Safe Internet Blog

Whether we like it or not, we are all living in the Information Age. We have nothing left but adapt to rapidly developing information technology, no matter who we are and what we do for living.  The Internet, in particular, means for us boundless opportunities in life and business ?but also lots of dangers unheard of just a decade ago. We should be aware of these dangers if we want to use the huge potential of the Internet and to avoid the hazards it brings us. Warning: There are Websites You’d Better Not Visit Phishing websites Thanks to authors of numerous articles on this topic, “classic” phishing technique is relatively well known. This scam involves setting bogus websites and luring people to visit them, as a rule, by links in emails. Phishing website is disguised to look like a legitimate one — of a bank or a credit card company, and users are invited to provide their identifying information. Sites of this kind are used solely to steal users’ passwords, PIN numbers, SSNs and other confidential information.

At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more these fraudulent websites resembled legitimate ones. Phishers are getting smarter. They eagerly learn; there is enough money involved here to turn criminals into earnest students. Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for — to steal information. It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security experts warn about commercialisation of malware — cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively.

It is considered that a man major in web hosting review may help a lot on  computer support or web design.

Safe Internet Blog fraudulent websites, identity theft, Internet fraud, keylogger, malicious code, malicious websites, online banking fraud, phishing, scams, Spam, spim, spyware, toxic blogs., trojans

A community bank based in the Midwest {recently|a short time ago|just of late} intercepted an {elaborate|complicated|complex|sophisticated} ACH fraud scheme involving {unwitting|unsuspecting|innocent|unaware} mules and multiple financial institutions. With $1B in assets and eight branches, this bank’s case {proves|shows|confirms|demonstrates} sophisticated fraudsters aren’t {solely|exclusively|only} targeting the nation’s {largest|major|leading|biggest} institutions and banks. Organizations of all sizes should {consider|contemplate|ponder|think about} additional online fraud prevention {strategies|approaches|tatics|policies} to counter today’s {evolving|growing|developing|rising} threats.

Founded in {the early|the beginning of|the early years of the} 1900s, this community bank {(let’s call it “CB” for short)|(We’ll name it “CB”)|(for our purposes “CB”)} knows that customers {trust it|have faith in it|have confidence in} and its reputable brand. And they must be {actively|vigorously|aggressively} guarded against online banking fraud cybercrime. Accordingly, it takes a proactive {approach|tactic|methodology} of cooperating with anti-fraud {teams|groups|people} at other banks and federal law enforcement to {aid|help|assit} transaction monitoring and criminal investigations. However, this case {provides|offers|imparts} two lessons: all financial institutions – and their customers – should {closely|intently|carefully} monitor online fraud detection account activity and not rely {entirely|totally|exclusively} on multiple layers of authentication to protect them; and catching {suspicious|dubious|untrustworthy} online access early prevents fraud from {materializing|emerging|occurring} later in other channels.

The {victim|prey|target} in this case was a nonprofit organization that was a small business {customer|client|patron}. Most likely using key logging malware, the fraudster(s) obtained the online account credentials of a fully authorized {individual|person|party} from the nonprofit. CB has three layers of online banking security that all {failed|didn’t work|was unsuccessful}: username/password, a challenge question, and the customer’s unique PIN are required to {execute|perform|carry out|implement} transactions. On the first day of the compromise, session logs {revealed|exposed|uncovered} the fraudster {got|obtained|gained} oriented and tested privileges – looking at account balances, transaction history, and even modifying a pending ACH transaction. If this {unusual|atypical|abnormal} account {reconnaissance|exploration|investigating} activity had been {flagged|caught|recognized}, that might have been the {end|finish|conclusion} of the attack, but it wasn’t.

The next day, the fraudsters {executed|performed|carried out|implemented} an ACH batch file {containing|holding|including} 16 separate debit transfers – each less than $9,000 to stay {undetected|unnoticed|unobserved} – for a total withdrawal of $142,000. The transfers were {sent|forwarded|remitted} to accounts at eight banks, all larger institutions, in states throughout the U.S. The post-event investigation {utilized|made use of|employed} IP geolocation tools to {uncover|expose|reveal} nearly simultaneous fraudulent access to the compromised account from Oklahoma and Ohio – again {unusual|not normal|abnormal} for the account holder.

