Abney Associates Tech Blog
55 views | +0 today
Follow
Your new post is loading...
Your new post is loading...
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program: The resurgence of data-entry phishing attacks

An Abney Associates Fraud Awareness Program: The resurgence of data-entry phishing attacks | Abney Associates Tech Blog | Scoop.it

How do you solve a problem like data-entry phishing?

 

‘Old school’ email social engineering or data-entry phishing is an attack method that has been on the rise in recent months, notably employed by the Syrian Electronic Army to hack seemingly every major media outlet in the Western hemisphere.

 

Data-Entry phishing emails lure employees into freely giving up their login credentials by taking them to a seemingly legitimate landing page. Attackers then use the credentials to establish a foothold in the network.

 

When spear phishing, data-entry style emails contain a link that takes the recipient to a webpage( http://abneyandassociates.blogspot.com/ ) that appears to be a genuine corporate or commercial site soliciting login information.

 

Despite their pervasiveness and high-success rate, data-entry attacks seeking login credentials and other sensitive information have been a secondary concern for enterprises.

 

Information security teams have been more concerned with phishing emails that attempt to carry out drive-by attacks through a malicious link or malware delivery via an attachment.

 

Since data-entry phishing attacks don’t require malware, it’s quite possible to fall victim to this technique and never even realise it. Victims will often enter their information and not recognize something is wrong. Without the presence of malware, these attacks often go undetected by technical solutions.

 

However, this doesn’t mean the consequences are any less severe. 

 

Once attackers gain legitimate credentials into the network, their activity is difficult to detect. Using these credentials they can often exfiltrate significant amounts of information from overly permissive file shares, search for other devices with weak or default credentials, and possibly escalate privileges to dump entire username/password databases that can continue to grant future access.

 

This activity may have the appearance of an insider threat, so breaches caused by data-entry phishing are often attributed to this source. Is it really an inside job if they gained access through a spear phish?

 

From an attacker’s perspective, what is easier: researching social media to craft a spear phishing email, or recruiting an actual insider within the organisation?

 

Some experts in the security industry have identified two-factor authentication as a way to mitigate this threat; however, two-factor authentication will not prevent phishing. While two-factor authentication makes it more difficult to phish an account, it will not prevent this type of attack from being successful.

 

If a user is tricked into revealing login credentials to a false landing page, two-factor authentication will only limit the time the hacker has access to the account. Attackers would need to collect the second factor of authentication, but the underlying tactics would remain the same.

 

Even if two-factor authentication could prevent phishing, for large enterprises implementing the solution across the board is often cost prohibitive and a logistical nightmare. This isn’t to say that two-factor authentication doesn’t improve security, but it isn’t a panacea.

 

The same goes for technologies( https://twitter.com/Abney_and_Assoc ) and services that take down phishing websites. At best, these technologies offer lead times of four to eight hours to take down phishing sites. It can often take longer, particularly if the site’s domain is in an unfriendly country or if the site is hosted using a subdomain on a large provider. Continue reading: http://www.information-age.com/technology/security/123458148/resurgence-data-entry-phishing-attacks

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program: Little reform since Snowden spilled the beans

An Abney Associates Fraud Awareness Program: Little reform since Snowden spilled the beans | Abney Associates Tech Blog | Scoop.it

LONDON – A year has passed since the American former intelligence contractor Edward J. Snowden began revealing the massive scope of Internet surveillance by the U.S. National Security Agency.

 

His disclosures have elicited public outrage and sharp rebukes from close U.S. allies like Germany, upending rosy assumptions about how free and secure the Internet[see here: http://www.facebook.com/pages/Abney-and-Associates/135106286651750 ] and telecommunications networks really are.

 

Single-handedly Snowden has changed how people regard their phones, tablets and laptops, and sparked a public debate about the protection of personal data.

 

What his revelations have not done is bring about significant reforms.

 

To be sure, U.S. President Barack Obama, spurred by an alliance between civil society organizations and the technology industry[see here: https://twitter.com/Abney_and_Assoc ], has taken some action. In a January speech, and an accompanying presidential policy directive, Obama ordered American spies to recognize that “all persons should be treated with dignity and respect, regardless of their nationality or wherever they might reside, and that all persons have legitimate privacy interests in the handling of their personal information.”

 

Some specific advances, unprecedented in the shadowy world of intelligence agencies, have accompanied this rhetorical commitment to privacy. When technology companies sued the government to release details about intelligence requests, the Obama administration compromised, supporting a settlement that allows for more detailed reporting. Under this agreement, companies have the option of publishing figures on data requests by intelligence agencies in ranges of 250 or 1,000, depending on the degree of disaggregation of the types of orders.

 

Though this represents a step forward, it is far from adequate, with gaping loopholes that prohibit reporting on some of the most notorious NSA programs such as the dragnet collection of phone records under Section 215 of the USA Patriot Act.

 

Moreover, Obama has demurred on the most significant recommendations of the independent review group that he appointed.

 

And the USA Freedom Act, which was meant to stop the mass collection of Americans’ phone records, is being diluted by a set of amendments that would enable the government to continue collecting metadata on millions of individuals without their consent.

 

This metadata — covering whom we talk to, when and for how long — can reveal as much about our private lives as the content itself.

 

Relative to the rest of the world, the United States has taken the strongest action since the Snowden revelations began. Of course, Snowden exposed more about the U.S. government’s surveillance activities than any other country. But the documents also included egregious examples of overreach by the Government Communications Headquarters, the United Kingdom’s signals intelligence agency and information about intelligence sharing in the so-called “Five Eyes” network of the United States, the United Kingdom, Canada, Australia, and New Zealand.

 

The agreements that govern the pooling and exchange of intelligence among these governments remain closely guarded secrets. Continue reading: http://www.japantimes.co.jp/opinion/2014/06/22/commentary/world-commentary/little-reform-since-snowden-spilled-beans/#.U6dYuRunqeQ

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program on YouTube Video Teaches Credit Card Fraud

An Abney Associates Fraud Awareness Program on YouTube Video Teaches Credit Card Fraud | Abney Associates Tech Blog | Scoop.it

Sad But True: YouTube Video Teaches Credit Card Fraud

 

The YouTube video features Lil Wayne rapping over a melancholy beat: "I see that guilt beneath the shame. I see your soul through your window pane."

 

Displayed on the screen is a message for aspiring credit card fraudsters.

 

"Everyone...I'm selling full cc generator...I also sell full cc...Have much more hacking tools, software   and other Business to offer. Only serious buyers."

 

The pitch for credit card fraud plays alongside an ad for American Express credit cards -- which means that the apparent cybercriminal[see: http://abneyandassociates.tumblr.com ] who posted the video may profit not just on the stolen data   but also on the ads purchased by the credit card companies that had their data stolen.

 

The odd set-up, it turns out, is not unique. YouTube is littered with videos marketing stolen credit cards and other tools for criminal ventures. (Many liven up their pitches with unauthorized samplings from famous musicians.)

 

A report to be released Tuesday by the Digital Citizens Alliance, an Internet safety advocacy organization, blasts Google Inc., YouTube's parent company, for profiting from ads paired with such videos.

 

The illicit videos are so common that it's almost inevitable that legitimate advertisers will get paired with them.

 

The process begins with a user posting a video onto the site and agreeing to allow ads. If the videos get a certain number of hits, their producers can get a cut of the revenue coming from the ads.

 

A search   of credit card fraud[see: https://plus.google.com/b/116164595270606535651/116164595270606535651 ] terms reveals the extent of the problem: "CC Fullz" brings up 2,030 videos, according to the report. (Fullz is slang for a full package of identifying information on a credit card holder.) "Buy cc numbers" shows 4,850 results. And "CC info with CW" brings up 8,820 hits.

 

"Many of these videos are embedded with advertisements, which means that Google is effectively in business   with crooks peddling stolen or bogus credit cards," the report states.

 

The videos are commonly displayed alongside ads for major companies. In one instance, the accompanying pitch was for Target, a company still reeling from the kind of credit card attacks these videos help facilitate.

 

Asked about the pairing by The Times, Target spokesman Evan Lapiska said "the ad placement in question is a clear violation of the contract terms with the vendor who manages ad placements online."

 

"We are working with them to address this issue as soon as possible," Lapiska said in a statement.

 

Target and other advertisers have little control over whether their promotions get paired up with fraud videos. The responsibility for weeding out such videos falls on YouTube and Google.

 

Tom Galvin, executive director of Digital Citizens Alliance, said Google has failed to implement a systemic fix for keeping such videos from going live.

 

Galvin acknowledged that it would be untenable for YouTube to check every video that gets uploaded onto the site. But he said common search terms such as "fake credit card numbers" should be vetted.

 

"YouTube is supposed to be this mainstream site," Galvin said. "It's not a good thing when these mainstream sites start looking like the dark corners of the Internet."

 

Galvin said he didn't blame the advertisers, such as Target, who ended up on the illicit videos: "They're kind of captive to the system."

 

Google, which owns YouTube, did not respond to questions from The Times.

