DOCSLIB.ORG

Fraud: Everything Old Is New Again Tough Times Bring out Tried & True Tricks from Fraudsters

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Fraud: Everything Old Is New Again Tough Times Bring out Tried & True Tricks from Fraudsters Fraud: Everything Old is New Again Tough Times Bring out Tried & True Tricks from Fraudsters I once heard a line on – of all places – sports talk radio, and it’s stuck with me through the years, especially during the past one. “Tough times don’t build character, they reveal it.” Well, there’s no question the past year has brought tough times to all Tom Field of us, and as for some of the fraudulent characters they’ve revealed? Editorial Director Whew! It seems like every tried-and-true fraud scheme is back these days with a vengeance, as criminals renew their efforts to deprive us of our financial and informational assets. The only difference: In- stead of focusing on only one fraud channel, criminals today tend to be attempting multiple entry points simultaneously. Everything old is new again, and it’s coming at you all at once! I trust you’ll enjoy the articles, interviews and opinion pieces we’ve collected here, and I welcome hearing from you after you’ve soaked in some of this information. What are the fraud schemes you’re seeing most this year? How are you educating your customers to avoid them? Where have you had success thwarting the fraudsters? The tough times will get better. Fraud, alas, won’t go away. We just have to make sure that we – like the criminals – get smarter, organized and educated. It’s going to be a long fight, but we can win it. Best, Tom Field Editorial Director, Information Security Media Group [email protected] Volume 1, Issue 5 IN THIS ISSUE... June 2009 Articles Interviews with streaming audio player embedded 2 10 Faces of Fraud directly into the page. 10 2009 Identity Fraud Report James Van Dyke of Javelin Strategy & Research discusses the results. What does next year hold for fraud against 22 Phishing: How to financial institutions? Here are 10 of the new Help Protect Your and old ways criminals will be looking to Customers commit fraud in 2009. Dave Jevans, chair of the Anti-Phishing Working Group, discusses the state of 18 The Insider Threat: 16 Tips phishing against banking institutions. to Protect Critical Data Blogs 9 At the Heart of the Data Breach(es) The Field Report with Tom Field Is 2009 the Year of the Insider Threat? 32 Top Internet Scams 28 Top Trends in ACH Fraud for You and Your What you need to know about payroll Customers to Avoid fraud, ACH kiting and solutions to fight these threats. The Agency Insider with Linda McGlasson 1 What does next year hold for fraud against financial institutions? Here are 10 of the new and old ways criminals will be looking to commit fraud in 2009. Copyright © Information Security Media Group, Corp. 2 By Linda McGlasson 1. ATM Network Fraud According to Paul Kocher, president and chief scientist of Cryptography Research Institute, the number one area that institutions will see fraud growing over the next year is in ATM networks. “When the criminal gets access to mag- netic stripe data and associated PIN values, they are then able to create cards, and basically then it’s a license to print money,” Kocher explains. Another problem for institutions is that their ability to perform risk management is signifi- cantly less on an ATM network than online transactions. “This is because the ATM delivers the goods to the con- sumer immediately, which is exactly what the fraudsters ChoicePoint and others to build their attacks.” One infor- want -- the cash, rather than a large ticket item they have mation security researcher told Rothman that organiza- to then fence or resell,” he concludes. tions like the Russian Business Network, RBN, have built demographic databases “that rival some of the biggest and Kocher predicts that until U.S. financial institutions and most significant demographic databases in the financial credit card companies roll out either a contact or contact- services industry that are used here in the States legally.” less-based smart card infrastructure, there won’t be a great reduction in the amount of fraud being perpetrated against The criminal groups like RBN are compiling huge amounts U.S. consumers. “Once they decide to do this, it will cause of data in order for consumers to share account informa- a great reduction in the amount of fraud, because we’ve tion with them. This allows them to entice those custom- seen it happen in Europe,” says Kocher. ers to “give up the goods” by divulging enough informa- 2. Check Fraud The area of check fraud is also becoming continuously more sophisticated, and the underlying technological systems haven’t kept pace with the sophistication of the adversaries, says CRI’s Kocher. “Initially there will be more pain and losses on the part of institutions, and then more technological changes on their part to try and catch up to the criminals’ ability to perpetrate check fraud,” he observes. There won’t be a solution for paper-based check fraud, Kocher says, until