Video Screencast Help
Security Response
Showing posts tagged with Online Fraud
Showing posts in English
Sai Narayan Nambiar | 11 Dec 2007 08:00:00 GMT | 0 comments

The second half of 2007 has seen a suddensurge in the number of phishing attacks on financial puddles likeregional banks, credit unions, and small- to mid-sized credit unions.But why are fraudsters focusing on localized financial institutions?The answer is simple; they are highly profitable and have lessresources to protect them from phishing when compared to largerinstitutions. Larger institutions have secured themselves byimplementing stronger Internet security measures. Even the customersfrom larger financial institutions are quite familiar with phishing.

Furthermore, credit unions have always been major competitors withlarger financial institutions. The sub-prime problem in the UnitedStates has triggered a financial stress. To give some respite to thisdifficult situation the Feds had planned out cuts in interest rates.These cuts in interest rates have become a blessing in disguise forcredit unions because valuations of the first three quarters of 2007show robust...

Masaki Suenaga | 05 Dec 2007 08:00:00 GMT | 0 comments

There have been many viruses discoveredthat have the direct purpose of stealing online bank account andpassword information. It has been determined that a good majority ofthese have originated in Brazil and in these cases the viruses areknown to be part of the infostealer.bancos family. They run without anyuser interface and attempt to capture all of the user information thatis being sent to a target bank's Web page. In some cases there arevariants that show fake login dialog boxes, almost all of which areJPEG image files stored in the virus. The important thing to rememberhere is that the people serving up these viruses are thieves and haveto hide.

In contrast, a fraud does not need to hide. The fraud interacts withhis or her victim without hiding. Recently we received an .exe filefrom a customer in Brazil. When the .exe is run, it shows a visiblemessage box with the title "Patch 2.25 - Correcao de Falhas." It claimsto be a patch for a particular "fault" and the...

Davide Veneziano | 03 Dec 2007 08:00:00 GMT | 0 comments

Computer forensics is a powerful instrumentavailable to financial institutions in the battle against online fraud.During the analysis of a phishing attack many players need to beconsidered. As illustrated by Andrea Del Miglio,the role of email service providers is fundamental, but hostingcompanies as well as individual owners of compromised Web sites canreally help in enhancing the effectiveness of the analysis. Theinformation found within the log files of a compromised Web server cansupport forensics operations; precious details such as IP addressesbelonging to end-users, timestamps, and the visited URLs are allrecorded into these files. Additionally, the total number of visitorscan contribute to the evaluation of the real risk associated with eachsingle attack. That is to say, the more visitors a fraudulent Web sitehas, the higher the risk.

During the last...

Zulfikar Ramzan | 27 Nov 2007 08:00:00 GMT | 0 comments

On November 2, 2007 I had the opportunityto participate in a panel at the Federal Trade Commission on the futureof online behavioral advertising. While this topic is not one that isnormally associated with information protection issues, there are someinteresting implications that I touched upon at the panel and that Ithought I’d reiterate here.

First, let’s think about some of the overall trends related to Webadvertising. To begin with, the Web has certainly exploded inpopularity and people are spending more and more time each day surfingtheir favorite sites.

Second, online advertising has proven itself to be a viable businessmodel for many companies. Countless Web sites display ads that areviewed by an even greater number of people.

Third, along these same lines the online advertising supply chain isfairly complex. In the simplest incarnation, an advertiser might workwith an ad network who will arrange to have the ad published throughone or more...

Vikram Thakur | 27 Nov 2007 08:00:00 GMT | 0 comments

Earlier today there was a report about AlGore's site,, being hacked. The site contained linksthat weren't visible to the visitors, which pointed to variouspharmaceutical products. The links could be viewed by looking into thesource code of the page being displayed. The fact that Al Gore's sitegot hacked or compromised, while definitely of significance, uncovers amuch bigger technique now being used by spammers. Here is a snapshot ofthe links from the hacked site:

(Click for larger image)

As you can see, there are loads of links to a university's server.None of the links work. However, the hackers were able to get to thetop of search results by creating links such as these. No one visitingthe...