 

[Source link: http://www.toptechnews.com/article/index.php?story_id=112003I4KQK0 ]

 

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program on Google disruption in China

An Abney Associates Fraud Awareness Program on Google disruption in China | Abney Associates Tech Blog | Scoop.it

Google disruption in China seen as government crackdown

 

BEIJING — When Yi Ran is working on new designs for his Yinshen Clothing company, he often turns to Google to search for pictures to use as inspiration. “The results are more complete and objective than Chinese search services,” the 30-year-old from Guangzhou said.

 

But for the past two weeks, when Yi has tried to call up the U.S. search engine, it’s been unavailable — as have a wide variety of other Google services, including Gmail, Google Books, Google Scholar and even country-specific search pages like Google.de, the company’s German home page.

 

Chinese authorities have given no explanation for the disruption, which began about five days before the 25th anniversary of the crackdown on pro-democracy protesters that culminated June 4, 1989, at Tiananmen Square in Beijing. Certain Google services such as YouTube have been totally unavailable in China for years, and politically sensitive periods like the Tiananmen anniversary often bring intensified, if temporary, censorship of many foreign news websites( http://abneyandassociates.tumblr.com ) and Internet search terms.

 

But experts said the current broad-based and prolonged disruption of Google offerings seems to be an escalated — and possibly long-term — crackdown on the Mountain View, Calif.-based Internet giant.

 

“It would be wrong to say this is a partial block. It is an attempt to fully block Google and all of its properties,” said a founder of GreatFire.org, a well-known website that has been monitoring China’s Internet( http://abneyandassociates.blogspot.com ) censorship program since 2011. The founder said via phone that the site’s administrators do not disclose their names publicly because of the sensitive nature of the content on their site. He would not reveal his real name, apparently fearing retribution.

 

So far, Google is taking a low-key approach. Spokesman Matt Kallman said the company had “checked extensively and there are no technical problems on our side” but refused to comment further. According to Google’s Transparency Report, an ongoing update on worldwide service disruptions to the company’s products, the slowdown in traffic from China began May 31.

 

Tensions between Beijing and Washington over cybersecurity have been escalating in recent weeks. Last month, the U.S. Justice Department formally charged five Chinese military officers with hacking into American companies and stealing trade secrets; China then said it would implement a security review on imported technology equipment.

 

Earlier this month, the state-run newspaper China Daily ran a story warning that companies like Google and Apple could pose a threat to Chinese users because of their cooperation with U.S. government surveillance activities. Those charges mirror warnings by American officials dating back several years that Chinese businesses, including Huawei Technologies Co. and ZTE Corp., have deep, suspicious ties with China’s government.

 

“We can only surmise that the step-up in blocking is linked to the increase in rhetoric and threats of retaliation sparked by the (FBI) ‘wanted’ posters with (People’s Liberation Army) officers, plus the smoldering resentment from the (Edward) Snowden disclosures,” said Duncan Clark, chairman of BDA, a Beijing investment consultant firm.

 

“All of this is emboldening the nationalist and protectionist camp, and weakening the voices of more pragmatic actors” such as corporate customers, consumers and those concerned about trade frictions, he added. Continue reading: http://www.knoxnews.com/news/2014/jun/22/google-disruption-in-china-seen-as-government/

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program on IBM patents technique for killing fraud

An Abney Associates Fraud Awareness Program on IBM patents technique for killing fraud | Abney Associates Tech Blog | Scoop.it

IBM patents technique for killing fraud, using click patterns

 

A new technology( http://abneyandassociates.tumblr.com/ ) would pick up on suspicious changes in people's online activity

 

Someday, if you use your non-dominant hand to control your mouse or touchpad when you're say, shopping online, websites might interpret your irregular scrolling and clicking as a sign of fraud and require you to prove your identity, thanks to an IBM fraud-detection patent.

 

The company has patented a technique for better detecting fraud online to prevent the theft of log-in credentials and other sensitive information, particularly in e-commerce and banking, it said Friday.

 

U.S. patent #8,650,080 is intended for a "user-browser interaction-based fraud detection system."

 

How people interact with websites, such as the areas of a page they click on, whether they navigate with a mouse or keyboard, and even how they swipe through screens on a smartphone or tablet, can all be identified, IBM said. The technology could identify sudden changes in online behavior, which would then trigger a secondary authentication measure, like a security question. It would work on a mobile device or PC.

 

If the technology works as IBM says it will, and other businesses license it, it could help to secure online transactions( http://abneyandassociates.tumblr.com/ ) against cyberattacks, such as the recent eBay hack. Sensitive information of up to 145 million people may have been breached in that recent attack.

 

It would also lend credence to IBM's previously stated ideas related to a "digital guardian" that would protect Internet users.

 

"It's important to prevent fraudulent financial transactions before they happen," said Brian O'Connell, an IBM engineer and co-inventor of the patent.

 

Trusteer, an IBM-owned company that makes malware detection technology mostly for banks, is already using some of the technology in the patent, IBM engineers said Friday. Other sites like eBay or Amazon might one day choose to license it as well.

 

While it might seem that the technology has the potential to cause false positives, IBM said the prototype it tested successfully confirmed identities and showed that sudden changes in browsing behavior were likely due to fraud.

 

And some Internet users might consider the technology to be an invasion of privacy. But the data gathered through the technology would not amount to personally identifiable information, said Keith Walker, another co-inventor on the patent.

 

Tackling fraud and financial crime is high on the agenda for IBM. Recently the company announced new software and services to address the US$3.5 trillion lost each year to fraud.

 

Source link: http://www.networkworld.com/article/2358259/byod/ibm-patents-technique-for-killing-fraud--using-click-patterns.html

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program on Most common cyber crimes in UAE

An Abney Associates Fraud Awareness Program on Most common cyber crimes in UAE | Abney Associates Tech Blog | Scoop.it

http://gulfnews.com/news/gulf/uae/general/most-common-cyber-crimes-in-uae-are-fraud-involving-money-and-extortion-1.1341312

 

Most common cyber crimes in UAE are fraud involving money and extortion

 

Dubai: The number of people reporting cyber crimes has almost doubled in Dubai, according to Dubai Police.

 

Statistics from the cyber investigation department of Dubai Police show that they received a total of 1,419 reports in 2013, 792 in 2012 and 588 in 2011.

 

Lieutenant Colonel Saeed Al Hajiri, Director of the Cyber Investigation Department at Dubai Police, told Gulf News that the most common cybercrimes are fraud involving money and blackmail or extortion, especially sextortion.

 

He said these crimes are common because they are easy to commit from anywhere in the world.

 

All the cyber crimes that are found in the UAE, he said, are also found everywhere in the world, as the internet( http://abneyandassociates.tumblr.com/ ) is an open environment.

 

“But what matters is how we handle them. We work with international organsiations such as the Interpol, VGT [Virtual Global Taskforce] and the Europol to fight all kinds of internet crimes.” he said.

 

He added that the “internet has a lot of evil; we get a lot of different reports and complaints, so we have up-to-date data of all the trends in cyber crime.” Recently, the department launched a campaign to raise awareness about cyber crimes such as promises of non-existent jobs, personal information theft – especially photos, money-related fraud and so on.

 

No tolerance for paedophiles

 

Lt Col Al Hajiri, said they get reports from people of all ages, and there is no specific age group that is most vulnerable.

 

However, he said, they have a zero tolerance policy for paedophiles.

 

“We are proactive in protecting children from internet predators. Anyone who posts photos or videos or content that have paedophilic themes is tracked and arrested immediately, and sent to court for trial and deported.”

 

He said that they do not wait for someone to report such a crime; they monitor the internet and handle it instantly.

 

In the UAE, he said, there aren’t many instances of children-related internet sex crimes.

 

People fall into the trap of internet criminals due to a number of reasons, all of which have nothing to do with how well educated they are, he said.

 

He explained that usually people who fall into the trap of online criminals have some weakness or character flaw that the criminal uses to abuse and exploit them. Lack of social intelligence, being greedy, not being content, having an emotional void, and having financial troubles are some weaknesses that criminals target, he said.

 

Pornographic activities are illegal, and people should not get into illegal activities that can later on lead to sextortion. Lt Col Al Hajiri added that the country has a proxy in place to block pornographic content in order to protect people. However, he said, some people bypass this security measure and get into problems related to sextortion.

 

Follow us on twitter @Abney_and_Assoc( https://twitter.com/Abney_and_Assoc ).

 

 

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program: Fraud soars as Britons fail to protect online identity

An Abney Associates Fraud Awareness Program: Fraud soars as Britons fail to protect online identity | Abney Associates Tech Blog | Scoop.it
PC Speak: An Abney and Associates Internet and Technology Research Lab – The world of internet technology and infotech update!
James Associates's insight:

The number of confirmed identity fraud cases increased by 37 per cent between 2012 and 2013, new data reveals.

 

Analysis by credit-checking specialist Experian found that almost 13,000 cases of fraud were confirmed in 2013, with the biggest increases reported in account takeover fraud, loan fraud and mobile phone account-related fraud.

 

Experian said these increases are linked to the online habits of Britons.

 

Separate research into consumer behaviour online suggests that one person in 10 never changes their passwords and one in 20 uses the same passwords for all of their online accounts.