we have a technological development where the check itself can be authenticated via a chip or code. There are actions that could be taken, such as printing a code on the back of the check tion so they feel comfortable with the scam. The victims that the bank can verify, like a credit card, “Eventually include small businesses, which Rothman sees as the next we’ll end up with something similar to that, but the ques- crime front. tion is how long will it continue to grow until it becomes financially painful enough for banks to implement this?” “Most small business owners are not sophisticated enough Kocher asks. or wary to emails that would offer services,” Rothman notes. Especially in the tough economic times facing all business, he sees there will be a marked increase of fraud 3. ‘Laser-Guided’ Precision Strikes targeting the small businesses. “We’re always going to see The organization and sophistication of criminals is in- criminals targeting consumers. The small businesses that creasing, and so is the sophistication of their attacks. Mike are already being pushed to the wall in these hard eco- Rothman, senior vice president of security strategy at eIQ- nomic times won’t realize they’ve fallen prey to a slick networks, sees a “laser-guided” approach to targeting pre- targeted attack until it’s too late, and there is a lot of fer- cision attacks on institutions’ customers as the next step tile ground out there that could be attacked.” One example that these criminals will take. “They will use data already Rothman says could be the offer of online applications for collected from previous attacks on companies, including small business loans, or credit lines. In many cases, these continued on page 6... Copyright © Information Security Media Group, Corp. 4 FULL PAGE AD continued on page 6... attacks could be launched under a generic social engineer- as part of their online banking services to their custom- ing attack. Proactively, financial institutions can continue ers. The customer can go online to see what checks have to train employees and offer information to customers cleared, Eisen notes. “So what is on those checks? The making them aware of these types of attacks. victim’s bank account number, signature, address, phone,” says Eisen. It’s a treasure for most criminals. They can either take the copy and make paper counterfeit checks 4. Phishing Attacks To Continue to distribute, or take that information and create PayPal In 2008, the financial services industry has seen an in- accounts or other online payment accounts that will leave crease in the numbers of phishing attacks that are ex- the victim on the hook for any purchases. pected to continue through 2009, including sophisticated spear phishing and Rock Phish attacks. The Anti-Phishing Eisen says check image fraud is hitting the top financial Working Group reports that the financial services sector institutions around the world to the “tune of millions of remains the most targeted sector being attacked, with an dollars per month. The amount they’re being hit with average of more than 90 percent of attacks being directed is significant,” he says. Banks are on the hook for these at financial services. losses, especially with the proliferation of Trojans, key- loggers and other malware, that find their way onto cus- According to Terry Gudaitis, PhD, Cyber Intelligence Di- tomers’ computers, banks can’t hide behind the statement rector at Cyveillance, a cyber intelligence firm specializ- that the customer didn’t protect their account information. ing in phishing takedown and monitoring services, she and As more institutions begin losing money to check image others see as a growing threat area for phishing attacks is fraud, they’ll need to look to find ways to mask the check “Smishing” or SMS phishing. “Phishers are now sending images online, especially with the increased phishing that their phishing messages over cell phones via text messag- is occurring, Eisen warns. es. This will cause confusion among online banking users, especially those using mobile banking services,” she says. “The typical banking customer will think, ‘My bank won’t 6. Zero Day Attacks email me, but they’re sending me a text message asking Another area that financial institutions will need to keep me to click on this link or call a number to verify,’” Gu- an eagle eye on is the shift in the way financial fraud is daitis says. While the SMS attack vector is different, the happening. CRI’s Kocher sees the attacks will change object of the phisher is the same. This type of attack will from criminals trying one thing and increasing their at- pose credibility issues and will impact banks with mobile tacks against a particular vulnerability or fraud strategy, banking services, especially as the more reliant customers to where it becomes similar to hackers attacking computer will become more trusting of their mobile phone.” vulnerabilities, where the smartest adversaries will iden- tify a problem, but try to keep what they learn really secret and then attack the target in a very sudden and catastroph- 5.
