Weblink Items (52)
Abney and Associates Internet Technology: Why we remain disconnected even though we now connect more
The ubiquitous use of Internet everywhere except for the remotest corners of our globe today requires a technology that is unprecedented in the history of the human race. Satellites that transmit signals through a worldwide wireless communication infrastructure now surround our planet even more since Marconi (or should we say Tesla) invented the radio.
An Abney Associates Fraud Awareness Program: Cyber-Attacks Seen Defrauding Brazilian Payment System of Billions
Cyber- criminals have abused the Boleto Bancário online payment system to steal potentially billions of dollars, according to security firm RSA.
Cyber-Criminals have infected nearly 200,000 computers in Brazil and used their access to issue payment vouchers with an estimated value of $3.75 billion, according to an analysis of the attack published by security firm RSA on July 1.
Dubbed the "Bolware" gang, the criminals abuse the Brazilian payment system known as Boleto Bancário, which allows customers to promise to pay an online merchant, print out a payment slip with a barcode and remit money at a bank. While previous attempts to defraud the payment system used fake boleto, the latest attack, which started in late 2012, infects Web browsers on compromised computers and modifies legitimate boleto to route payment to the criminal accounts.
"The Boleto Malware (is) a newer and more sophisticated kind of fraud in Brazil that leverages MITB (man-in-the-browser) technology to attack online operations, and is based on transaction modification on the client side," RSA stated in its analysis. "Like any substantial cyber-criminal operation, the Bolware gang has continued to innovate, revising their purpose-built malware through 19 different versions.
While the details of the fraud differ from payment fraud in other nations, the techniques—such as using a man-in-the-browser attacks—are similar to how criminals are attempting to steal money from financial institutions in the U.S. and Europe. Criminals adopted man-in-the-browser attacks to defeat additional countermeasures—such as IP address and device identification—deployed by financial institutions.
"It is a class of problem where the arms race has migrated," Dan Kaminsky, co-founder and chief scientist of White Ops, an anti-fraud technology firm. "Once upon time, it was good enough to steal a customer's username and password and log into the bank from wherever and do whatever you wanted, but they soon figured out that a California customer should not be logging in from Latvia."
While banks in Brazil and other nations continue to fight against payment fraud, such attacks expose weaknesses and undermine trust in the financial ecosystem in most countries. Because customer-owned computers are generally thought to work on behalf of the user, banks typically argue that any fraud that originates from compromised customer systems are the responsibility of the victims. Such fraud rose more than 200 percent in the first nine months of 2013, according to Symantec.
Small U.S. businesses, for example, have lost hundreds of thousands of dollars to such attacks and sued their banks for allowing funds to be transferred to foreign nations, even though it was the business's machine that was compromised. Courts have generally split on whether the business is responsible for the lost money, or if banks should catch anomalous transactions and perform extra security measures.
A similar scam, where the attacker changed the banking information to which publisher Conde Nast sent funds, resulted in $8 million being transferred in six weeks, but the money was frozen before attackers could transfer it to their own bank accounts
While the Brazilian crime network is not large compared to other botnets, the potential profits for its operators are huge, according to RSA.
"Boleto malware is a major fraud operation and a serious cyber-crime threat to banks, merchants and banking customers in Brazil," the company stated. "While the Bolware fraud ring may not be as far-reaching as some larger international cybercrime operations, it does appear to be an extremely lucrative venture for its masterminds."
Article source:
http://www.eweek.com/security/cyber-attacks-seen-defrauding-brazilian-payment-system-of-billions.html
More Bonuses:
https://foursquare.com/p/abney-and-associates/4648947
http://abneyandassociates.blogspot.com/
An Abney Associates Fraud Awareness Program: The resurgence of data-entry phishing attacks
How do you solve a problem like data-entry phishing?
‘Old school’ email social engineering or data-entry phishing is an attack method that has been on the rise in recent months, notably employed by the Syrian Electronic Army to hack seemingly every major media outlet in the Western hemisphere.
Data-Entry phishing emails lure employees into freely giving up their login credentials by taking them to a seemingly legitimate landing page. Attackers then use the credentials to establish a foothold in the network.
When spear phishing, data-entry style emails contain a link that takes the recipient to a webpage( http://abneyandassociates.blogspot.com/ ) that appears to be a genuine corporate or commercial site soliciting login information.
Despite their pervasiveness and high-success rate, data-entry attacks seeking login credentials and other sensitive information have been a secondary concern for enterprises.
Information security teams have been more concerned with phishing emails that attempt to carry out drive-by attacks through a malicious link or malware delivery via an attachment.