 

With an average of 19 online accounts each, this could make it easier for fraudsters to get a hold of valuable information.

 

Pete Turner, managing director of Experian Consumer Services, said: "Although we have witnessed an increase in those seeking support having become victims of fraud, the good news is that improved fraud detection services are catching more and more fraudulent credit applications before many suffer financial loss."

 

Experian recommends that consumers always shred financial documentation after use, use strong passwords when banking online and avoid choosing online passcodes out of the dictionary.

 

They also recommend ensuring that sites are encrypted - indicated by a padlock symbol - before entering payment details, locking your smartphone's home page to protect any apps or images with important information, and keeping important details like birthdays and your mother's maiden name off social media.

 

Turner said: "Fraud is not just about financial loss. If your identity is compromised it takes on average 246 days to discover you have become a victim of fraud. That's a long time for a criminal to have and use your identity for their gain, and potentially harm your reputation and credit rating."

 

 

Read more  here

 

http://www.scribd.com/abney_and_associates

 

http://abneyandassociates.tumblr.com/

 

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program: Beware online banking scams

An Abney Associates Fraud Awareness Program: Beware online banking scams | Abney Associates Tech Blog | Scoop.it
James Associates's insight:

The New Zealand Bankers’ Association today encouraged people to be wary of online banking scams as part of Fraud Awareness Week 2014.

 

"Online scammers are constantly thinking up new ways to trick people into handing over personal information," said New Zealand Bankers’ Association chief executive Kirk Hope.

 

"Never give anyone your PIN or internet banking username or password. Your bank will never ask you for this confidential information. Anyone who asks for this, even if they say they’re from your bank or a retailer you know, will in all likelihood be trying to scam you.

 

"Once scammers have that information, such as your account number, log-in details, or password, they can access your identity and your money."

 

"If it doesn’t seem right, take care and double check it first before handing over personal information."

"Everyone has a role to play in fighting fraud by being vigilant and reporting scams.

 

"Reporting scams raises public awareness and helps stop scammers in their tracks. Contact your bank as soon as possible if you think you’ve been taken in by a scam," Hope said.

 

Scams can also be reported here.

 

Online scams are the focus of this year’s Fraud Awareness Week campaign, which is co-ordinated by the Ministry of Business, Innovation and Employment. More information about Fraud Awareness Week is available here.

 

 

Safety tips to help protect yourself against online banking and shopping scams include:

 

Logon to internet banking by typing in your bank’s full web address. Do not use links that appear to take you to your bank’s website.

 

Check you have a secure connection, which is shown by a padlock symbol somewhere on the page, and that the website address starts with ‘https://’. The ‘s’ stands for ‘secure’.

 

Avoid public computers and public Wi-Fi for internet banking, e.g. internet cafes, libraries or hotels.

 

Protect your identity information and only provide it to trusted people and organisations. This includes your date of birth, address, driver’s licence number and passport details.

 

Shop with trusted retailers. Before you provide personal information make sure they will protect that information.

 

Keep your anti-virus and firewall software up to date.

 

If you suspect you’ve been taken in by a scam, contact your bank immediately.

 

If you use your mobile phone for banking:

 

Only download apps from trusted sources

 

Keep device operating systems up to date, and update apps when prompted

 

Use your phone’s password lock feature

 

Shield your passwords from people around you

 

Change your passwords periodically, and make sure they are not easily guessable

 

If available, use anti-virus software

 

Contact your bank immediately if you lose your phone.

 

 

Read more here

 

http://www.facebook.com/pages/Abney-and-Associates/135106286651750

 

http://www.scribd.com/abney_and_associates

 

http://abneyandassociates.tumblr.com/

more...
No comment yet.
Scooped by James Associates
Scoop.it!

Visa, MasterCard Renew Push for Chip Cards | PC Speak: An Abney and Associates Internet and Technology Research Lab

Visa, MasterCard Renew Push for Chip Cards | PC Speak: An Abney and Associates Internet and Technology Research Lab | Abney Associates Tech Blog | Scoop.it

Visa and MasterCard are renewing a push to speed the adoption of microchips into U.S. credit and debit cards in the wake of recent high-profile data breaches, including this week's revelation that hackers stole consumer data from eBay's computer systems.

Card processing companies argue that a move away from the black magnetic strips on the backs of credit cards would eliminate a substantial amount of U.S. credit card fraud. They say it's time to offer U.S. consumers the greater protections microchips provide by joining Canada, Mexico and most of Western Europe in using cards with the more advanced technology (http://www.scoop.it/t/abney-associates-tech-blog).

Chips aren't perfect, says Carolyn Balfany, MasterCard's group head for U.S. product delivery, but the extra barrier they present is one of the reasons criminals often choose to target U.S.-issued cards, whose magnetic strips are easy to replicate.

"Typically, fraudsters are going to go to the path of least resistance," Balfany says.

The chip technology (abneyassociatesjames.wordpress.com) hasn't been adopted in the U.S. because of costs and disputes over how the network would operate. Retailers have long balked at paying for new cash registers and back office systems to handle the new cards. There have been clashes between retailers, card issuers and processors over which processing networks will get access to the new system and whether to stick with a signature-based system or move to one that requires a personal identification number instead. These technical decisions impact how much retailers and customers have to pay - and how much credit card issuers make - each time a card is used.

The disputes have now largely been resolved. And the epic breach of Target's computer systems in December, which involved the theft of 40 million debit and credit card numbers, along with smaller breaches at companies such as Neiman Marcus and Michaels, helped garner support for chip-based cards among retailers who were previously put off by the costs.

Chip cards are safer, argue supporters, because unlike magnetic strip cards that transfer a credit card number when they are swiped at a point-of-sale terminal, chip cards use a one-time code that moves between the chip and the retailer's register. The result is a transfer of data that is useless to anyone except the parties involved. Chip cards, say experts, are also nearly impossible to copy.

For its part, Target is accelerating its $100 million plan to roll out chip-based credit card technology in its nearly 1,800 stores. New payment terminals will appear in stores by September, six months ahead of schedule. Last month, the retailer announced that it will team up with MasterCard to issue branded Target payment cards equipped with chip technology early in 2015. The move will make Target the first major U.S. retailer with its own branded chip-based cards.

Even so, the protections chips provide only go so far, according to opponents who note that chips don't prevent fraud in online transactions, where consumers often enter credit card numbers into online forms. Some opponents also point to other technologies, such as point-to-point encryption, as better long-term solutions.

Ken Stasiak, founder and CEO of SecureState, a Cleveland-based information security firm that investigates data breaches, says that while chips would be a big security improvement, they wouldn't have stopped the hackers from breaching Target's computer systems where they also stole the personal information, including names and addresses, of as many as 70 million people, putting them at risk of identity theft.

"Chip and pin is just another security component," Stasiak says. "What matters is how companies like Target use consumer information, how they protect it."

Banks generally pick up the tab for credit card-related losses, but companies such as Visa and MasterCard stand to lose too, if data breaches continue to occur with increasing frequency. After all, if consumers don't feel safe using cards, they may choose other ways to pay for purchases.

"It's not just about fraud and losses, it's about the trust involved in electronic payments that's destroyed," says Ellen Ritchey, Visa's chief enterprise risk officer.

In March, Visa and MasterCard announced plans to bring together banks, credit unions, retailers, makers of card processing equipment and industry trade groups in a group that aims to strengthen the U.S. payment system for credit and debit cards. The initial focus of the new group will be on banks' adoption of chip cards.

That comes ahead of a liability shift set to occur in October 2015, when the costs resulting from the theft of debit and credit card numbers will largely fall to the party involved with the least advanced and most vulnerable technology. For example, if a bank has updated to chip technology, but the retailer involved hasn't, the retailer will be liable for the costs.

Stasiak says many of the retailers he works with already have the technology in place. Once the banks start issuing chip cards, the retailers will activate their new systems, he says.

Banks say that despite the jump in high-profile data breaches, fraud still accounts for a small fraction of total transactions processed, while the cost related to issuing chip cards to all of their customers and switching out all of their ATMs is substantial. Banks have urged lawmakers to make retailers more accountable for their own security in hopes of recouping more of the losses from cybercrime.

Richard Hunt, CEO of Consumer Bankers Association, says that in cases of major fraud, banks have generally been able to collect only pennies on the dollar from the retailers involved.

Hunt says even if banks put chips in cards, it won't do any good if retailers don't upgrade their systems.

"We have to improve fraud prevention across the board," he says. "There are people who get up every day across the world with one mission and that's to break credit card technology. But there's no magic pill out there. The solution involves everyone."

The article above is a repost from Abney and Associates (http://abneyassociates.org/2014/06/02/visa-mastercard-renew-push-for-chip-cards/).

more...
No comment yet.
Scooped by James Associates
Scoop.it!

Americans Are More Afraid Of Credit Card Fraud Than Of Terrorism | PC Speak: An Abney and Associates Internet and Technology Research Lab

Americans Are More Afraid Of Credit Card Fraud Than Of Terrorism | PC Speak: An Abney and Associates Internet and Technology Research Lab | Abney Associates Tech Blog | Scoop.it

What are you afraid of?