Load more

Recommended publications
  • The Economics of Online Crime
    Journal of Economic Perspectives—Volume 23, Number 3—Summer 2009—Pages 3–20 The Economics of Online Crime Tyler Moore, Richard Clayton, and Ross Anderson he economics of information security has recently become a thriving and fast-moving discipline. This field was kick-started in 2001 by the observa- T tion that poorly aligned incentives explain the failure of security systems at least as often as technical factors (Anderson, 2001). As distributed computing systems are assembled from machines controlled by principals with divergent interests, microeconomic analysis and game-theoretic analysis become just as im- portant for dependability as protocol analysis or cryptanalysis. The economic approach not only provides a more effective way of analyzing straightforward information-security problems such as privacy, spam, and phishing, but also gives insights to scholars of system dependability, conflict, and crime. An annual Work- shop on the Economics of Information Security (WEIS) was established in 2002. The field now involves over 100 active researchers; the subject has drawn together security engineers, economists, and even lawyers and psychologists. For a survey of security economics in general, see Anderson and Moore (2006). This paper will focus on the subject of online crime, which has taken off as a serious industry since about 2004. Until then, much of the online nuisance came from amateur hackers who defaced websites and wrote malicious software in pursuit of bragging rights. In the old days, electronic fraud was largely a cottage y Tyler Moore is a Postdoctoral Fellow, Center for Research on Computation and Society (CRCS), Harvard University, Cambridge, Massachusetts. Richard Clayton is an Industrial Research Fellow and Ross Anderson is Professor of Security Engineering, both at the Computer Laboratory, University of Cambridge, Cambridge, England.
    [Show full text]
  • Financial Fraud: a Literature Review
    A Service of Leibniz-Informationszentrum econstor Wirtschaft Leibniz Information Centre Make Your Publications Visible. zbw for Economics Reurink, Arjan Working Paper Financial fraud: A literature review MPIfG Discussion Paper, No. 16/5 Provided in Cooperation with: Max Planck Institute for the Study of Societies (MPIfG), Cologne Suggested Citation: Reurink, Arjan (2016) : Financial fraud: A literature review, MPIfG Discussion Paper, No. 16/5, Max Planck Institute for the Study of Societies, Cologne This Version is available at: http://hdl.handle.net/10419/141282 Standard-Nutzungsbedingungen: Terms of use: Die Dokumente auf EconStor dürfen zu eigenen wissenschaftlichen Documents in EconStor may be saved and copied for your Zwecken und zum Privatgebrauch gespeichert und kopiert werden. personal and scholarly purposes. Sie dürfen die Dokumente nicht für öffentliche oder kommerzielle You are not to copy documents for public or commercial Zwecke vervielfältigen, öffentlich ausstellen, öffentlich zugänglich purposes, to exhibit the documents publicly, to make them machen, vertreiben oder anderweitig nutzen. publicly available on the internet, or to distribute or otherwise use the documents in public. Sofern die Verfasser die Dokumente unter Open-Content-Lizenzen (insbesondere CC-Lizenzen) zur Verfügung gestellt haben sollten, If the documents have been made available under an Open gelten abweichend von diesen Nutzungsbedingungen die in der dort Content Licence (especially Creative Commons Licences), you genannten Lizenz gewährten Nutzungsrechte.
