Crimes of our times

October 2009 Information Security

Elize Buys, Crime Researcher, CGCSA

Elize Buys from the Consumer Goods Council examines modern crime that faces every individual and business.

The imagery usually associated with the word crime is that of violence. We think of a robber holding a gun against your head while waiting at the robot at the highway turnoff or a retailer may see a store full of customers being forced to lie down and robbers running out the door with cash.

Violent crime is so traumatic and prevalent in our thoughts that from time to time other types of crime takes a back seat. Understandably so, yet the effects of commercial and computer related crimes could be just as catastrophic to the victims.

Recently the seventh annual e-crime survey has been published, this article will highlight several of the findings of the survey and also discuss a new modus operandi of these types of criminals.

Key findings

Individuals who took part in the survey represent a cross-section of strategic and operational disciplines including the IT security, fraud investigations, corporate security, audit and risk. They share the commonality of being directly responsible for preventing e-crime as it affects their organisations and their customers. The majority of respondents (80%) work in the private sector, and the results of the survey represent a spectrum of opinions from those in industries that include financial services, retail, telecommunications, oil and gas, utilities, gambling, manufacturing, media, transport and logistics. It would therefore be beneficial for retailers to take note of the key findings (e-Crime survey 2009, 2009).

The following are some of the significant findings made during the analysis of the survey results:

* 79% of survey respondents do not believe that security software based on signature detection offers a sufficient level of protection to Internet users.

* 50% of respondents from IT security do not believe their organisation is sufficiently protected against malware when considering internal Internet usage trends, attack vectors, potential targets, security update procedures and the risks associated which compromise their business.

* 62% of respondents do not believe their business dedicates enough time, budget and resources to locating vulnerabilities.

* 66% of respondents agree that an increase in out-of-work IT professionals during the recession will lead to more people with technical skills joining the cyber-criminal underground economy.

* 41% of respondents have indicated an increase in the technical sophistication of attacks on their network.

* 45% of respondents indicated an increase in phishing targeting employees.

* 49% of respondents from financial services companies have registered an increase in the technical sophistication of attacks on their customers.

* 63% of respondents classify infected websites as an attack vector most likely to lead to a compromise of their customers’ online security.

(e-Crime survey 2009, 2009)

Variations on a theme

Criminals have now thought of another way to gain access to personal information. SIM swapping is used by fraudsters to illegally attain funds. The scam involves fraudsters convincing cellular operators to perform a SIM swap on the victim’s number – which could then be used in combination with phishing attacks to execute fraudulent activities (Absa and SMS Swapping Scams, 2008).

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication (Wikipedia, 2009).

What to look out for when identifying an e-mail scam (Source: ABSA online banking alert, 2009):

* Deceptive subject lines: These look as if they are genuinely related to the company supposedly sending the e-mail.

* Forged sender’s address: An easy deception method to make the e-mail appear as though it has come from the company it is claiming to be.

* Genuine looking content: They copy images and text styles of the real sites in order to fool the reader. Trusts and authentication marks are duplicated and they may even have genuine links to the company’s privacy policy and other pages on the legitimate website to create an illusion of authenticity.

* Disguised hyperlinks: e-mails may display a genuine website address, but when you click on it, the hyperlink will take you to a different website. Look out for a long website address as it will take you to the site after the @ symbol. Example: http://[email protected]

If you clicked on this hyperlink it would take you to http://fraud-site.com as it is after the @ symbol.

* E-mail form: These forms containing your personal information are submitted to remote computers, which the fraudsters access and then use your information to commit fraud on your bank accounts.

The SIM swap takes place after the fraudsters have received the customer’s logon details as a result of customers acting on phishing e-mails. SIM swapping is when the cellular provider transfers a client’s SIM card identity to that of a fraudsters SIM card, cancelling the previous SIM card in the process. The result is no signal on the old SIM card which means, the client cannot receive or make phone calls or send SMS messages. The one time password which is sent to the customer then reaches the fraudster instead of the legitimate owner and the fraudster is able to create and pay beneficiaries fraudulently (ABSA warns Internet + cellphone banking clients of fraudulent activity, 2007).

The following are recommended steps to be taken when criminals target a victim:

* If a potential victim suspects that they are the recipient of a phishing e-mail, they should not click on any of the links in the e-mail or complete any of the information. The e-mail should be deleted immediately (ABSA warns Internet + cellphone banking clients of fraudulent activity, 2007).

* Should your phone lose signal for no apparent reason, the cellular service provider must be contacted to find out why the phone has no signal. The client should also immediately contact his/her bank’s internet banking contact centre, if the SIM swap has taken place to request that the Internet Banking service be suspended with immediate effect, to prevent fraudsters from gaining access to the service. (ABSA warns Internet + cellphone banking clients of fraudulent activity, 2007).

Conclusion

The e-Crime survey concludes with three serious warnings:

* Firstly, methods of attack will always innovate in line with the defences that are deployed. In order to be sure of success cyber-criminals will determine the point of least resistance, rather than look to bypass existing security barriers.

* Secondly, where there is inherent vulnerability in a process or series of processes, it is not necessary for the weapon to be sophisticated in order to achieve your aim. It is simply necessary for the victim to be unaware that they are at risk, or over-confident of their defensive ability.

* Finally, cyber-criminals will continue to target the one area that neither business, nor government or law enforcement can protect: the online consumer (e-Crime survey 2009, 2009).

References

ABSA online banking alert, 2009.

http://www.absa.co.za/absacoza/content.jsp?/Home/Campaigns/Campaign/Phising-Fraud

Accessed on 2009/05/25

Wikipedia: Phishing, 2009-05-25

http://en.wikipedia.org/wiki/Phising

Accessed on 2009/05/25

e-Crime survey 2009, 2009. Editor Hawes, J.

Absa and SMS Swapping Scams, 2008

http://www.mydigitallife.co.za/index.php?option=com_content&task=view&id=1038412&Itemid=43

Accessed on 2009/05/12

ABSA warns internet + cellphone bankingclients of fraudulent activity, 2007