That's the question that information technology (https://www.goodreads.com/group/show/131054-abney-and-associates) company Unisys aims to answer in the 2014 installment of its annual security index, which measures eight major concerns of U.S. citizens in four areas: national, financial, internet, and personal security.

This year, credit card security tops the list, which may not be too surprising when you consider the hysteria surrounding the Heartbleed Bug. In fact, Americans are more concerned about technological threats (http://jamesassoc1.microblr.com/) than they are about physical ones, like war or terrorism.

The above article is a repost from Abney and Associates (http://abneyassociates.org/2014/05/29/americans-are-more-afraid-of-credit-card-fraud-than-of-terrorism/).

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Tech Tips: Inside the ‘iWatch’

An Abney Associates Tech Tips: Inside the ‘iWatch’ | Abney Associates Tech Blog | Scoop.it

Apple's anticipated entry to the wearable devices market has taken on near-mythical status, with rumors reaching every corner of the technology map. AppleInsider has rounded up some of the technologies most likely to find their way into the still-unannounced "iWatch."

Materials

Sapphire

Apple's interest: A $578 million deal with sapphire equipment maker GT Advanced Technologies (http://abneyandassociates.tumblr.com/) to open and operate a massive commercial sapphire plant in Arizona.

Much has been made of Apple's agreement GT Advanced Technologies. Many believe the new jointly-operated facility in Arizona will produce display covers to replace the Gorilla Glass currently used in the iPhone and iPad; some think the crystals will be used in an iWatch, while still others believe that Apple simply needs more sapphire for its camera lenses and Touch ID housings. 

If sapphire is to be used as a main component of an Apple device, the iWatch is its most likely target. High-end watch companies have long used sapphire to cover the faces of their timepieces because of its scratch resistance, but — as anyone who has dropped a sapphire-covered watch can attest — the material is prone to shattering, making it far better suited for a device that's constantly strapped to a person rather than hanging loosely in their hands.

Liquidmetal

Apple's interest: A $20 million contract for exclusive rights to use Liquidmetal in consumer electronics and a number of manufacturing patents related to the material. That agreement was re-upped through February 2015 earlier this week.

Liquidmetal is an amorphous alloy — essentially, metallic glass — that is much lighter, harder, and more flexible than metals traditionally used in electronics manufacturing. Parts made of Liquidmetal could "snap back" from deformations that might cause permanent bends or dents in other metals, such as Apple's omnipresent aluminum, and it's extremely scratch-resistant.

Liquidmetal is difficult to work with, however. Apple famously tested its viability by using it to make the SIM ejector tool included with the iPhone 3GS, but Liquidmetal's inventor predicted in 2012 that at least two to four years of further refinement in manufacturing processes was necessary before it could be commercially viable on a large scale. 

Complicating Liquidmetal's possible appearance in Apple's iWatch is a deal with Switzerland's Swatch group that granted the horologists exclusive use of Liquidmetal in watches.

Displays

OLED

Apple's interest: Apple has a number of OLED-related patents to its name, including dynamic brightness adjustment and improved power efficiency. The company also hired away a senior OLED researcher from LG Display.

OLED — or organic light-emitting diode — displays are a new type of display in which each pixel is made of an organic compound that emits light when electrical current is passed through it. Because of this design, OLED panels don't require a backlight, making them thinner and lighter than traditional LCD-based panels and adding the potential to be folded or curved. 

While many Apple watchers previously expected the iWatch to ship with a more traditional LCD panel, the tide of opinion has shifted in recent months in favor of OLED. The inclusion of a flexible OLED would allow for a more form-fitting design in which the screen could curve with the contours of the wearer's wrist, rather than sitting flat on the top. 

From the outside, Apple has long seemed apathetic toward OLEDs. Former CEO Steve Jobs is thought to have disliked the technology, and current chief Tim Cook panned OLED earlier this year, saying that the displays showed "awful" color saturation.

"If you ever buy anything online and really want to know what he color is, as many people do, you should really think twice before you depend on the color from an OLED display," he said.

Micro-LED

A similar micro LED array displayed by Taiwanese researchers

Apple's interest: Acquired micro-LED display maker LuxVue Technologies earlier this month for an unknown price.

Micro LEDs are essentially exactly what they sound like: very small LEDs. The technology that enables their miniaturization also plays a part in lowering power consumption and increasing brightness, with the combination placing micro LED arrays in direct competition with OLEDs. 

This is a relatively new technology (http://www.linkedin.com/groups/ABNEY-ASSOCIATES-4810835), however; Apple's acquisition of secretive LuxVue is likely to have given micro LEDs more exposure the day it was uncovered than the technology has received since its invention. Despite a number of high-profile backers — and their rumored inclusion in Google's next-generation Glass headset — micro LEDs have yet to find their way into shipping consumer device.

Still, there is reason to believe that Apple may have chosen the micro LED route. At least one of LuxVue's patents covers the manufacturing of a curved micro LED array, which could replace the flexible AMOLED display Apple is thought to have targeted.

The article above is a repost from Abney and Associates (http://abneyassociates.org/2014/05/27/an-abney-associates-tech-tips-inside-the-iwatch/).

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Tech Tips China vents outrage over U.S. cyberspying indictment

An Abney Associates Tech Tips China vents outrage over U.S. cyberspying indictment | Abney Associates Tech Blog | Scoop.it

China summons the U.S. ambassador for a rebuke, and the Defense Ministry blasts the charges.

James Associates's insight:

BEIJING — Outraged by U.S. cyberspying charges against members of a secretive Chinese military unit, China summoned the U.S. ambassador in Beijing for a dressing down, state media said Tuesday, and the Defense Ministry blasted the U.S. accusations as hypocritical.

 

The government, meanwhile, published new statistics that it said showed massive cyberattacks on China originating from the United States. “Those activities target Chinese leaders, ordinary citizens and anyone with a mobile phone,” the state-run Xinhua News Agency reported. “In the meantime, the U.S. repeatedly accuses China of spying and hacking.”

 

A day after the U.S. Justice Department unveiled explosive criminal cyber-espionage charges against five Chinese military officers, Beijing was still sputtering with indignation. Late Monday, the Chinese Foreign Ministry called the charges in a U.S. federal grand jury indictment “purely fictitious, extremely absurd.” China also announced it was suspending participation in the Sino-U.S. Cyber Working Group, formed to bridge differences over cyberspying.

 

The U.S. charges are certain to strain Washington’s military relationship with China, which the Pentagon made a concerted effort to build up in recent years. A Pentagon spokesman, Rear Adm. John Kirby, said Tuesday that the Defense Department had been aware of the impending charges and hoped that they would not stymie cooperation on various fronts.

more...
No comment yet.
Scooped by James Associates
Scoop.it!

Beware of Phishing Scams: An Abney Associates Tech Blog

Beware of Phishing Scams: An Abney Associates Tech Blog | Abney Associates Tech Blog | Scoop.it
For the second week in a row, local bank customers have been being targeted by “phishing” scams designed to separate them from the cash in their accounts.

Phishing is a term used to describe various scams that use automated phone calls, texts or email messages, sent by criminals, to trick you into divulging personal information. Thieves use this information to access your bank account, steal your identity or take over your computer.

These types of cyber scams are on the rise across the country, according to the FBI and the Internet Crime Complaint Center. They also are getting more sophisticated.

Read full article at http://abneyandassociates.tumblr.com/post/85867328559/beware-of-phishing-scams-an-abney-associates-tech-blog

See more: http://www.scribd.com/abney_and_associates http://pages.rediff.com/abney-and-associates/1982047 http://jamesassoc1.soup.io/
more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program: Identity fraud is on the increase

An Abney Associates Fraud Awareness Program:  Identity fraud is on the increase | Abney Associates Tech Blog | Scoop.it

Abram Mashego and Omphemetse Molopyane


Recent statistics by the Southern African Fraud Prevention Service (SAFPS) reveal that identity fraud( http://abneyandassociates.blogspot.com/ ) is on the increase.


Based on the year-to-date figure, 1 370 cases had been reported to the SAFPS as at the end of April. 


Experts warn that the figure could be the tip of the iceberg as the statistics only indicate the cases that have been recorded.


There was a 16% increase in fraud from a total of 3327 cases in 2012 to a total of 3873 cases in 2013. 


The crime cost the local economy a whopping R1bneach year. It is estimated that the number of incidents could exceed the 4000 mark by the end of 2014.


Frank Lenisa, director of credit bureau Compuscan, said they had been keeping a close watch on the situation and was endeavouring to educate consumers and assist them in preventing the negative impact that fraud can have on their credit reports.


“It’s concerning to see that there is an increase in identity fraud.

 

What worries us even more is that consumers are often unaware that they have fallen victim to such a crime and this could have a severe negative knock-on effect in their ability to obtain credit in future,” said Lenisa


Lenisa also said it was important for credit-active consumers to keep a close eye on account activity in their name to prevent and recover from identity fraud.


“This is one of the steps that can be taken to protect the health of their credit records.


