Thread Starter: ColoradoAML
Title: Re: Cyber event?
|
If a customer is deceived into providing remote access to their PC which leads to a criminal initiating or attempting fraudulent transactions, we report that as a cyber event against the customer.
I make a distinction between that and when a customer gives their credentials to a criminal in the course of an employment scam or something so that the criminal can make a fraudulent deposit.
The customer may have been deceived in both cases (or may claim to be deceived in the second case to hide their complicity as a money mule), but in the second case the customer is willfully allowing the criminal to transact through their account, while in the first the customer didn't intentionally provide access.
This is probably more clear in my head than it is on paper or in practice, but we've been able to be consistent with this. I also admit that it may be difficult to determine exactly what was divulged and how.
|
|
|
|