    [Show full text]
  • Computer Viruses and Other Malicious Software
    _it E d e it s io w n o Computer Viruses and Other Malicious r yl Software B n O O e D A THREAT TO THE INTERNET ECONOMY da l C u The Internet has become a powerful tool for enhancing innovation and productivity. E e e Nevertheless, the increasing dependence on the Internet and other communication O R s networks means the Internet has also become a popular and efficient way to spread n e computer viruses and other types of malicious software (malware). A r tu Malware attacks are increasing in both frequency and sophistication, thus posing a L e c serious threat to the Internet economy and to national security. Concurrently, efforts to fight malware are not up to the task of addressing this growing global threat; malware Software Malicious Other and Viruses Computer Computer Viruses and response and mitigation efforts are essentially fragmented, local and mainly reactive. A wide range of communities and actors – from policy makers to Internet Service Other Malicious Software Providers to end users – all play a role in combating malware. But there is still limited knowledge, understanding, organisation and delineation of the roles and responsibilities A THREAT TO THE INTERNET of each of these actors. Improvements can be made in many areas, and international ECONOMY co-operation would benefit greatly in areas such as: proactive prevention (education, guidelines and standards, research and development); improved legal frameworks; E-COMMERCER THIRD FOURTH FIFTH FIRST SECOND THIRD FOURTH FIFTH FIRST SECOND THIRD FOURTH FIFTH FIRST stronger law enforcement; improved tech industry practices; and better alignment of CYBERCRIME SECURITY E-COMMERCE THIRD SECOND FIRST FIFTH FOURTH THIRD SECOND FIRST FIFTH FOURTH THRID SECOND FIRST FIFTH FOURTH economic incentives with societal benefits.
    [Show full text]
  • Taking Down Websites to Prevent Crime
    Taking Down Websites to Prevent Crime Alice Hutchings, Richard Clayton and Ross Anderson Computer Laboratory University of Cambridge Cambridge CB3 0FD Email: fi[email protected] Abstract—Website takedown has been used to disrupt criminal affected [35], [36]. Moore and Clayton [33] examined the activities for well over a decade. Yet little is known about its effects of website takedown on phishing, and found that it overall effectiveness, particularly as many websites can be re- is helpful, but it cannot completely mitigate phishing attacks placed rapidly and at little cost. We conducted lengthy interviews with a range of people actively engaged in website takedown, as it will never be instantaneous. including commercial companies that offer specialist services, organisations targeted by criminals, UK law enforcement and II. RESEARCH QUESTIONS service providers who respond to takedown requests. We found We interviewed key players who are actively engaged in that law enforcement agencies are far less effective at takedown than commercial firms, who get an awful lot more practice. the website takedown process to explore the issues with it in We conclude that the police must either raise their game, or depth. The questions we tackle in this research are: subcontract the process. 1) How do websites differ according to their criminal purpose? I. INTRODUCTION 2) What organisations are involved in website takedown? Website takedown is a key tool used by financial institutions 3) How are websites taken down? to defend against ‘phishing’ – the use of fraudulent websites 4) What are the challenges with website takedown? to steal customer credentials [33].
