DOCSLIB.ORG

Payment and Fraud Prevention Track

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Payment and Fraud Prevention Track It takes a network to defeat a network Fraud Prevention @ IATA Anca Dolocan Portfolio Manager, Card & Fraud Services Contents Fraud Prevention @ IATA 3 Industry Cooperation, Communication, Support 4 Industry Standards for Fraud Prevention 13 IATA Fraud Prevention Standards Governance Groups 16 Q&A 17 4 Fraud Prevention @ IATA High-level Overview Current initiatives led or managed by IATA for the airlines industry and where airlines and travel agents should play an active role: Regional Fraud Prevention Workshops Global Airports Action Days (GAAD) in cooperation with Europol IATA Frequent Flyer Program Fraud Prevention Workshop & Advisory Forum IATA Global Fraud Prevention Event IATA Strategic Partners Briefing Day IATA Strategic Partnership program for fraud prevention IATA Standards Governance fraud prevention groups Cooperation, Education, Support GAAD Overall Stats Airline participation Cooperation, Education, Support 2019 Satisfaction Survey - NPS 71 Overall Rating of the FFP Fraud Prevention Workshop (Day 1 & 2) 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Networking Interaction Agenda Excellent Satisfactory Average N/A Overall Rating of the FFP Fraud Prevention Advisory Forum (Day 3) 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Excellent Satisfactory Average N/A See you in 2020 at Dallas, USA Save the Date 23-25 June 2020 Cooperation, Education, Support www.iata.org/global-fraud-prevention Cooperation, Education, Support https://www.iata.org/about/sp/Documents/industry_fraud_prevention.pdf Industry Standards simplify common processes, reduce costs and complexity Passenger Standards Conference (PSC) re-organized as of 1 November 2018 manages all standards activity touching passenger processes, coding and scheduling has ultimate decision-making authority over all standard setting activity within its scope every member airline is able to attend and vote adopts or changes Resolutions and Recommended Practices elects the Board Members to oversee the standards across each business domain Pay-Account Standards Board (PASB) Made up of 18 airlines Have oversight across the strategy and direction of standards within their domain Manage implementation and ensure that standard setting activities are prioritized based on airline requirements Explore new areas where industry standards could add value and propose areas where industry standards should be discontinued. Payment FP Group Members FFP FP Group Members Chair Vice-Chair Chair Vice-Chair Secretary Secretary Thank you! Anca Dolocan [email protected] AND… See you in 2020! Destination will be announced at the end of the IATA World Financial Symposium – Stay tuned! www.iata.org The Cybercrime Economy Its impacts upon fraud IATA World Financial Symposium: Miami 2019 Dr Michael McGuire University of Surrey 22 Themes & Aims • To briefly explore a key trend in Cybercrime – the emergence of a complex set of (criminal) trading relations – the cybercrime economy • To consider the relationships between this economy and fraud • To evaluate some implications of this for enterprise, in particular the aviation industry 23 Research focus • Based upon findings of an 18 month piece of research - The Web of Profit project, which aimed to understand the outputs of cybercrime, not its inputs • That is: • Not what cybercriminals ‘do’ - attack vectors, malware types, perpetrators, computer dependent v computer enabled crime variants, etc etc • Why cybercriminals ‘do’ - Revenues, laundering, spending investments etc etc. • Methodology included: interviews with convicted cybercriminals; covert observation and simulated purchases on darknet; analysis of listings; expert/practitioner surveys 24 Changing Perceptions of Cybercrime • We once thought `cybercrime’ happened in a place called ‘cyberspace’ • It involved ‘technical’ things like viruses or network compromises • It involved clever young computer experts - hackers, crackers etc. • It was about stealing credit card numbers, personal credentials etc. • Enhancing cybersecurity (perimeter protection & firefighting) was the optimal response 25 The New Cybercrime BUT The research identified a range of more fundamental, less discussed factors now seemingly crucial to cybercrime 26 The New Cybercrime – NEW REVENUE GENERATION $$ Counterfeits $$ $$ IP Theft $$ A dizzying range of methods & mechanisms for generating $$ Trade Secrets $$ $$ Data Trading $$ revenues, often at industrial scales $$ Crimeware $$ $$ Skills hire $$ $$ Advertising $$ $$ Crypto Mining $$ 27 The New Cybercrime – NEW VALUE FORMS • A new form of raw material and trading commodity - the extraction and exchange of data. • Not just data from stolen credit or debit cards • A range of newer data forms with value : - hotel/airline loyalty points, - Netflix logins - ‘likes’ on Facebook - soft drink formulas - healthcare records 28 The New Cybercrime – NEW EXCHANGE MECHANISMS • Rapidly expanding range of supporting digital financial tools • Digital currencies • payment systems • P2P banking apps • Mobile payments & banking 29 The New Cybercrime – NEW ECONOMIC AGENTS • Specialised economic agents - such as producers, suppliers, service providers and consumers • Tool supply, technical support and provision of skills and expertise • Training, professionalization, recommendations and references. • New markets & dedicated Production Zones Râmnicu Vâlcea hacker village (Romania) 30 A Cybercrime Economy Cybercrimes Revenues Laundering Other Spending crime 31 Cybercrime Revenues Cybercrime Economy now worth: $1.5 trillion in revenues annually - at minimum 32 Scale of Cybercrime economy • $1.5 tn likely to be a conservative estimate • Many revenue categories were not included/lacked sufficient data to calculate - for example: • Figure for illicit online sales included only pharmaceuticals, drugs and counterfeits • Estimates for the Crimeware category included only Ddos Hire, Trojan related malware & hacker for hire revenues. BUT - Malware sales; exploits; etc also generate significant (as yet uncosted) revenues • Numerous categories of fraud eg ticket fraud, auction fraud not included 33 The Cybercrime Economy and fraud • Two key connections: (1) The emerging cybercrime economy (and its success) highly dependent upon fraud. For example, many of the key ingredients of this economy derived from fraud (2) In turn, the cybercrime economy is changing fraud and fraud practices 34 The Cybercrime Economy – dependence upon fraud $1.5 trillion in revenues = Illicit/illegal online markets Fraudulent goods & counterfeiting $860bn per annum Trade Secret/IP theft Spoofing, Impersonation, Sale of product $500bn per annum designs Data Trading Card fraud, chargeback/friendly fraud, loyalty $160bn per annum frauds Crimeware/CaaS Account takeovers, Identity theft $1.6bn per annum Ransomware $1bn per annum 35 The Cybercrime Economy – FOUR impacts upon fraud 1: The Cybercrime economy generates more incentives to engage in fraud ● Economy worth more than combined profits of top 3 Fortune 500 companies (Walmart, Apple & Berkshire Hathaway) ● Economy worth more than annual GDP of Saudi Arabia ($.75tn) ● Highest earners can make up to $2m/£1.4m – almost as much as a FTSE250 CEO, Mid-level operators can make up to $372,000/£263,000 ● Result: Projected total global fraud losses amounted to nearly USD $4 trillion in 2018 ● Organizations lose up to 5% of their annual revenues to fraud ● Airlines projected to lose up to $3bn to fraud by 2021 36 Global rise in fraud/economic crime 37 The Cybercrime Economy – FOUR impacts upon fraud 2: The Cybercrime economy is enabling more varieties of fraud • Trade in tools enabling spread of ransomware fraud attacks on airports – recent (2018-19) attacks on Cleveland airport; Louisville Airport, Bristol & Atlanta • Invoices being traded in this economy enabling serious financial frauds for airlines. JAL recently lost nearly 400m yen ($3.4m) after payments for leased airplanes were diverted by cybercriminals • Lost 24m yen in a similar ploy involving fake emails from a US cargo business. • Huge amounts of data relating to membership/loyalty accounts for sale on darknet. Up to 72% airline loyalty programs have an issue • We were offered details of airline executive cv’s, vacation plans and other personal details by darknet vendors. 38 The Cybercrime Economy – FOUR impacts upon fraud 3: Cyber Frauds creating increasing financial & reputational costs • BA hack of card details, CVV codes and email addresses resulted in £183m fine; costs in reputational damage unknown … • Heathrow airport fined £120,000 for failing to secure sensitive data following employees loss of a USB stick • Cathy Pacific facing expensive class actions after biggest aviation databreach in history - 9.4m customers had data including passport numbers, identity card numbers, travel history, email addresses compromised • Protests to Air Canada mount after passport data on their app (used by 1.7m customers) was accessed in 2018 39 The Cybercrime Economy – FOUR impacts upon fraud 4: The Cybercrime economy enabling easier movement & concealment of fraud revenues • 4% of European cyber revenues alone now laundered by crypto currency (around $80bn) • 10 - 20% of cybercriminals use PayPal or other DPS systems to launder money • 95% of all ransomware profits were laundered through BTC-e Bitcoin exchange in 2017-18 • Airlines being drawn into this burgeoning industry: - Physical transportation of cash (staff and passengers) - Exploitation of 3rd parties (eg travel agents) & suppliers - Airline ticketing identified as a potential
