUSTOMER’S

PHONE NUMBER

Page 10: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

ANSWER 3 OUT OF 5 QUESTIONS3

Page 11: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

MOST US BANKS LET CUSTOMERS MAKE

ACCOUNT CHANGES IF

THEY PASS 3 OF 5 SECURITY CHECKS

Page 12: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

(TIME TO PULL OUT THAT DATA YOU BOUGHT)

Page 13: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

CHANGE THE PIN NUMBER4

Page 14: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

GO SHOPPING5

Page 15: Inside Phone Fraud: The Home Depot Breach

2014 Pindrop Security™ Confidential

LEARN MORE

READ MORE ON THE PINDROP SECURITY BLOG

DOWNLOAD THE STATE OF PHONE FRAUD REPORT

BEST PRACTICES FOR HOW TO PREVENT PHONE FRAUD

Incidents like the Home Depot breach demonstrate how intertwined phone and online fraud are for enterprises. Click here.

Pindrop security reviewed phone fraud activity during the first six months of 2013 to understand the frequency of attacks and the methods and motives of fraudsters.Click here.

This whitepaper explains the risks in phone call fraud and caller ID spoofing. It discusses the technologies available for Caller ID verification and device authentication.Click here.

http://www.pindropsecurity.com/home-depot-attack-leads-to-phone-channel-exploits/
http://www.pindropsecurity.com/phone-fraud-report/
http://www.pindropsecurity.com/how-to-prevent-phone-fraud/
http://www.pindropsecurity.com/phone-fraud-report/
http://www.pindropsecurity.com/how-to-prevent-phone-fraud/
http://www.pindropsecurity.com/home-depot-attack-leads-to-phone-channel-exploits/

Breach, breach, breach…

Breach, breach, breach…

Understanding Computer Forensics - OWASP · 2020-01-17 · How can computer forensics be used? • Financial and other fraud • Employee misconduct and corporate policy breach •

Understanding Computer Forensics - OWASP · 2020-01-17 · How can computer forensics be used? • Financial and other fraud • Employee misconduct and corporate policy breach •

Promissory Fraud Without Breach - Yale University

Promissory Fraud Without Breach - Yale University

UNITED STATES BANKRUPTCY COURT EASTERN … · 2 things, breach of fiduciary duty, fraud and conspiracy to defraud, constructive fraud, and unjust enrichment.1 The Amended Complaint

UNITED STATES BANKRUPTCY COURT EASTERN … · 2 things, breach of fiduciary duty, fraud and conspiracy to defraud, constructive fraud, and unjust enrichment.1 The Amended Complaint

LEGAL LIMITS TO COMMUNICATION. COMMON LAW FRAUD Cunning Deception Artifice Cheat Circumvent Breach of Trust Breach of Confidence Undue.

LEGAL LIMITS TO COMMUNICATION. COMMON LAW FRAUD Cunning Deception Artifice Cheat Circumvent Breach of Trust Breach of Confidence Undue.

Fraud and Breach Prevention Summit668781195408a83df63a-e48385e382d2e5d17821a5e1d8e4c86b.r51… · Account Takeover: Where Does the Buck Stop? Our legal and anti-fraud experts will

Fraud and Breach Prevention Summit668781195408a83df63a-e48385e382d2e5d17821a5e1d8e4c86b.r51… · Account Takeover: Where Does the Buck Stop? Our legal and anti-fraud experts will

Equifax Data Breach: Your Vital Next Steps · Equifax Data Breach: Your Vital Next Steps David A. Reed Partner, Reed & Jolly, PLLC Ann Davidson ... Transaction Fraud Risks to Be Aware

Equifax Data Breach: Your Vital Next Steps · Equifax Data Breach: Your Vital Next Steps David A. Reed Partner, Reed & Jolly, PLLC Ann Davidson ... Transaction Fraud Risks to Be Aware

IN THE UNITED STATES DISTRICT COURT FOR THE ……Home Depot breach. Mr. Brantley shopped at a Home Depot retail store in Georgia between April 1 and September 18, 2014 by swiping

IN THE UNITED STATES DISTRICT COURT FOR THE ……Home Depot breach. Mr. Brantley shopped at a Home Depot retail store in Georgia between April 1 and September 18, 2014 by swiping