    [Show full text]
  • Financial Fraud a Literature Review Arjan Reurink
    MPIfG Discussion Paper 16/5 Financial Fraud A Literature Review Arjan Reurink MPIfG Discussion Paper MPIfG Discussion Paper Arjan Reurink Financial Fraud: A Literature Review MPIfG Discussion Paper 16/5 Max-Planck-Institut für Gesellschaftsforschung, Köln Max Planck Institute for the Study of Societies, Cologne May 2016 MPIfG Discussion Paper ISSN 0944-2073 (Print) ISSN 1864-4325 (Internet) © 2016 by the author About the author Arjan Reurink is a doctoral researcher at the Max Planck Institute for the Study of Societies, Cologne. Email: [email protected] Downloads www.mpifg.de Go to Publications / Discussion Papers Max-Planck-Institut für Gesellschaftsforschung Max Planck Institute for the Study of Societies Paulstr. 3 | 50676 Cologne | Germany Tel. +49 221 2767-0 Fax +49 221 2767-555 www.mpifg.de [email protected] Reurink: Financial Fraud: A Literature Review iii Abstract This paper describes the empirical universe of financial fraud as it has been documented in the academic literature. More specifically, it describes the different forms of fraudulent behavior in the context of financial market activities, the prevalence and consequences of such behavior as identified by previous research, and the economic and market structures that scholars believe facilitate it. To structure the discussion, a conceptual distinction is made between three types of financial fraud: financial statement fraud, financial scams, and fraudulent financial mis-selling. What emerges is a picture of financial fraud as a complex phenomenon that can take very different
    [Show full text]
  • Improving Phishing Countermeasures: an Analysis of Expert Interviews
    > FOR CONFERENCE-RELATED PAPERS, REPLACE THIS LINE WITH YOUR SESSION NUMBER, E.G., AB-02 (DOUBLE-CLICK HERE) < 1 Improving Phishing Countermeasures: An Analysis of Expert Interviews Steve Sheng,1 Ponnurangam Kumaraguru,2 Alessandro Acquisti,3 Lorrie Cranor,1, 2 and Jason Hong2 1Department of Engineering and Public Policy, Carnegie Mellon University, Pittsburgh PA 15213 USA 2School of Computer Science, Carnegie Mellon University, Pittsburgh PA 15213 USA 3Heinz School of Public Policy, Carnegie Mellon University, Pittsburgh PA 15213 USA In this paper, we present data from 31 semi-structured interviews with anti-phishing experts from academia, law enforcement, and industry. Our analysis led to eight key findings and 18 recommendations to improve phishing countermeasures. Our findings describe the evolving phishing threat, stakeholder incentives to devote resources to anti-phishing efforts, what stakeholders should do to most effectively address the problem, and the role of education and law enforcement. Index Terms—anti-phishing, expert interview, electronic crime. countermeasures that should be implemented to fight phishing I. INTRODUCTION more effectively, and incentives that various stakeholders have HISHING is a widespread problem that is impacting both in their fight against phishing. business and consumers. In November 2007, MessageLabs The experts we interviewed agreed that phishing is evolving Pestimated that 0.41% of the 3.3 billion emails going into a more organized effort. It is becoming part of a larger through their system each day were phishing emails [1]. crime eco-system, where it is increasingly blended with Microsoft Research recently estimated that 0.4% of email malware and used as a gateway for other attacks.
    [Show full text]
  • Priority Development Assistance Fund Scam
    Priority Development Assistance Fund scam From Wikipedia, the free encyclopedia The Priority Development Assistance Fund scam, also called the PDAF scam or the pork barrel scam, is a political scandal involving the alleged misuse by several members of the Congress of the Philippines of their Priority Development Assistance Fund (PDAF, popularly called "pork barrel"), a lump-sum discretionary fund granted to each member of Congress for spending on priority development projects of the Philippine government, mostly on the local level. The scam was first exposed in the Philippine Daily Inquirer on July 12, 2013,[1] with the six-part exposé of the Inquireron the scam pointing to businesswoman Janet Lim-Napoles as the scam's mastermind after Benhur K. Luy, her second cousin and former personal assistant, was rescued by agents of theNational Bureau of Investigation on March 22, 2013, four months after he was detained by Napoles at her unit at the Pacific Plaza Towers in Fort Bonifacio.[2] Initially centering on Napoles' involvement in the 2004 Fertilizer Fund scam, the government investigation on Luy's testimony has since expanded to cover Napoles' involvement in a wider scam involving the misuse of PDAF funds from 2003 to 2013. It is estimated that the Philippine government was defrauded of some ₱10 billion in the course of the scam,[1] having been diverted to Napoles, participating members of Congress and other government officials. Aside from the PDAF and the fertilizer fund maintained by the Department of Agriculture, around ₱900 million