Load more

Recommended publications
  • 2020 Identity Theft Statistics | Consumeraffairs
    2020 Identity Theft Statistics | ConsumerAffairs Trending Home / Finance / Identity Theft Protection / Identity theft statistics Buyers Guides Last Updated 01/16/2020 News Write a review 2020Write a review Identity theft statistics Trends and statistics about identity theft Learn about identity theft protection by Rob Douglas Identity Theft Protection Contributing Editor In 2018, the Federal Trade Commission processed 1.4 million fraud reports totaling $1.48 billion in losses. According to the FTC’s “Consumer Sentinel Network Data Book,” the most common categories for fraud complaints were imposter scams, debt collection and identity theft. Credit card fraud was most prevalent in identity theft cases — more than 167,000 people reported a fraudulent credit card account was opened with their information. Identity theft trends in 2019 In the next year, the Identity Theft Resource Center (ITRC) predicts identity theft protection services will primarily focus on data breaches, data abuse and data privacy. ITRC also predicts that https://www.consumeraffairs.com/finance/identity-theft-statistics.html 2020 Identity Theft Statistics | ConsumerAffairs consumers will become more knowledgeable about how data breaches work and expect companies to provide more information about the specific types of data breached and demand more transparency in general in data breach reports. Cyber attacks are more ambitious According to a 2019 Internet Security Threat Report by Symantec, cybercriminals are diversifying their targets and using stealthier methods to commit identity theft and fraud. Cybercrime groups like Mealybug, Gallmaker and Necurs are opting for off-the-shelf tools and operating system features such as PowerShell to attack targets. Supply chain attacks are up 78% Malicious PowerShell scripts have increased by 1,000% Microsoft Office files make up 48% of malicious email attachments Internet of Things threats on the rise Cybercriminals attack IoT devices an average of 5,233 times per month.
    [Show full text]
  • Cyber Threats to Mobile Phones Paul Ruggiero and Jon Foote
    Cyber Threats to Mobile Phones Paul Ruggiero and Jon Foote Mobile Threats Are Increasing Smartphones, or mobile phones with advanced capabilities like those of personal computers (PCs), are appearing in more people’s pockets, purses, and briefcases. Smartphones’ popularity and relatively lax security have made them attractive targets for attackers. According to a report published earlier this year, smartphones recently outsold PCs for the first time, and attackers have been exploiting this expanding market by using old techniques along with new ones.1 One example is this year’s Valentine’s Day attack, in which attackers distributed a mobile picture- sharing application that secretly sent premium-rate text messages from the user’s mobile phone. One study found that, from 2009 to 2010, the number of new vulnerabilities in mobile operating systems jumped 42 percent.2 The number and sophistication of attacks on mobile phones is increasing, and countermeasures are slow to catch up. Smartphones and personal digital assistants (PDAs) give users mobile access to email, the internet, GPS navigation, and many other applications. However, smartphone security has not kept pace with traditional computer security. Technical security measures, such as firewalls, antivirus, and encryption, are uncommon on mobile phones, and mobile phone operating systems are not updated as frequently as those on personal computers.3 Mobile social networking applications sometimes lack the detailed privacy controls of their PC counterparts. Unfortunately, many smartphone users do not recognize these security shortcomings. Many users fail to enable the security software that comes with their phones, and they believe that surfing the internet on their phones is as safe as or safer than surfing on their computers.4 Meanwhile, mobile phones are becoming more and more valuable as targets for attack.