Credit-active consumers can safeguard themselves by obtaining a copy of their credit reports( http://pinterest.com/jamesassoc1/abney-and-associates/ ) as regularly as possible and carefully examining every piece of information. 


It is recommended that this is done once a month,” he said


He added that consumers should carefully examine their statements, keep their passwords and identity numbers secure and shred receipts and statements before discarding them.


“It must also be stressed that personal information should never be given over the phone and the authenticity of websites should be checked before entering any personal information,” said


According to the latest National Credit Regulator Credit Bureau Monitor, there were 20.


64 million credit-active consumers in South Africa as at the end of December last year and each one of these consumers are urged to pay close attention to the threat of fraudulent activity that could affect their credit records.


Credit-active consumers can safeguard themselves by obtaining a copy of their credit reports as regularly as possible and carefully examining every piece of information.

 

Source link: http://www.thenewage.co.za/129197-1007-53-Identity_fraud_is_on_the_increase

 

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program on Apple implements MAC anti-tracking technique

An Abney Associates Fraud Awareness Program on Apple implements MAC anti-tracking technique | Abney Associates Tech Blog | Scoop.it

‘Double standards’: Apple implements MAC anti-tracking technique used by Aaron Swartz

 

Apple is going to implement random MAC addresses technology in its iOS8 devices, an anonymity-granting technique which late computer prodigy Aaron Swartz was accused of using to carry out his infamous MIT hack.

 

Swartz, who faced criminal prosecution on charges of mass downloading academic documents and articles, was also accused of using MAC (Media Access Control) spoofing address technology( https://foursquare.com/v/abney-and-associates/510cc324183fd8dd6d11d543 ) to gain access to MIT’s subscription database.

 

At the time of his suicide at the age 26, Swartz was facing up to 35 years in prison, the confiscation of assets and a $1 million fine on various charges.

 

Now computer giant Apple is installing a MAC address randomizing system into its products. The company announced that in its new iOS 8, Wi-Fi scanning behavior will be “changed to use random, locally administered MAC addresses.”

 

MAC-address is a unique identifier used by network adapters to identify themselves on a network, and changing it could be regarded as an anti-tracking measure.

 

David Seaman, journalist and podcast host of “The DL Show,” told RT that a single technology cannot protect users from being spied upon and advised users to trust no one, particularly the companies that have been caught cooperating with agencies such as the NSA, or those who used to turn a blind eye toward governments’ illegal activities.

 

RT: Why is Apple suddenly becoming interested in boosting the privacy protection of its devices by spoofing MAC-addresses?

 

David Seaman: That’s one of the techniques that Apple has adopted to spoof these MAC-addresses and it’s just another step to make smart phones and other devices( http://www.scribd.com/abney_and_associates ), other mobile devices a bit more secure. Of course you have to keep in mind that a smart phone is to begin with not all that secure, because there are so many different application developers, as well as the fact that you have to rely on whatever cell phone company is providing you with a signal. So this definitely doesn’t make phones completely secure, but I think it’s a step in the right direction.

 

RT: Some argue that Apple’s attempt to protect the privacy of its users is pretty much useless because there are many ways to see where the device is. Do you agree that what they are trying to give us is perhaps not really the full picture?

 

DS: There are a number of other hardware identifiers, aside from the MAC-address that your cell phone is still emitting, and which, using cell towers, they can still find your exact location. So this definitely doesn’t restore total privacy to the user, it’s just one band aid. And I think if you’re injured, you should use as many band aids as possible.

 

But there’s also a larger thing here which is that governments are spying on us and these cell phones are not designed to be all that secure from day one. And there are a number of private companies that, I wouldn’t say spying, but eavesdropping on what you’re doing to make money out of you. And this is a growing problem as we spend more and more of our lives online and on our phones and we expect these things to be secure. Continue reading: http://rt.com/usa/167668-apple-mac-address-swartz/

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program: Mock email scam ensnares hundreds of bureaucrats

An Abney Associates Fraud Awareness Program: Mock email scam ensnares hundreds of bureaucrats | Abney Associates Tech Blog | Scoop.it

 http://globalnews.ca/news/1409363/mock-email-scam-ensnares-hundreds-of-bureaucrats-at-justice-canada/

 

Mock email scam ensnares hundreds of bureaucrats at Justice Canada

 

OTTAWA – Many of the Justice Department’s finest legal minds are falling prey to a garden-variety Internet scam.

 

An internal survey shows almost 2,000 staff were conned into clicking on a phoney “phishing” link in their email, raising questions about the security of sensitive information.

 

The department launched the mock scam in December as a security exercise, sending emails to 5,000 employees to test their ability to recognize cyber fraud.

 

The emails looked like genuine communications from government or financial institutions, and contained a link to a fake website that was also made to look like the real thing.

 

Across the globe, an estimated 156 million of these so-called “phishing” emails are sent daily, and anyone duped into clicking on the embedded web link risks transferring confidential information – such as online banking passwords – to criminals.

 

The Justice Department’s mock exercise caught 1,850 people clicking on the phoney embedded links, or 37 per cent of everyone who received the emails.

 

That’s a much higher rate than for the general population, which a federal website says is only about five per cent.

 

The exercise did not put any confidential information at risk, but the poor results raise red flags about public servants being caught by actual phishing emails.

 

A spokeswoman says “no privacy breaches have been reported” from any real phishing scams at Justice Canada.

 

Carole Saindon also said that two more waves of mock emails in February and April show improved results, with clicking rates falling by half.

 

“This is an awareness campaign designed to inform and educate employees on issues surrounding cyber security to protect the integrity of the department’s information systems and in turn better protect Canadians,” she said in an email.

 

“As this project progresses, we are pleased that the effectiveness of this campaign is showing significant improvement.”

 

A February briefing note on the exercise was obtained by The Canadian Press under the Access to Information Act.

 

The document indicates there are more such exercises planned – in June, August and October – and that the simulations will be “graduating in levels of sophistication.”

 

Those caught by the simulation are notified by a pop-up window, giving them tips on spotting malicious messages.

 

The federal government’s Get Cyber Safe website says about 10 per cent of the 156 million phishing emails globally make it through spam filters each day.

 

Of those, some eight million are actually opened by the recipient, but only 800,000 click on the links – or about five per cent of those who received the emails.

 

About 10 per cent of those opening the link are fooled into providing confidential information – which represents a worldwide haul of 80,000 credit-card numbers, bank accounts, passwords and other confidential information every day.

 

“Don’t get phished!,” says the federal website, “Phishing emails often look like real emails from a trusted source such as your bank or an online retailer, right down to logos and graphics.”

 

The site says more than one million Canadians have entered personal banking details on a site they don’t know, based on surveys.

 

In late 2012, Justice Canada was embroiled in a major privacy breach when one of its lawyers working at Human Resources and Skills Development Canada was involved in the loss of a USB key.

 

The key contained unencrypted confidential information about 5,045 Canadians who had appealed disability rulings under the Canada Pension Plan, including their medical condition and SIN numbers. The privacy commissioner is still investigating the breach.

 

The department has some 5,000 employees, about half of them lawyers.

 

Visit our facebook page( http://www.facebook.com/pages/Abney-and-Associates/135106286651750 ) and follow us on twitter @Abney_and_Assoc( https://twitter.com/Abney_and_Assoc ).

 

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program: Symantec issues warning over FIFA scam malware

An Abney Associates Fraud Awareness Program: Symantec issues warning over FIFA scam malware | Abney Associates Tech Blog | Scoop.it

OWN GOAL: Security software company said fraudsters were attempting to entice users to click on corrupted links with the offer of World Cup tickets

 

Security software firm Symantec Corp yesterday issued an alert ahead of the FIFA World Cup soccer tournament, calling on Internet users to heed the threat of malware scams disguised as free ticket give-aways.

 

The antivirus vendor said that there has recently been a rise in Internet scams( http://www.facebook.com/pages/Abney-and-Associates/135106286651750 ), with many using offers of free World Cup tickets to spread viruses or malware.

 

The tricks involve e-mails about such popular soccer stars as Lionel Messi and Cristiano Ronaldo to entice people to click on corrupted links, it said.

 

There are also false “live broadcast” links which carry the threat of phishing.

 

This kind of Internet scam usually asks the user to download and install a video player or fill out a questionnaire — both of which are designed to deceive soccer fans into sending money to the fraudsters, it added.

 

Saying that it expected scammers to turn to social networks soon, Symentek reminded Web users to be alert to potential fraud perpetrated in the name of the FIFA World Cup.

 

Fans wishing to follow the latest news about their favorite soccer players are advised to go to the official Web site( https://twitter.com/Abney_and_Assoc ) of the sports event, it said.

 

Those who plan to watch the event online should keep away from dubious Web sites and use services provided by trusted sports channels only, it said.

 

As an added precaution Web users should also update their operating systems and other software to the latest versions, which would ensure that their Web-enabled devices have the best protection against malware, it added.