Since data-entry phishing attacks don’t require malware, it’s quite possible to fall victim to this technique and never even realise it. Victims will often enter their information and not recognize something is wrong. Without the presence of malware, these attacks often go undetected by technical solutions.
However, this doesn’t mean the consequences are any less severe.
Once attackers gain legitimate credentials into the network, their activity is difficult to detect. Using these credentials they can often exfiltrate significant amounts of information from overly permissive file shares, search for other devices with weak or default credentials, and possibly escalate privileges to dump entire username/password databases that can continue to grant future access.
This activity may have the appearance of an insider threat, so breaches caused by data-entry phishing are often attributed to this source. Is it really an inside job if they gained access through a spear phish?
From an attacker’s perspective, what is easier: researching social media to craft a spear phishing email, or recruiting an actual insider within the organisation?
Some experts in the security industry have identified two-factor authentication as a way to mitigate this threat; however, two-factor authentication will not prevent phishing. While two-factor authentication makes it more difficult to phish an account, it will not prevent this type of attack from being successful.
If a user is tricked into revealing login credentials to a false landing page, two-factor authentication will only limit the time the hacker has access to the account. Attackers would need to collect the second factor of authentication, but the underlying tactics would remain the same.
Even if two-factor authentication could prevent phishing, for large enterprises implementing the solution across the board is often cost prohibitive and a logistical nightmare. This isn’t to say that two-factor authentication doesn’t improve security, but it isn’t a panacea.
The same goes for technologies( https://twitter.com/Abney_and_Assoc ) and services that take down phishing websites. At best, these technologies offer lead times of four to eight hours to take down phishing sites. It can often take longer, particularly if the site’s domain is in an unfriendly country or if the site is hosted using a subdomain on a large provider. Continue reading: http://www.information-age.com/technology/security/123458148/resurgence-data-entry-phishing-attacks
An Abney Associates Fraud Awareness Program: Identity fraud is on the increase
Abram Mashego and Omphemetse Molopyane
Recent statistics by the Southern African Fraud Prevention Service (SAFPS) reveal that identity fraud( http://abneyandassociates.blogspot.com/ ) is on the increase.
Based on the year-to-date figure, 1 370 cases had been reported to the SAFPS as at the end of April.
Experts warn that the figure could be the tip of the iceberg as the statistics only indicate the cases that have been recorded.
There was a 16% increase in fraud from a total of 3327 cases in 2012 to a total of 3873 cases in 2013.
The crime cost the local economy a whopping R1bneach year. It is estimated that the number of incidents could exceed the 4000 mark by the end of 2014.
Frank Lenisa, director of credit bureau Compuscan, said they had been keeping a close watch on the situation and was endeavouring to educate consumers and assist them in preventing the negative impact that fraud can have on their credit reports.
“It’s concerning to see that there is an increase in identity fraud.
What worries us even more is that consumers are often unaware that they have fallen victim to such a crime and this could have a severe negative knock-on effect in their ability to obtain credit in future,” said Lenisa
Lenisa also said it was important for credit-active consumers to keep a close eye on account activity in their name to prevent and recover from identity fraud.
“This is one of the steps that can be taken to protect the health of their credit records.
Credit-active consumers can safeguard themselves by obtaining a copy of their credit reports( http://pinterest.com/jamesassoc1/abney-and-associates/ ) as regularly as possible and carefully examining every piece of information.
It is recommended that this is done once a month,” he said
He added that consumers should carefully examine their statements, keep their passwords and identity numbers secure and shred receipts and statements before discarding them.
“It must also be stressed that personal information should never be given over the phone and the authenticity of websites should be checked before entering any personal information,” said
According to the latest National Credit Regulator Credit Bureau Monitor, there were 20.
64 million credit-active consumers in South Africa as at the end of December last year and each one of these consumers are urged to pay close attention to the threat of fraudulent activity that could affect their credit records.
Credit-active consumers can safeguard themselves by obtaining a copy of their credit reports as regularly as possible and carefully examining every piece of information.
Source link: http://www.thenewage.co.za/129197-1007-53-Identity_fraud_is_on_the_increase
An Abney Associates Fraud Awareness Program: Little reform since Snowden spilled the beans
LONDON – A year has passed since the American former intelligence contractor Edward J. Snowden began revealing the massive scope of Internet surveillance by the U.S. National Security Agency.
His disclosures have elicited public outrage and sharp rebukes from close U.S. allies like Germany, upending rosy assumptions about how free and secure the Internet[see here: http://www.facebook.com/pages/Abney-and-Associates/135106286651750 ] and telecommunications networks really are.