    [Show full text]
  • We Are All Rwandans”
    UNIVERSITY OF CALIFORNIA Los Angeles “We are all Rwandans”: Imagining the Post-Genocidal Nation Across Media A dissertation submitted in partial satisfaction of the requirements for the degree Doctor of Philosophy in Film and Television by Andrew Phillip Young 2016 ABSTRACT OF DISSERTATION “We are all Rwandans”: Imagining the Post-Genocidal Nation Across Media by Andrew Phillip Young Doctor of Philosophy in Film and Television University of California, Los Angeles, 2016 Professor Chon A. Noriega, Chair There is little doubt of the fundamental impact of the 1994 Rwanda genocide on the country's social structure and cultural production, but the form that these changes have taken remains ignored by contemporary media scholars. Since this time, the need to identify the the particular industrial structure, political economy, and discursive slant of Rwandan “post- genocidal” media has become vital. The Rwandan government has gone to great lengths to construct and promote reconciliatory discourse to maintain order over a country divided along ethnic lines. Such a task, though, relies on far more than the simple state control of media message systems (particularly in the current period of media deregulation). Instead, it requires a more complex engagement with issues of self-censorship, speech law, public/private industrial regulation, national/transnational production/consumption paradigms, and post-traumatic media theory. This project examines the interrelationships between radio, television, newspapers, the ii Internet, and film in the contemporary Rwandan mediascape (which all merge through their relationships with governmental, regulatory, and funding agencies, such as the Rwanda Media High Council - RMHC) to investigate how they endorse national reconciliatory discourse.
    [Show full text]
  • Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used
    Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations that send unsolicited bulk e-mail address. Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software. Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least. Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation.
    [Show full text]
  • Social Engineering Exposures
    Aon Risk Solutions Financial Services Group Client Alert: Social Engineering Exposures While social engineering can refer to many things outside of a risk management context, within the insurance world, social engineering has assumed a specific, and notable, meaning. In brief, social engineering refers to the use of identity deception to gain the confidence of an employee to induce him or her to part with an organization’s money or securities. We will explore some of the most common forms of social engineering, relevant coverage interpretations, and available coverage solutions. Where Does The Threat Arise From? While a “theft” has undoubtedly occurred in a We’re here to Social engineering attacks can come in many social engineering loss, the commercial crime empower results forms, including: policy likely has not been triggered because the If you have questions employee did not “steal” the money/securities about your specific § Phishing scams are attempts by fraudsters to coverage or want more directly, and the employee certainly did not induce individuals into providing personal information, please benefit from it. Historically, crime policies did not information such as bank account numbers, contact your Aon broker. explicitly address social engineering, thus resulting passwords, and credit card numbers aon.com in varying outcomes. § Spear phishing is an electronic communications scam targeted towards a specific individual, Relevant Cases organization, or business Although a few courts have found coverage for § Vishing, or voice phishing is the criminal social engineering losses under crime policies, practice of using social engineering over the most courts have found that social engineering telephone to gain access to private personal and losses are not covered under the policy’s financial information Computer Fraud, Funds Transfer Fraud, or Forgery § SMiShing (short for “SMS phishing”) is a coverage agreements.
    [Show full text]
  • Types of Fraud
    Types of Fraud Phishing A form of identity theft in which a scammer uses an authentic-looking e-mail to trick recipients into giving out sensitive personal information, such as a credit card numbers, bank account numbers, Social Security numbers or other sensitive personal information. Vishing Voice phishing is the criminal practice of using social engineering over the telephone system, most often using features facilitated by Voice over IP (VoIP), to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of "voice" and phishing. Voice phishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations known to the telephone company, and associated with a bill-payer. The victim is often unaware that VoIP makes formerly difficult-to-abuse tools/features of caller ID spoofing, complex automated systems (IVR), low cost, and anonymity for the bill-payer widely available. Voice phishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals. SMiShing In computing, SMS phishing or smishing is a form of criminal activity using social engineering techniques. Phishing is the act of attempting to acquire personal information such as passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. SMS (Short Message Service) is the technology used for text messages on cell phones. SMS phishing uses cell phone text messages to deliver the bait to induce people to divulge their personal information. The hook (the method used to actually capture people's information) in the text message may be a website URL, but it has become more common to see a telephone number that connects to an automated voice response system.