 

Article source: http://www.taipeitimes.com/News/taiwan/archives/2014/06/10/2003592424

 

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program on Tap-and-go card fraud in Australia

An Abney Associates Fraud Awareness Program on Tap-and-go card fraud in Australia | Abney Associates Tech Blog | Scoop.it

Tap-and-go card fraud in Australia low: financial institutions

 

Tap-and-go card fraud in Australia( http://www.smh.com.au/it-pro/security-it/tapandgo-card-fraud-in-australia-low-financial-institutions-20140603-zrvzt.html ) is costing about 2¢ for every $100 of legitimate spending – half the rate of conventional card fraud, and a third of the rate of international card fraud, according to Visa.

 

And that's why Australia’s major banks, the Australian Payments Clearing Association and cards issuers such as MasterCard and Visa have been left scratching their heads over suggestions by the Victorian Police last week that there is a runaway increase in theft and fraud associated with contactless payment cards. They all claim that is at odds with their experience.

 

A meeting of the Fraud in Banking group, which brings together financial institutions, regulators and police forces from around Australia, is scheduled to be held later this week in Melbourne, when the topic will again be raised.

 

What sparked the controversy was the release last week of Victoria Police statistics which revealed a 45 per cent increase in deception cases. The police said most of that increase was due to misuse of tap-and-go cards with thieves specifically seeking the cards in car and home burglaries.

 

Victoria Police has been contacted for further comment.

 

Visa’s senior director of risk services, Ian McKindley, said the company monitored card fraud internationally, adding that the Australian rate of card fraud in face-to-face (not online) transactions was one of the lowest in the world. He added that the rate of contactless fraud was half that of other cards despite 45 per cent of all face-to-face card transactions in Australia now being contactless.

 

Mr McKindley said that after removing internet( http://abneyandassociates.blogspot.com/ ) fraud (transactions knows as card-not-present are a bigger financial fraud problem for the banks) the Australian cost of fraud using conventional cards was 4¢ in $100, contactless was around 2¢ in every $100, while the global figure is 6¢ in the $100.

 

Not only was the cost of fraud lower, criminal gangs had been unable to counterfeit the contactless cards, he said, alluding to the active underground market for stolen credit cards and payment details.

 

Mr McKindley said that Visa had been liaising with the Victorian government over its concerns since September.

 

Unlike most other states and territories in Australia, which simply record any reports of card theft at local police stations, in Victoria copies of reports( http://www.scribd.com/abney_and_associates ) of card theft are provided to issuing banks, which investigate the cases in place of Victoria Police.

 

Police forces were, however, alerted by the banks and card issuers if there was evidence of possible criminal gang activity in a particular area.

 

Australian Bankers’ Association chief executive Steven Munchenberg agreed that contactless card fraud levels were low.

 

“These cards use the same intelligent systems that look for stolen card activity to identify possible fraud on customers’ cards. This helps prevent fraud if the systems believe your card has been stolen. As is the case with credit cards, the bank may contact the customer to check that a transaction is legitimate. If a customer cannot be contacted, a staff member will decide whether to block the card until the bank can talk to the customer.”

 

Consumers who are issued with contactless payment cards are not yetable to disable that function, which was one of the concerns raised by Victorian Police and consumer protection bodies. However eftpos Australia, which is developing its own contactless payment card and smartphone app, is still deciding what limits it will set for contactless transactions (it may be lower than the $100 limit on the major cards) and whether it will allow users to turn off the tap-and-go function.

 

While the ABA was unable to comment on the extent of smartphone-based tap-and-go payments fraud, the still relatively low penetration of mobile payments apps coupled with the fact that many are secured with a PIN, suggests this is less of an issue for the banks and card issuers at present.

 

APCA CEO Chris Hamilton welcomed any efforts to reinforce the need for consumers to treat payment cards or apps with the same care as cash, but said APCA’s own statistics had not revealed a sudden surge in contactless card fraud.

 

However, he noted that the rise of chip and PIN cards, and the planned move away from the use of signatures to complete payments, was perhaps forcing an “opportunistic” change in criminal behaviour. Chip and PIN cards “shut down counterfeiters and skimmers” he said, which may have prompted a rise in direct card theft.

 

That had also been seen in other markets, such as Britain, when chip and PIN were rolled out, he said.

 

more...
No comment yet.
Suggested by Mavis Brigham
Scoop.it!

An Abney Associates Fraud Awareness Program on Why Advertising Fraud is so high on the Internet

An Abney Associates Fraud Awareness Program on Why Advertising Fraud is so high on the Internet | Abney Associates Tech Blog | Scoop.it

...and how the industry is trying to fix it.

 

When news that a sample of Mercedes-Benz's adverts was more widely viewed by bots than humans breaks in the same week that an audit company reveals four in five British advertisers have no idea how many of their advert impressions are fraudulent, you know an industry is in some sort of trouble.

 

"The market has been has been relentlessly pursuing success and performance and in so doing has lost sight of where adverts actually appear," said Duncan Trigg, chief executive of Project Sunblock, an auditing firm for advertisers and the authors of the aforementioned report( https://www.facebook.com/pages/Abney-and-Associates/135106286651750 ).

 

"Brand safety" has long been important for Project Sunblock's clients, with regular investigations run to check whether adverts are displayed alongside undesirable editorial content such as pornographic or racist material. But since the rise of programmatic advertising in 2009, in which space is bid for based on which demographics a company wishes to target, bots have become an increasing concern.

 

The Interactive Advertising Bureau (IAB) surveyed enterprise marketers last November, and found that 85% were using programmatic advertising. Of those who did half were trying to buy adverts more efficiently, with slightly more trying to target more effectively, and only 16% motivated by cost-cutting. Over the next two years 91% of advertisers are expected to take up programmatic advertising, despite anxieties about the practice.

 

Ascertaining who is actually viewing the campaigns is a growing trend for the auditors. Adverts appearing below the fold of a web page( http://abneyandassociates.blogspot.com/ ) are much less likely to be seen than those visible when the page opens. But more problematic than that is the rise of botnets in directing fraudulent traffic, with the IAB claiming that as much as a third of online traffic for adverts is robotic rather than human.

 

"Botnets are already surprisingly sophisticated and will only become more potent in time," said Andrew Goode, chief operating officer of Project Sunblock. "There are many pieces of malware used to infect PCs which are used to create fake traffic and then sold on to publishers through ad exchanges, and some of the bots are almost indestructible." Continue reading: http://www.cbronline.com/news/social/why-advertising-fraud-is-so-high-on-the-internet-4285415

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program: I've been a victim of phishing, how can I stop this from happening again? - Abney and Associates Internet and Technology Research Lab - Blog - DESIGN 21...

An Abney Associates Fraud Awareness Program: I've been a victim of phishing, how can I stop this from happening again? - Abney and Associates Internet and Technology Research Lab - Blog - DESIGN 21... | Abney Associates Tech Blog | Scoop.it
James Associates's insight:

One reader was victim to a scam email. She asks our consumer expert how she can be better informed about such emails in future

 

Ideally this type of email should be detected and diverted into a “spam” folder, but that doesn't always happen. You may not have such a filter, in which case have one installed. Even with one it is worth being alert to the fact that such emails can still get through to your main folder. It is best to delete them if they do, and also from any spam or trash folders.

 

A spokesman for getsafeonline.org said your email service might also have an option to block the sender either straight from the in-box or in the junk folder. You may want to forward such emails to the bank or organisation referred to if relevant before doing this.

 

Most spam emails actually don’t ring true from the start. This is often because the person who receives the email doesn’t have an account with the bank or organisation it pretends to be from.

 

The senders are relying on the fact that in this exercise something will strike a chord with someone, even if it is only 1pc of those receiving them – that a few of those people will actually take the bait. However, with so much personal data doing the rounds, there may soon be more emails that seem authentic.

 

Don’t get drawn into giving personal information and don’t click on any attachments or links. Not only could this lead to fraud, it could also affect your computer.

 

The web is full of advice about these bugbears of modern life, but people still get caught out and readers still write in about their bad experiences.

 

If an email purports to be from a bank or a government body, check out the real website for information on phishing scams. For example, HMRC’s website, hmrc.gov.uk, has some helpful advice. Follow “security advice” from the front page.

 

Also see actionfraud.police.uk/fraud-az-phishing (or call 0300 123 2040) and getsafeonline.org. Or try the Citizens Advice consumer helpline on 08454 040506 (citizensadvice.org.uk).

 

Useful information relating to such scams can also be found on millersmiles.co.uk.

 

How to contact our consumer champion

 

Because of the volume of mail received, it is not possible to respond to every letter and correspondence cannot be entered into. Please do not send original documents or stamped and addressed envelopes. Responsibility, legal or otherwise, for answers given cannot be accepted. Cases currently with an ombudsman, going through a court of law or sent to other columns will not be considered.

 

In addition, Jessica cannot take up issues when the writer is a third party, other than in exceptional circumstances and cannot respond to emails. A full postal address, a signature and daytime telephone number are needed. Please address letters to: Jessica, Your Money, The Daily Telegraph, 111 Buckingham Palace Road, London SW1W 0DT.

 

If you have a simple money advice question rather than a consumer complaint, email our Ask an Expert panel at moneyexpert@telegraph.co.uk.