LESSONS LEARNED Home Depot Security Breach Depot Lessons... · LESSONS LEARNED Home Depot Security Breach BSI Group America Inc. 12950 Worldgate Drive, Suite 800 Herndon, VA 20170

LESSONS LEARNED Home Depot Security Breach Depot Lessons... · LESSONS LEARNED Home Depot Security Breach BSI Group America Inc. 12950 Worldgate Drive, Suite 800 Herndon, VA 20170

The Complaint - Cotchett, Pitre & McCarthy, LLP COMPLAINT - FILE END… · complaint for: 1) fraud 2) negligent misrepresentation 3) breach of contract 4) breach of implied-in-fact

The Complaint - Cotchett, Pitre & McCarthy, LLP COMPLAINT - FILE END… · complaint for: 1) fraud 2) negligent misrepresentation 3) breach of contract 4) breach of implied-in-fact

Protecting your brand from fraud, infringement and data breach

Protecting your brand from fraud, infringement and data breach

GUILTY PLEA and PLEA AGREEMENT - Mortgage Fraud Blogmortgagefraudblog.com/.../uploads/Barlev_Plea_Agreement.pdfplea or to claim a breach of this Plea Agreement. 9 . RESTITUTION The

GUILTY PLEA and PLEA AGREEMENT - Mortgage Fraud Blogmortgagefraudblog.com/.../uploads/Barlev_Plea_Agreement.pdfplea or to claim a breach of this Plea Agreement. 9 . RESTITUTION The

Predicting likelihood of cyber breach by analyzing ...€¦ · 18 years at FICO • Guide analytic development, across Fintech, Fraud, AML, Retail, Insurance, Healthcare, Cyber-security

Predicting likelihood of cyber breach by analyzing ...€¦ · 18 years at FICO • Guide analytic development, across Fintech, Fraud, AML, Retail, Insurance, Healthcare, Cyber-security

An Investigative Approach to Data Breaches: From …...Data Breach Response and Fraud Resolution When a data breach has been identified it is vital to have a plan in place that addresses

An Investigative Approach to Data Breaches: From …...Data Breach Response and Fraud Resolution When a data breach has been identified it is vital to have a plan in place that addresses

Sponsored by EY Fraud Investigation & Dispute Services ... · Sponsored by EY Fraud Investigation & Dispute Services ... Failure to take cyber breach response equally seriously can

Sponsored by EY Fraud Investigation & Dispute Services ... · Sponsored by EY Fraud Investigation & Dispute Services ... Failure to take cyber breach response equally seriously can

· PDF fileVietnam mulls new import tariff on alloy steel after fraud warning ... page10 ... Perwaja over breach of ... In the case of Taiwan’s Power Steel,

· PDF fileVietnam mulls new import tariff on alloy steel after fraud warning ... page10 ... Perwaja over breach of ... In the case of Taiwan’s Power Steel,

APPROACHES TO SECURITY BREACH NOTIFICATION: A White …cippic.ca/sites/default/files/bulletins/Breach... · Identity theft and related fraud have become serious risks for individuals

APPROACHES TO SECURITY BREACH NOTIFICATION: A White …cippic.ca/sites/default/files/bulletins/Breach... · Identity theft and related fraud have become serious risks for individuals

Data Security Breach Notification Laws · crimes (e.g., credit card fraud, phone or utilities fraud, bank fraud, mortgage fraud, employment-related fraud, government documents or

Data Security Breach Notification Laws · crimes (e.g., credit card fraud, phone or utilities fraud, bank fraud, mortgage fraud, employment-related fraud, government documents or

Identity ˜ eft Protectiononealind.com/wp-content/uploads/2016/11/IDWatchDog-Brochure.pdf · data breach victims Prominent Data Breaches Twitter 33 million ˜ e Home Depot 56 million

Identity ˜ eft Protectiononealind.com/wp-content/uploads/2016/11/IDWatchDog-Brochure.pdf · data breach victims Prominent Data Breaches Twitter 33 million ˜ e Home Depot 56 million

130314 - Ranson v BAC USD WV MtD Denied Breach Contract Fraud Estoppel WV CCPA

130314 - Ranson v BAC USD WV MtD Denied Breach Contract Fraud Estoppel WV CCPA