M.K. Low | 21 Nov 2007 08:00:00 GMT | 0 comments

When I logged into my online banking Website last week, the login screen was different than what I was used to.My first reaction was that I had been hacked and the site was a spoof(a consequence of working in this field). Once I realized that it wasin fact the genuine login screen, I proceeded to enroll in the bank’snewly enhanced sign-in security.

The concept is pretty easy; banks realize that card numbers and PINsare not enough to verify someone’s identity so they have added extralayers of security. To set up the enhanced login process, users areasked to pick an image and to type in a phrase. For example, a usercould select the image of a green apple and the phrase “The fox is inthe hen house.” These will be displayed to the user whenever they entertheir bank card number so that they can verify the legitimacy of thesite. Users are then asked to select three pre-determined questions andenter the answers. If the user logs into their online banking from acomputer that...

Jitender Sarda | 02 Nov 2007 07:00:00 GMT | 0 comments

Imagine Google’s search engine being exploited for sending spam URLs. Unbelievable? Believe it!

Google is the one of the most widely used search engines on the Webtoday. To make life easier, it supports a few advanced query wordswhich narrow the scope of a search to a great extent. It appears thatspammers have found a way to exploit this facility to direct the enduser to a URL advertising their products or services, using Google’sadvanced search operators.

Recently, we came across few offer spam mails which had the following URL in it:

A first glance, it appeared to be a “Google search results” link andwe were expecting it to take us to the search results page. However,when...

Liam O Murchu | 01 Nov 2007 07:00:00 GMT | 0 comments

Recent reports have shown thatTrojan.Bayrob is scamming people again. The latest victim lost over€5,000 to the scam but luckily was able to track down where the moneyhad been sent. Unfortunately the final destination for the money was aWestern Union outlet in Greece, after having been first sent through amoney mule in the US.

Once Trojan.Bayrob is executed on a user’s system it can interceptall traffic to eBay. It can then show the infected user any contentthat it chooses instead of the real pages and it can also alterinformation that is shown to the user from the real pages.Trojan.Bayrob is used to scam people who are trying to buy cars oneBay.

The attack is a targeted attack and as such it is difficult toestablish the exact methods that are used to distribute the Trojan;however, from evidence gathered thus far the attack works in a mannersimilar to the following:
• The attacker posts an auction on eBay.
• This auction is used to gain information...

Andrea DelMiglio | 30 Oct 2007 07:00:00 GMT | 0 comments

As anticipated in my first blog post,email service providers play a central role in the battle againstonline fraud. This is because they are often the only organization toown the data needed to support financial institutions and lawenforcement agencies in prosecuting criminals.

Most phishing sites are hosted on compromised Web servers and in thepast, stolen accounts were stored on local log files that phishers usedto save, using rather standard filenames (like “data.log” or “cc.txt,”where “cc” obviously stands for credit card). Web servers withdirectory listings that were enabled together with phishing kitanalysis quickly made this simple technique ineffective, becausefinancial institutions were able to read those files as well.Therefore, they were able to block stolen Internet banking accounts andcredit cards, thus preventing further...

Ron Bowes | 01 Oct 2007 07:00:00 GMT | 0 comments

Over the past few years, file-sharing programs have grown inpopularity. Many people use them to share their music and games. Theyalso provide attackers with a convenient medium for infecting userswith Trojans or worms by offering tantalizing files. This kind of riskis well known to users and attackers alike; in Volume XII of Symantec'sInternet Security Threat Report, we noted that six of the top ten new malicious code families spread through file-sharing applications.

Another risk with file sharing, which many people are unaware of, isthe accidental exposure of confidential information. With nothing morethan a misplaced click, a user can unintentionally share the entirecontents of their hard drive, which could include their browserhistory, their personal documents, or their email messages.

Some file-sharing servers, such as certain Direct Connect servers,require a minimum...