 

See more here

 

http://www.linkedin.com/groups/ABNEY-ASSOCIATES-4810835

 

http://www.facebook.com/pages/Abney-and-Associates/135106286651750

 

http://abneyandassociates.tumblr.com/

 

 

 

 

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Fraud Awareness Program on Nine tips for councils on tackling fraud

An Abney Associates Fraud Awareness Program on Nine tips for councils on tackling fraud | Abney Associates Tech Blog | Scoop.it
James Associates's insight:

As fraud gets harder to detect, what can councils do to protect themselves?

 

1. Fraud is getting harder to detect – so be vigilant

Technology means fraud has become more sophisticated and harder to detect. Awareness and vigilance must be key to protecting ourselves and the economy from these organised criminals.


– Lee Ormandy is intelligence and legal manager at Surrey county council

 

2. Beware of corruption growing in local government

We think that the corruption risk for local government in the England has increased, and that – as a result – corruption in UK local government is likely to increase. We may not see the consequences for a decade. Many changes, such as those to the audit regime and ethical standards, are recent, and the precise consequences are not possible to predict. However, a lesson Transparency International has learnt across the world is that it is better to take notice of emerging risks and to act early, because once corruption takes root it can be very hard to eradicate. Relatively few cases of fraud and corruption can have high impact, and this affects trust in local government and in politics more generally.


– Nick Maxwell works for Transparency International UK

 

3. Invest, invest, invest

We have a concern that local authorities will lose their fraud investigators due to the welfare reform, and when they do realise that they need investigators they will have to go out and re-recruit. Local government needs to make it a duty on each council to ensure that fraud is investigated and that there is zero tolerance to fraud. Share out the £16.6m given to the Department for Communities and Local Government. Investing in fraud protection will mean local government is up-to-date on any threats and gets rewarded for identifying and prosecuting fraud.


– Andrew Williams is a member of the Local Authority Investigation Officers Group

 

4. Make young people aware of the dangers of fraud online

An increasing worry is young people not appreciating the dangers of online fraud. People growing up treating the internet as a given before they're old enough to have a bank account are often less likely to realise that fraudsters are targeting them through pop-ups or other scams.


– Lee Ormandy is intelligence and legal manager at Surrey county council

 

5. Make sure the loss of the Audit Commission doesn't cause problems

The Audit Commission used to also play a role in offering protection to external auditors, which empowered them to pursue investigations without fear of being sued or losing future contracts. In the new arrangements, there is no supportive role for an auditor to look at corruption risks and there will be no duty for auditors to consider corruption.


– Maxwell

 

6. Learn from central government

What is the difference in this area between central and local government? Is one better than the other at tackling corruption? Is there good practice that could be shared?

 

– Rachael Tiffen is head of the counterfraud centre at the Chartered Institute of Public Finance and Accountancy

 

7. Learn from other councils

Stoke developed its own anti-fraud awareness campaignStop the Cheater (complete with an image of a cheetah) and concentrated on tenancy, benefits, and blue badge fraud. They increased referrals by 22% and recovered about 100 properties.


– Tiffen

 

8. Watch out for electoral fraud

There are lots of opportunities, from impersonating voters, postal votes, spending more than you declare etc. There is no proactive investigation or development of prevention-related strategies. The police have little interest in this. This is a classic area of fraud: because there are few detected cases it is thought that there is not a problem.


– Mark Button is director of the Centre for Counter Fraud Studies

 

9. Use data to plan services

Are councils communicating the benefits of using the personal data they hold to help plan the right fraud services? The care data, for example, being put on hold is due to lack of communication but it can only benefit everyone. We need to educate the public.


– Katrina Wakefield is head of public sector marketing at SAS UK

 

See more:

 

http://abneyassociatesjames.wordpress.com/

 

http://abneyandassociates.tumblr.com/

more...
ameliadavis024's curator insight, July 7, 2014 2:42 AM

Cyber- criminals have abused the Boleto Bancário online payment system to steal potentially billions of dollars, according to security firm RSA.

 

Cyber-Criminals have infected nearly 200,000 computers in Brazil and used their access to issue payment vouchers with an estimated value of $3.75 billion, according to an analysis of the attack published by security firm RSA on July 1.

 

Dubbed the "Bolware" gang, the criminals abuse the Brazilian payment system known as Boleto Bancário, which allows customers to promise to pay an online merchant, print out a payment slip with a barcode and remit money at a bank. While previous attempts to defraud the payment system used fake boleto, the latest attack, which started in late 2012, infects Web browsers on compromised computers and modifies legitimate boleto to route payment to the criminal accounts.

 

"The Boleto Malware (is) a newer and more sophisticated kind of fraud in Brazil that leverages MITB (man-in-the-browser) technology to attack online operations, and is based on transaction modification on the client side," RSA stated in its analysis. "Like any substantial cyber-criminal operation, the Bolware gang has continued to innovate, revising their purpose-built malware through 19 different versions.

 

While the details of the fraud differ from payment fraud in other nations, the techniques—such as using a man-in-the-browser attacks—are similar to how criminals are attempting to steal money from financial institutions in the U.S. and Europe. Criminals adopted man-in-the-browser attacks to defeat additional countermeasures—such as IP address and device identification—deployed by financial institutions.

 

"It is a class of problem where the arms race has migrated," Dan Kaminsky, co-founder and chief scientist of White Ops, an anti-fraud technology firm. "Once upon time, it was good enough to steal a customer's username and password and log into the bank from wherever and do whatever you wanted, but they soon figured out that a California customer should not be logging in from Latvia."

 

While banks in Brazil and other nations continue to fight against payment fraud, such attacks expose weaknesses and undermine trust in the financial ecosystem in most countries. Because customer-owned computers are generally thought to work on behalf of the user, banks typically argue that any fraud that originates from compromised customer systems are the responsibility of the victims. Such fraud rose more than 200 percent in the first nine months of 2013, according to Symantec.

 

Small U.S. businesses, for example, have lost hundreds of thousands of dollars to such attacks and sued their banks for allowing funds to be transferred to foreign nations, even though it was the business's machine that was compromised. Courts have generally split on whether the business is responsible for the lost money, or if banks should catch anomalous transactions and perform extra security measures.

 

A similar scam, where the attacker changed the banking information to which publisher Conde Nast sent funds, resulted in $8 million being transferred in six weeks, but the money was frozen before attackers could transfer it to their own bank accounts

 

While the Brazilian crime network is not large compared to other botnets, the potential profits for its operators are huge, according to RSA.

 

"Boleto malware is a major fraud operation and a serious cyber-crime threat to banks, merchants and banking customers in Brazil," the company stated. "While the Bolware fraud ring may not be as far-reaching as some larger international cybercrime operations, it does appear to be an extremely lucrative venture for its masterminds."

 


Article source:
http://www.eweek.com/security/cyber-attacks-seen-defrauding-brazilian-payment-system-of-billions.html

 

More Bonuses:
https://foursquare.com/p/abney-and-associates/4648947

http://abneyandassociates.blogspot.com/

 

 

Scooped by James Associates
Scoop.it!

An Abney Associates Tech Tips: EBay believed user data was safe after cyber attack | PC Speak: An Abney and Associates Internet and Technology Research Lab

An Abney Associates Tech Tips: EBay believed user data was safe after cyber attack | PC Speak: An Abney and Associates Internet and Technology Research Lab | Abney Associates Tech Blog | Scoop.it

EBay initially believed that its customers' data was safe as forensic investigators reviewed a network security (https://jamesassoc1.jux.com/) breach discovered in early May and made public last week.

EBay has come under fire over its handling of the cyber attack (http://jamesassoc1.edublogs.org/), in which hackers accessed personal data of all 145 million users, ranking it among the biggest such attacks launched on a corporation to date.

"For a very long period of time we did not believe that there was any eBay customer data compromised," global marketplaces chief Devin Wenig said, in the first comments by a top eBay executive since the e-commerce company disclosed the breach.

EBay moved "swiftly to disclose" the breach after it realised customer data was involved, he said.

Wenig would not say when the company first realised that the cyber attackers accessed customer data, nor how long it took to prepare last week's announcement.

He said hackers got in using the credentials of three corporate employees, eventually making their way to the user database.

The attackers accessed email addresses and encrypted passwords belonging to all eBay users. "Millions" of users have since reset their passwords and the company had begun notifying customers, though it would take some time to complete that task, Wenig said.

"You would imagine that anyone who has ever touched eBay is a large number," he said. "So we're going to send all of them an email, but sending that number all at once is not operationally possible."

At least three US states are investigating the company's security practices, and New York's attorney general called on eBay to provide free credit monitoring services to users.

But the internet retail giant has no plans to compensate customers or offer free credit monitoring for now because it had detected no financial fraud, Wenig said.

Wenig declined comment when asked if he thought eBay had good security prior to the breach. He said the company would now bolster its security systems, and has mobilised senior executives in a subsequent investigation of the attack.

"We want to make sure it doesn't happen again so we're going to continue to look our procedures, harden our operational environment and add levels of security where it's appropriate."