Single-handedly Snowden has changed how people regard their phones, tablets and laptops, and sparked a public debate about the protection of personal data.
What his revelations have not done is bring about significant reforms.
To be sure, U.S. President Barack Obama, spurred by an alliance between civil society organizations and the technology industry[see here: https://twitter.com/Abney_and_Assoc ], has taken some action. In a January speech, and an accompanying presidential policy directive, Obama ordered American spies to recognize that “all persons should be treated with dignity and respect, regardless of their nationality or wherever they might reside, and that all persons have legitimate privacy interests in the handling of their personal information.”
Some specific advances, unprecedented in the shadowy world of intelligence agencies, have accompanied this rhetorical commitment to privacy. When technology companies sued the government to release details about intelligence requests, the Obama administration compromised, supporting a settlement that allows for more detailed reporting. Under this agreement, companies have the option of publishing figures on data requests by intelligence agencies in ranges of 250 or 1,000, depending on the degree of disaggregation of the types of orders.
Though this represents a step forward, it is far from adequate, with gaping loopholes that prohibit reporting on some of the most notorious NSA programs such as the dragnet collection of phone records under Section 215 of the USA Patriot Act.
Moreover, Obama has demurred on the most significant recommendations of the independent review group that he appointed.
And the USA Freedom Act, which was meant to stop the mass collection of Americans’ phone records, is being diluted by a set of amendments that would enable the government to continue collecting metadata on millions of individuals without their consent.
This metadata — covering whom we talk to, when and for how long — can reveal as much about our private lives as the content itself.
Relative to the rest of the world, the United States has taken the strongest action since the Snowden revelations began. Of course, Snowden exposed more about the U.S. government’s surveillance activities than any other country. But the documents also included egregious examples of overreach by the Government Communications Headquarters, the United Kingdom’s signals intelligence agency and information about intelligence sharing in the so-called “Five Eyes” network of the United States, the United Kingdom, Canada, Australia, and New Zealand.
The agreements that govern the pooling and exchange of intelligence among these governments remain closely guarded secrets. Continue reading: http://www.japantimes.co.jp/opinion/2014/06/22/commentary/world-commentary/little-reform-since-snowden-spilled-beans/#.U6dYuRunqeQ
An Abney Associates Fraud Awareness Program on Apple implements MAC anti-tracking technique
‘Double standards’: Apple implements MAC anti-tracking technique used by Aaron Swartz
Apple is going to implement random MAC addresses technology in its iOS8 devices, an anonymity-granting technique which late computer prodigy Aaron Swartz was accused of using to carry out his infamous MIT hack.
Swartz, who faced criminal prosecution on charges of mass downloading academic documents and articles, was also accused of using MAC (Media Access Control) spoofing address technology( https://foursquare.com/v/abney-and-associates/510cc324183fd8dd6d11d543 ) to gain access to MIT’s subscription database.
At the time of his suicide at the age 26, Swartz was facing up to 35 years in prison, the confiscation of assets and a $1 million fine on various charges.
Now computer giant Apple is installing a MAC address randomizing system into its products. The company announced that in its new iOS 8, Wi-Fi scanning behavior will be “changed to use random, locally administered MAC addresses.”
MAC-address is a unique identifier used by network adapters to identify themselves on a network, and changing it could be regarded as an anti-tracking measure.
David Seaman, journalist and podcast host of “The DL Show,” told RT that a single technology cannot protect users from being spied upon and advised users to trust no one, particularly the companies that have been caught cooperating with agencies such as the NSA, or those who used to turn a blind eye toward governments’ illegal activities.
RT: Why is Apple suddenly becoming interested in boosting the privacy protection of its devices by spoofing MAC-addresses?
David Seaman: That’s one of the techniques that Apple has adopted to spoof these MAC-addresses and it’s just another step to make smart phones and other devices( http://www.scribd.com/abney_and_associates ), other mobile devices a bit more secure. Of course you have to keep in mind that a smart phone is to begin with not all that secure, because there are so many different application developers, as well as the fact that you have to rely on whatever cell phone company is providing you with a signal. So this definitely doesn’t make phones completely secure, but I think it’s a step in the right direction.
RT: Some argue that Apple’s attempt to protect the privacy of its users is pretty much useless because there are many ways to see where the device is. Do you agree that what they are trying to give us is perhaps not really the full picture?
DS: There are a number of other hardware identifiers, aside from the MAC-address that your cell phone is still emitting, and which, using cell towers, they can still find your exact location. So this definitely doesn’t restore total privacy to the user, it’s just one band aid. And I think if you’re injured, you should use as many band aids as possible.