    [Show full text]
  • Counterfeit Medicines and Criminal Organisations
    Study report COUNTERFEIT MEDICINES AND CRIMINAL ORGANISATIONS - All rights reserved to IRACM - 2 Eric Przyswa, Research Fellow Mines ParisTech in the Centre for Research on Risks and Crises, wrote this report under the leadership and initiative of the Institute of Research against Counterfeit Medicines (IRACM). The author writes in many French and foreign academic reviews (Hermès, Futuribles, Tribune de la santé, Information and Society, etc.) and conducts research on the human safety. The report is available in its entirety on: www.iracm.com. Institut de Recherche Anti-Contrefaçon de Médicaments 54 avenue Hoche 75008 Paris - France [email protected] IRACM – September 2013 - All rights reserved to IRACM - 3 - All rights reserved to IRACM - 4 COUNTERFEIT MEDICINES AND CRIMINAL ORGANIZATIONS IRACM and Eric Przyswa - All rights reserved to IRACM - 5 Table of contents Foreword __________________________________________________________________________ 9 Introduction _______________________________________________________________________ 11 I. Medicine counterfeiting, criminal organisations and cybercrime __________________________ 13 I.1. Counterfeiting, falsification and medicines ___________________________________________ 13 I.2. State of play __________________________________________________________________ 16 In light of this assessment of counterfeit medicines, how can a more specific analysis be made of the criminal organisations involved in this ever-growing illicit trafficking? __________________________ 23 I.3. Criminal organisations
    [Show full text]
  • Example of Trojan Horse
    Example Of Trojan Horse Hassan fled his motherliness jumps saliently or next after Gerhardt premises and clabber heroically, unicolor and catenate. Maury usually mangling flirtingly or clamour unmeaningly when genteel Kurtis brutify lest and languishingly. Lex influencing kitty-cornered if xerophilous Lucio hocus or centrifuging. And according to experts, it remains so. As with protecting against most common cybersecurity threats, effective cybersecurity software should be your front line of protection. But what if you need to form an allegiance with this person? Another type of the virus, Mydoom. Wonder Friends to read. When first developed, Gozi used rootkit components to hide its processes. What appearsto have been correctly uninstalled or malware that i get the date, or following paper describes the horse of! Please enter your password! Adware is often known for being an aggressive advertising software that puts unwanted advertising on your computer screen. In as far as events are concerned; the central Intelligence Agency has been conducting searches for people who engage in activities such as drug trafficking and other criminal activities. If someone tries to use your computer, they have to know your password. No matter whether a company favors innovation or not, today innovation is key not only to high productivity and growth, but to the mere survival in the highly competitive environment. The fields may be disguised as added security questions that could give the criminal needed information to gain access to the account later on. It is surprising how far hackers have come to attack people, eh? Run script if the backdoor is found, it will disconnect you from the server, and write to the console the name of the backdoor that you can use later.
    [Show full text]
  • Trojans, Click Fraud, and Money Appeals Are Just a Few of the Vectors That Help Malware Writers Take Advantage of Internet Users Mcafee Security Journal Fall 2008
    Security Vision from McAfee® Avert® Labs Fall 2008 SOCIAL ENGINEERING The World’s Leading Security Threat TROJANS, click fraud, and money appeals are just a few of the vectors that help malware writers take advantage of Internet users McAfee Security Journal Fall 2008 Editor Contents Dan Sommer Contributors Anthony Bettini Hiep Dang Benjamin Edelman Elodie Grandjean 4 The Origins of Social Engineering From Odysseus’ Trojan horse to Jeff Green phishing on the Internet: Deception just won’t go away. By Hiep Dang Aditya Kapoor Rahul Kashyap Markus Jacobsson 9 Ask and You Will Receive The psychology of social engineering: Karthik Raman Why does it work? By Karthik Raman Craig Schmugar 13 Social Engineering 2.0: What’s Next Click fraud appears one of the Statistics most likely threats that we’ll face in the near future. By Markus Jakobsson Toralv Dirro Shane Keats 16 The Beijing Olympics: Prime Target for Social Engineering Malware David Marcus The five rings, and other major events, are an irresistible attraction for François Paget malware authors. By Elodie Grandjean Craig Schmugar 22 Vulnerabilities in the Equities Markets Can hackers make money Illustrator from Patch Tuesday and other company news? By Anthony Bettini Doug Ross 28 The Future of Social Networking Sites Lots of money and users make Design social sites another magnet for malware. By Craig Schmugar PAIR Design, LLC 31 The Changing Face of Vulnerabilities Social engineering tricks can Acknowledgements lead users into holes in software. By Rahul Kashyap Many people helped create this issue of the McAfee Security Journal. We would like to cite a number of the key 34 Typosquatting: Unintended Adventures in Browsing Incautious web contributors: the senior executives at browsing can lead to the unexpected.