The breach marked the latest headache for eBay this year. In January, it crossed swords publicly with activist investor Carl Icahn, who mounted a campaign to get it to spin out PayPal. Then in April, the e-commerce company disappointed investors with a weak second-quarter outlook, pressuring its shares.

Avoiding back doors

Buying and selling activity on eBay remained "fairly normal" though eBay is still working out the cost of the breach, which included hiring a number of security firms. Wenig, who was previously a senior executive at Thomson Reuters, declined to comment on whether the cost could be material to eBay's results.

Wenig's revelation that the company initially believed that no customer data had been compromised might take some of the heat off eBay's executive team.

Cyber forensics experts said it's not uncommon for large companies to take weeks to grasp the full impact of an attack, because hackers are often able to steal data without leaving obvious clues.

"In some cases you go in and find the smoking gun immediately. Other times, it takes a few days or even a few weeks," said Kevin Johnson, a cyber forensics expert who was not involved in the eBay investigation but has worked for other Fortune 500 companies.

Daniel Clemens, a forensics expert and CEO of Packet Ninjas, said investigators often ask companies to hold off on disclosure until they believe they understand the full extent of an attack.

Otherwise, they risk tipping off attackers who might cover their tracks or leave "back doors" so they can return after the investigators complete their probe.

Last week, the e-commerce company announced that hackers raided its network between late February and early March. The company said financial information was not compromised and its payments unit PayPal was not affected.

When eBay first discovered the network breach in early May, the senior team was immediately involved and held multiple daily calls on the issue. EBay staff have been working around the clock since then.

Wenig said he could not provide much more detail about what happened in the attack beyond the scant information given out so far.

He declined to provide further specifics, citing ongoing investigations by the Federal Bureau of Investigation and several forensics firms including FireEye's Mandiant division.

The article above is a repost from Abney and Associates (http://abneyassociates.org/2014/05/30/an-abney-associates-tech-tips-ebay-believed-user-data-was-safe-after-cyber-attack/).

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Tech Tips: Europe's order to mute Google angers US

An Abney Associates Tech Tips: Europe's order to mute Google angers US | Abney Associates Tech Blog | Scoop.it

MOUNTAIN VIEW, CALIF. — Europe's moves to rein in Google — including a court ruling this month ordering the search giant to give people a say in what pops up when someone searches their name — may be seen in Brussels as striking a blow for the little guy. 
But across the Atlantic, the idea that users should be able to edit Google search results in the name of privacy is being slammed as weird and difficult to enforce at best and a crackdown on free speech at worst.

"Americans will find their searches bowdlerized by prissy European sensibilities," said Stewart Baker, former assistant secretary for policy at the U.S. Department of Homeland Security. "We'll be the big losers. The big winners will be French ministers who want the right to have their last mistress forgotten."

Mountain View, California -based Google says it's still figuring out how to comply with the European Court of Justice's May 13 ruling, which says the company must respond to complaints about private information that turns up in searches. Google must then decide whether the public's right to be able to find the information outweighs an individual's right to control it — with preference given to the individual.

The judgment applies to all search engines operating within the European Union. But in practice that means Google, given that 90 percent of all online searches there use Google's search engine.

"The ruling has significant implications for how we handle takedown requests," Google spokesman Al Verney said. "This is logistically complicated, not least because of the many languages involved and the need for careful review. As soon as we have thought through exactly how this will work, which may take several weeks, we will let our users know."

There will be serious technological challenges (http://abneyandassociates.tumblr.com/), said U.S. privacy attorney David Keating in Atlanta.

"It seems aspirational, not a reality, to comply with such a standard," he said. "The reengineering necessary to implement the right to be forgotten is significant."

Google may partially automate the process, as it does with copyright-infringement complaints, but ultimately a human will have to decide when results should be sanitized.

Johannes Caspar, who as Hamburg's Commissioner for Data Protection acts as Germany's lead regulator of Google on privacy issues, confirmed the company is already working on an "online tool" to help people file complaints.

Because the court's ruling applies only within Europe, it will mean some fragmentation of search results. That is, Europeans and Americans will see slightly different versions of the Internet (http://abneyandassociates.blogspot.com/). A worst-case scenario would be if Google decides it must err on the side of caution and removes links liberally in order to avoid lawsuits, critics of the ruling said.

Wikipedia founder Jimmy Wales, who has been an outspoken critic of the ruling, summarized it for The Associated Press as a "technologically incompetent violation of human rights." He said it amounts to censorship, and he predicted it will ultimately be scrapped.

"The danger is that search engines now are faced with an uncertain legal future which may require them to censor all kinds of things when someone thinks it is 'irrelevant'," Wales said.

In the wake of the decision, some Europeans are already asking to clean up their online history, though there may not yet have been a "flood" of hundreds of requests, including some from pedophiles and politicians, as was reported in the British press shortly after the ruling was handed down.

In Britain, David Murphy of the Information Commissioner's Office said "while we've had some people get in touch around this issue, we're simply telling them to speak to Google."

Officials in the Netherlands said they haven't had any new requests since the ruling.

Caspar, the German official, said his office has received 20 new requests, including some from people who won legal fights with websites to have material taken down — but the sites didn't comply because they were based abroad.

Differences between the U.S. and Europe over privacy have never been greater, sparked by recent revelations that the U.S. National Security Agency secretly broke into communications on Yahoo and Google abroad and targeted overseas telecoms, including German Chancellor Angela Merkel's own cellphone.

Joel Reidenberg, visiting professor of information technology policy at Princeton University, said the ruling was not surprising, "given the current tenor of US-European privacy relations as a result of the Snowden revelations."

A "fundamental divide" between the European and American worldview is becoming evident, he said.

"In Europe, there is a sense that privacy and control over personal data are basic human rights," he said. In America, freedom of speech and free-market solutions tend to prevail, he said.

Nico Sell, who runs San Francisco-based Wickr, an encrypted messaging service, said it would make more sense to let individuals, not tech giants, control their own online presence.

"The right to be forgotten is a great idea philosophically, but it is wrong to put the onus on Google or Facebook," she said. "They have no idea where all your data is, and this is not their job. We need to give consumers tools with the ability to add expiration dates to their personal data."

The above article is a repost from Abney Associates. (http://abneyassociates.org/2014/05/28/europes-order-to-mute-google-angers-us/).

more...
No comment yet.
Scooped by James Associates
Scoop.it!

An Abney Associates Tech Tips: Effective Google Drive phishing scam returns

http://abneyassociates.org/2014/05/26/effective-google-drive-phishing-scam-returns-but-contains-a-revealing-gaffe/

Effective Google Drive phishing scam returns, but contains a revealing gaffe

An Abney Associates Tech Tips (http://abneyassociatesjames.wordpress.com): A particularly crafty and effective Google Drive phishing scam that was originally spotted by Symantec researchers back in March has experienced a resurgence here in May, but with one key difference – a page corruption that may set off red flags for would-be victims.

The same phishers seem to be at work here, Satnam Narang, a Symantec researcher, told SCMagazine.com in a Thursday email correspondence, explaining that, like before, users are directed to a phony Google Drive login page if they click on a link in an email with “Documents” as the subject.

Credentials are compromised if submitted on the phishing page and victims are then redirected to an actual document hosted on Google Drive, but careful users that look at the bottom right of the phony website, by the option to choose languages, may be tipped off to the scam due to a glaring issue.

“The options within the language selection box at the bottom of the page are corrupted,” Narang said. A Wednesday blog post by Nick Johnston, a Symantec researcher, contains pictures that show how most language names are bookended by question marks. Related Infotech Update (http://www.linkedin.com/groups/ABNEY-ASSOCIATES-4810835)!

Aside from the question mark gaffe, the scam is particularly convincing because it uses the actual Google Drive platform, which serves up the phishing website over SSL, according to the post. Google did not immediately respond to a SCMagazine.com request for comment on why phishing pages could be served up this way.

Narang said that enabling two-step verification should help prevent unauthorized access to accounts.

“Getting user Google account credentials opens the door to [many services, including] Gmail, Google Drive, Google Plus [and] Google Wallet,” Narang said. “And that email can be used to reset passwords for other services you might use.”

In another Google Drive scam recently observed by Symantec, victims were redirected to a Brazilian website hosting a trojan detected as ‘Trojan Horse,' Narang added.

more...
No comment yet.
Scooped by James Associates
Scoop.it!

The Daily Times’ phone number used as part of phishing scam: An Abney Associates Tech Blog

The Daily Times’ phone number used as part of phishing scam: An Abney Associates Tech Blog | Abney Associates Tech Blog | Scoop.it

A phone number on a Maryville man’s caller ID that appeared to be from The Daily Times ended up being nothing more than a phishing scam. The scam is described as con artists using techniques such a...

James Associates's insight:

Read full article here at http://abneyassociatesjames.wordpress.com/2014/05/17/the-daily-times-phone-number-used-as-part-of-phishing-scam-an-abney-associates-tech-blog/

 

 

See more:

 

http://friendfeed.com/abney-and-associates3

 

http://abneyassociatesjames.wordpress.com

 

https://www.goodreads.com/group/show/131054-abney-and-associates

 

more...
No comment yet.