Here’s where this case gets {interesting|worthy of not|remarkable}: Recipient account owners were {unwitting|unsuspecting|unaware} mules who thought they had been hired via the Internet to do {legitimate|acceptable|valid} jobs. One thought she had been hired by a firm providing a moving {allowance|payment|grant} for her relocation out of state; the other thought he was employed by an insurance company based in Switzerland. Mules were instructed to {empty|clear|vacate} the funds from their accounts the day they arrived, to use Western Union to send the money to (bogus) {beneficiaries|recipients|receivers} at locations in Texas and Florida, but to {keep|take|retain} 5 percent of the amount as a “commission.” {Many|A lot|Several} of the mule accounts were new and had been opened online.

Investigators {obtained|got|gained} the phony “employee manual” that the criminals {provided|gave|supplied} to the mules. One look reveals the level of {sophistication|cleverness|complexity} of this scam as well as the {great|enormous|vast} lengths taken to {recruit|draft|enlist} and train unwitting participants. The manual {explains|describes|makes clear} that Prime Insurance, a firm based in Switzerland, is encountering “business and strategic obstacles” to being able to {operate|do business|function} in the U.S. The mules are called “regional clerks” who help the company by {distributing|handing out|allocating} “reimbursements to policy holders” via wire transfer. Mules are “under evaluation” for two months {before|prior to|ahead of} being offered “full employment,” perhaps {allowing|providing|premitting} for rapid turnover.

In this case, the {victimized|wronged|offended} nonprofit had opted in to CB’s online banking alerting {feature|attribute|element} for debit activity, so an e-mail was triggered automatically. Unfortunately it was not read {immediately|right away|at once}, so the funds were already gone. CB {scrambled|moved quickly|rushed} to execute an ACH reversal file that same day. {Quick|Fast|Speedy} action, luck and direct follow up with the eight receiving institutions resulted in {blocking|stopping|preventing} 12 out of the 16 transfers. Two of the fraudster’s mules were {actually|in fact} in their banks at the time {trying|attempting|seeking} to withdraw the funds, but were intercepted.

Ultimately, the customer {realized|suffered|experienced} a $35,000 loss, not insignificant for a nonprofit and it sought to prosecute the mules for their part in the {scheme|plot|ploy|ruse}. To avoid CB’s fate, and any {potential|possible|prospective} damage to customer retention {resulting|ensuing|coming} from cases like this, follow these guidelines:

1. {Bolster|Strengthen|Toughen} security measures for online accounts. As implemented, CB’s login, challenge and PIN layers {essentially|basically|in effect} amounted to three passwords easily {compromised|broken}. Thresholds for challenges were based on {simple|straightforward|plain} geolocation rules that didn’t trigger with the domestic access. Cookies for device ID had been {subverted|undermined|broken}. Monitoring online accounts for {suspicious|dubious|suspect} behavior after the login is a best practice for {complementing|supplementing|adding to} authentication technologies.

2. Don’t wait for {actual|real|valid} transactions to detect fraudulent activity. Account reconnaissance occurred a day before the crime and the entire {scheme|plot|ploy|ruse} could have been shut down immediately if {detected|observed|witnessed}. Today’s behavior-based account monitoring technologies can {detect|observe|witness} benign-looking reconnaissance {activities|actions|goings-on} that don’t involve financial transactions.

3. {Beware|Be cautious|Be wary} of new retail accounts created online that {immediately|straight away|at once} start moving large amounts of money. Cooperate and {collaborate|team up|join forces} with peers on known and suspected mules, who should be tracked. Mules often handle {multiple|many|several|numerous} fraudulent transactions at {multiple|many|several|numerous} institutions, and can {flip|turn|turn over} from victim to criminal if they {suddenly|quickly|abruptly} keep stolen funds for themselves.

Safe Internet Blog online banking fraud, online fraud detection, online fraud prevention, risk based authentication, transaction monitoring

The latest threat to online banking accounts and online fraud detection involves fraudsters using a multi-step scheme that involves dissimilar interaction points with financial institutions.