    [Show full text]
  • Cybercrimes in the Former Soviet Union and Central and Eastern Europe: Current Status and Key Drivers
    Cybercrimes in the Former Soviet Union and Central and Eastern Europe: Current Status and Key Drivers By: Nir Kshetri Kshetri, Nir (2013). “Cybercrimes in the Former Soviet Union and Central and Eastern Europe: Current Status and Key Drivers,” Crime, Law and Social Change, 60(1), pp 39-65. The final publication is available at http://link.springer.com/article/10.1007%2Fs10611- 013-9431-4. ***Reprinted with permission. No further reproduction is authorized without written permission from Springer Verlag. This version of the document is not the version of record. Figures and/or pictures may be missing from this format of the document. *** Abstract: Some economies in the Former Soviet Union and Central and Eastern Europe (FSU&CEE) are known as cybercrime hotspots. FSU&CEE economies have shown complex and varied responses to cybercrimes due partly to the differential incentives and pressures they face. This study builds upon literatures on white-collar crime, institutional theory and international relations (IR)/international political economy (IPE) perspectives to examine the low rates of prosecution and conviction of suspected cybercriminals in some economies in the FSU&CEE and variation in such rates across these economies. The findings indicate that cybercrime cases are more likely to be prosecuted and sanctions are imposed in economies that are characterized by a higher degree of cooperation and integration with the West. Cybercriminals are less likely to be jurisdictionally shielded in such economies. Our findings also suggest that a high degree of cooperation and integration with the West would lead to access to resources to enhance system capacity and law enforcement performance to fight cybercrimes.
    [Show full text]
  • Spear Phishing
    9 SearchSecurity g spear phishing Posted by Margaret Rouse WhatIs.com c s o n Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source... (Continued) Email and LOOKING FOR SOMET HING ELSE? messaging T e chnique s f or gat he ring re quire me nt s in Agile scrum threats 0 SOA t re nds: From microse rvice s t o appde v, what t o e xpe ct in 2015 se condary st orage RELAT ED T OPICS Email Security Guidelines… e T ECHNOLOGIES Phishing + Show More 1 Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking 2 unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade f secrets or military information. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority. Visiting West Point teacher and National Security Agency expert Aaron Ferguson calls it the "colonel effect." To illustrate his point, Ferguson sent out a message to 500 cadets asking them to click a link to verify grades.
    [Show full text]
  • Leveraging the Multi-Disciplinary Approach to Countering Organised Crime
    Leveraging The Multi-Disciplinary Approach to Countering Organised Crime Anna Cevidalli Technical Report RHUL{MA{2010{06 31st March 2010 Department of Mathematics Royal Holloway, University of London Egham, Surrey TW20 0EX, England http://www.rhul.ac.uk/mathematics/techreports ROYAL HOLLOWAY MSc PROJECT Anna Cevidalli Student Number: 100630541 Supervisor: John Austen Leveraging The Multi-Disciplinary Approach to Countering Organised Crime An Evaluation for Information Security and Business Professionals SEPTEMBER 2009 Submitted as part of the requirements for the award of the MSc in Information Security at Royal Holloway, University of London. I declare that this assignment is all my own work and that I have acknowledged all quotations from the published or unpublished works of other people. I declare that I have also read the statements on plagiarism in Section 1 of the Regulations Governing Examination and Assessment Offences and in accordance with it I submit this project report as my own work. Signature Date ACKNOWLEDGEMENTS I would like to thank the staff at Royal Holloway and especially John Austen, my Project Supervisor, for their invaluable support and assistance in completing this project. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- Anna Cevidalli RHUL MSc Project – September 2009 (Main Document) TABLE OF CONTENTS 1 INTRODUCTION.....................................................................................................................1
