Online Fraud: Start with the "Why"
By Yohai Einav, Senior Fraud Analyst
I have six friends that serve me true
Their names are Why and What and When
and How and Where and Who.
-- Rudyard Kipling
Why quote Kipling in an online identity blog? According to all his biographies, Kipling was never a victim of identity theft, nor did he ever write a blog.
But Kipling knew something about the 6 W's, something that we, in the security industry, often forget: starting with the "Why."
Have you noticed the phenomenon: every discussion about identity theft, security and online fraud - starts with the How and What questions:
"How do fraudsters attack banks?"
"What technologies are fraudsters using?"
"What is the damage to customers?"
"What can we do to protect ourselves?"
All good questions. But, the first thing we should ask is "why?"
"Why am I being attacked?"
"Why am I a target?"
And, of course, "why isn't my competitor a target?!"
When you think of it, all banks are good sources for money (yes, they really are!), but, for some reason, not all banks are attacked by fraudsters. As I see it, not all fraud targets are born equal: there are the preferred and the less preferred. Where do you want to be?
A good example for the "Why" is Phishing:
Phishing is a huge, worldwide phenomenon. Millions of phishing emails are sent every year and thousands of new phishing sites are created every month. But the list of entities being attacked is quite constant. And you usually see a trend of bursts of phishing attacks against a specific target.