    [Show full text]
  • The Trojan Horse Defense in Cybercrime Cases, 21 Santa Clara High Tech
    Santa Clara High Technology Law Journal Volume 21 | Issue 1 Article 1 2004 The rT ojan Horse Defense in Cybercrime Cases Susan W. Brenner Brian Carrier Jef Henninger Follow this and additional works at: http://digitalcommons.law.scu.edu/chtlj Part of the Law Commons Recommended Citation Susan W. Brenner, Brian Carrier, and Jef Henninger, The Trojan Horse Defense in Cybercrime Cases, 21 Santa Clara High Tech. L.J. 1 (2004). Available at: http://digitalcommons.law.scu.edu/chtlj/vol21/iss1/1 This Article is brought to you for free and open access by the Journals at Santa Clara Law Digital Commons. It has been accepted for inclusion in Santa Clara High Technology Law Journal by an authorized administrator of Santa Clara Law Digital Commons. For more information, please contact [email protected]. ARTICLES THE TROJAN HORSE DEFENSE IN CYBERCRIME CASES Susan W. Brennert & Brian Carrier with Jef Henninger* TABLE OF CONTENTS I. INTRODUCTION ............................................................. 3 II. LEGAL ISSUES ............................................................ 14 A. How the Trojan Horse Defense Is Used ...................... 16 1. Raise Reasonable Doubt ............................................ 16 2. Negate Mens Rea ..................................................... 18 3. Establishing the Defense .......................................... 18 B. How Can the Prosecution Respond? ............. .......... 21 1. Establish Defendant's Computer Expertise .............. 22 2. "Character" Evidence ..............................................
    [Show full text]
  • Financial Influenza Cyber Crime Check Fraud
    Financial Influenza: This file contains 114 slides on Cyber Crime and Check Fraud. Cyber Crime and Check Fraud Cyber Crime begins with Slide 3 Check Fraud begins with Slide 55 - Vaccines For Your Organization A longer version of this presentation that includes ATM Fraud can be downloaded at: www.safechecks.com/services/fraudprevention.html Greg Litster SAFEChecks (800) 949-2265 Cyber Crime Internet Spam 350 300 250 200 2007 119.6 billion 150 2008 349.6 billion 100 50 0 Spam Detected Symantec observed a 192% increase in spam Download this presentation at: across the Internet, from 119 billion messages in 2007 to 349 billion in 2008. www.safechecks.com/services/fraudprevention.html Bot networks were responsible for 90% of all spam. Malicious Code Threats Malicious Code Threats 500,000 450,000 400,000 1,500,000 350,000 2005 113,025 300,000 New 1,000,000 250,000 Malicious 2006 140,690 200,000 Code 500,000 150,000 Threats 2007 624,267 100,000 2008 1,656,227 50,000 0 0 New Malicious Jan- Jul-Dec Jan- Jul-Dec Jan- Jul-Dec Jan- Jul-Dec Jun 2004 Jun 2005 Jun 2006 Jun 2007 Code Threats 2004 2005 2006 2007 2/3 of ALL malicious code thru 2007 was created in 2007 The trend today is to “customize” code to target a specific organization or industry 1 1 Data Breach: Cost Data Breach: Compromise to Discovery 50 Minutes 0% In 2008 the average cost per data breach 40 Hours 8% incident in the United States was $6.7 million.
    [Show full text]
  • Identity Theft Glossary
    Identity Theft Glossary •Account takeover: An account takeover is when a fraudster uses personal information to ​ ​ obtain products and services. Credit card fraud is the most rampant, but skimming and phishing are also common types of account takeovers. •Anti-virus: Anti-virus software runs continuously in the background of a computer and ​ ​ scans for viruses, worms and malware every time the user accesses a website or downloads anything. •Bait and switch: A bait and switch attack is when a hacker buys advertising space on a ​ ​ webpage and then links the advertisement to a page infected with malware. •Black hat hacker: All hackers are capable of compromising computer systems and creating ​ ​ malware, but black hat hackers use these skills to commit cybercrimes. •Blockchain: A blockchain is a string of time-stamped digital records shared between ​ ​ multiple computers. If the data in one block changes, all subsequent blocks in the blockchain reflect the alteration and become invalid. Blockchains help prevent identity theft and fraud by making it difficult to tamper with the data in a block. •Bot: Short for “robot,” a bot is an autonomous program that interacts with computer ​ ​ systems in a way that appears or attempts to appear human. Hackers can use bots to mine for usernames and passwords used to commit identity fraud. •Cookie theft: Cookie theft is when a cybercriminal makes copies of unencrypted session ​ ​ data and then uses that data to impersonate someone else. •Credential cracking: Credential cracking describes the various methods — word lists, ​ ​ guessing and brute-force — cybercriminals use to obtain passwords. Credential cracking threats are why it’s important to create varied and complicated passwords for all accounts.
    [Show full text]