Cyber-criminals commit this cross-channel Internet banking fraud by first unauthorized logging-in to an account via the online channel to pinch vital information such as account balances, check images, or signature blocks, in order to perform wire, check and other types of offline scams that never get linked to the original breach online.

Unfortunately, the online channel’s role in these schemes is often overlooked. This is precisely what makes this kind of fraud so effective – and tough to catch. Financial institutions merely register the final transaction fraud, and don’t account for the original breach, which often occurs in the online channel. Add this to the actuality that consumers don’t know it is happening, and the fraudsters have a perfect opportunity to continuously get away with this offense.

Case in point is what took place recently to a leading financial institution that provides for tens of thousands of customers daily. Despite aggressive efforts to defend its online environment, fraudsters executed a startling cross-channel fraud scheme.

Here’s how the fraud scheme happened:

1. The fraudster telephoned the institution’s customer service number and, using social engineering procedures, reset the online account password and contact phone number.

2. The fraudster gained access to the online account, discovered more about the customer’s online activities, and downloaded check images holding the customer’s signature.

3. The fraudster then called on a separate institution using the stolen information to open a brand new account in the victim’s name.

4. A wire transfer was authorized to empty the victimized account and credit the new account at institution #2. Because the names on the accounts were matching and the fraudster had provided a phone number under his/her control and a official looking signature, an offline confirmation of the transfer by phone, as a additional means of identification, passed and was authorized.

5. The fraudster withdrew his loot piecemeal, visiting separate branches in a state different than the victim’s.

Legacy Fraud Detection Approaches Blind to Online Activity

When fraudsters use schemes involving multiple interactions with distinct touch-points across an institution, they aren’t caught since the precursor online channel violation is often overlooked.

Common industry operation registers the conclusive fraud transaction as the breach point, and case forensics employ limited resources to return insight that cannot track the original breach to the online channel. When accessed only for reconnaissance, the online channel records no “transaction” for discovery. This is precisely what makes cross-channel fraud so successful – and so hard to catch. Moreover, as what kind of fraud is our earlier example to be classified. Is such a loss wire fraud, check fraud, or simply “online account fraud”?

A next-generation approach to online fraud detection and prevention is needed if we are to continue to retain customer confidence in the online banking security. According to Javelin Research’s 2007 Identity Fraud Survey Report, it takes an average of 60 days for consumers to even spot that fraud has occurred. This leaves fraudsters with a ideal opportunity to perform successful cross-channel fraud crimes if financial services providers don’t take preventative steps to protect both their customers and their bottom line. New best practices and back-end technologies that focus on online behavior can better isolate and prevent cross-channel fraud at the source.

Modeling Individual Account Behavior Interrupts Fraud at Its Source

An growing best practice Normal 0 false false false MicrosoftInternetExplorer4 of online fraud prevention is to employ predictive models of individual customer online activities to detect when the “customer” logging in isn’t who they say they are, even if they pass authentication. Beyond simple machine signature technology, user profiling technologies rely on trended analysis of behavior account by account. They start by understanding what “normal” behavior is for each individual customer – and admit that there is no single blueprint of “normal” behavior to write an anti-fraud rule to.

Dynamic, model-based investigation of account activity “does the math” – correlating what by themselves may seem like frail indicators of fraud until a clear pattern emerges. Behavior that diverges from what is expected becomes suspicious – the more the deviation, the more profound the suspicion. This comprehensive analysis allows for more granular risk scoring and better matching with offline activity patterns. A spin-off of this behavioral analysis Normal 0 false false false MicrosoftInternetExplorer4 through transaction monitoring software, also provides a rich history of online activity that aids investigation and forensics.

Using these techniques, institutions can identify the fraudster via the warnings to online activity outside the customer’s probable behavior. Deploying strong analytics at the source – the online channel – ensures that fraudsters’ assaults are shut down before any damage is done.

Safe Internet Blog fraud detection and prevention, internet banking fraud, multi factor authentication, online bank fraud, online banking fraud, online banking security, online fraud detection, online fraud prevention, risk based authentication, transaction monitoring