    [Show full text]
  • Kochheim, Cybercrime Und Cyberwar
    Dieter Kochheim Cybercrime und Cyberwar Dieter Kochheim Cybercrime und Cyberwar 1941... 43 D, GB, USA Z3, ENIAC, Colossus 1957 USA Phreaking 1963 USA Telefonanlagen-Hacking ~ 1966 „akademisches“ Hacking 1969 USA ARPANET 1976 Dokumentation des Hacker-Jargons 1978 USA 1. Spam 1981 D Chaos Computer Club 1982 Virus für Apple 1984 D CCC: Onlinebanking-Manipulation (Demo) USA Hackermagazin „2600-Magazine“ USA Cult of the Dead Cow 1985 D KGB-Hack Gotcha: Trojaner löscht Festplatte 1986 Bootvirus für DOS 1987 Lehigh: speicherresidenter Virus 2 von 24 © Dieter Kochheim, 17.11.10 Dieter Kochheim Cybercrime und Cyberwar Mitnick: Kunst des Einbruchs (2005) Stoll: Kuckucksei (1989) Telefondienste, Spielautomaten, Zwischen 1985 und 1989 drang die modernes Hacking hannoversche Hackergruppe um Karl Koch und Markus Hess im ders.: Kunst der Täuschung (2003) Auftrag des KGB auf der Suche nach nützlichen Informationen soziale Techniken, weltweit in verschiedene Social Engineering Computersysteme des Militärs, von Hochschulen und Unternehmen ein. 3 von 24 © Dieter Kochheim, 17.11.10 Dieter Kochheim Cybercrime und Cyberwar 1989 Rus Virenepidemie 1990 polymorpher Virus Bulgarien Hacker-Fabriken 1995 D SoftRAM USA 2600-Magazine, bösartige Codes: WM/Cap, W32/Donut, W2K/Stream, W64/Rugrat, SymbOS/Cabir China Webseite: Voice of the Dragon 1996 USA Cult of the Dead Cow ... 2002 USA Gambino-Familie: Pornographie im Internet D Phishing 1997 China Goodwell gründet die Green Army (3.000 Mitgl.) D Dialer 1998 Rus Virus-Fabriken D Grabbing Napster. Filesharing 4 von 24 © Dieter Kochheim, 17.11.10 Dieter Kochheim Cybercrime und Cyberwar Paget: Paget: Mehrere Mitglieder der Gambino- In Russland begann der Hacking- Familie gestanden 2005, von 1996 Boom 1998 infolge der Finanzkrise.
    [Show full text]
  • Improving Phishing Countermeasures: an Analysis Ofexpert Interviews
    Improving Phishing Countermeasures: An Analysis ofExpert Interviews 2 2 Steve Sheng,' Ponnurangam Kumaraguru.i Alessandro Acquisti;' Lorrie Cranor, 1, and Jason Hong 'Department ofEngineering and Public Policy, Carnegie Mellon University, Pittsburgh PA 15213 USA 2School ofComputer Science, Carnegie Mellon University, Pittsburgh PA 15213 USA 3Heinz School ofPublic Policy, Carnegie Mellon University, Pittsburgh PA 15213 USA In this paper, we present data from 31 semi-structured interviews with anti-phishing experts from academia, law enforcement, and industry. Our analysis led to eight key findings and 18 recommendations to improve phishing countermeasures. Our findings describe the evolving phishing threat, stakeholder incentives to devote resources to anti-phishing efforts, what stakeholders should do to most effectively address the problem, and the role of education and law enforcement. Index Terms-anti-phishing, expert interview, electronic crime. more effectively, and incentives that various stakeholders have I. INTRODUCTION in their fight against phishing. PHISHING is a widespread problem that is impacting both The experts we interviewed agreed that phishing is evolving business and consumers. In November 2007, MessageLabs into a more organized effort. It is becoming part of a larger estimated that 0.41% of the 3.3 billion emails going through crime eco-system, where it is increasingly blended with their system each day were phishing emails [1]. Microsoft malware and used as a gateway for other attacks. Some of the Research recently estimated that 0.4% of email recipients are experts suggested that incentives for fighting phishing may be victimized by phishing attacks [2]. The annual cost to misaligned, in the sense that the stakeholders who are in a consumers and businesses due to phishing in the US alone is position to have the largest impact do not have much incentive estimated to be between $350 million and $2 billion [3].
    [Show full text]