But there’s also a larger thing here which is that governments are spying on us and these cell phones are not designed to be all that secure from day one. And there are a number of private companies that, I wouldn’t say spying, but eavesdropping on what you’re doing to make money out of you. And this is a growing problem as we spend more and more of our lives online and on our phones and we expect these things to be secure. Continue reading: http://rt.com/usa/167668-apple-mac-address-swartz/
An Abney Associates Fraud Awareness Program on YouTube Video Teaches Credit Card Fraud
Sad But True: YouTube Video Teaches Credit Card Fraud
The YouTube video features Lil Wayne rapping over a melancholy beat: "I see that guilt beneath the shame. I see your soul through your window pane."
Displayed on the screen is a message for aspiring credit card fraudsters.
"Everyone...I'm selling full cc generator...I also sell full cc...Have much more hacking tools, software and other Business to offer. Only serious buyers."
The pitch for credit card fraud plays alongside an ad for American Express credit cards -- which means that the apparent cybercriminal[see: http://abneyandassociates.tumblr.com ] who posted the video may profit not just on the stolen data but also on the ads purchased by the credit card companies that had their data stolen.
The odd set-up, it turns out, is not unique. YouTube is littered with videos marketing stolen credit cards and other tools for criminal ventures. (Many liven up their pitches with unauthorized samplings from famous musicians.)
A report to be released Tuesday by the Digital Citizens Alliance, an Internet safety advocacy organization, blasts Google Inc., YouTube's parent company, for profiting from ads paired with such videos.
The illicit videos are so common that it's almost inevitable that legitimate advertisers will get paired with them.
The process begins with a user posting a video onto the site and agreeing to allow ads. If the videos get a certain number of hits, their producers can get a cut of the revenue coming from the ads.
A search of credit card fraud[see: https://plus.google.com/b/116164595270606535651/116164595270606535651 ] terms reveals the extent of the problem: "CC Fullz" brings up 2,030 videos, according to the report. (Fullz is slang for a full package of identifying information on a credit card holder.) "Buy cc numbers" shows 4,850 results. And "CC info with CW" brings up 8,820 hits.
"Many of these videos are embedded with advertisements, which means that Google is effectively in business with crooks peddling stolen or bogus credit cards," the report states.
The videos are commonly displayed alongside ads for major companies. In one instance, the accompanying pitch was for Target, a company still reeling from the kind of credit card attacks these videos help facilitate.
Asked about the pairing by The Times, Target spokesman Evan Lapiska said "the ad placement in question is a clear violation of the contract terms with the vendor who manages ad placements online."
"We are working with them to address this issue as soon as possible," Lapiska said in a statement.
Target and other advertisers have little control over whether their promotions get paired up with fraud videos. The responsibility for weeding out such videos falls on YouTube and Google.
Tom Galvin, executive director of Digital Citizens Alliance, said Google has failed to implement a systemic fix for keeping such videos from going live.
Galvin acknowledged that it would be untenable for YouTube to check every video that gets uploaded onto the site. But he said common search terms such as "fake credit card numbers" should be vetted.
"YouTube is supposed to be this mainstream site," Galvin said. "It's not a good thing when these mainstream sites start looking like the dark corners of the Internet."
Galvin said he didn't blame the advertisers, such as Target, who ended up on the illicit videos: "They're kind of captive to the system."
Google, which owns YouTube, did not respond to questions from The Times.
[Source link: http://www.toptechnews.com/article/index.php?story_id=112003I4KQK0 ]
An Abney Associates Fraud Awareness Program: Mock email scam ensnares hundreds of bureaucrats at Justice Canada
Article source: http://globalnews.ca/news/1409363/mock-email-scam-ensnares-hundreds-of-bureaucrats-at-justice-canada/
OTTAWA – Many of the Justice Department’s finest legal minds are falling prey to a garden-variety Internet scam.
An internal survey shows almost 2,000 staff were conned into clicking on a phoney “phishing” link in their email, raising questions about the security of sensitive information.
The department launched the mock scam in December as a security exercise, sending emails to 5,000 employees to test their ability to recognize cyber fraud.
The emails looked like genuine communications from government or financial institutions, and contained a link to a fake website that was also made to look like the real thing.
Across the globe, an estimated 156 million of these so-called “phishing” emails are sent daily, and anyone duped into clicking on the embedded web link risks transferring confidential information – such as online banking passwords – to criminals.
The Justice Department’s mock exercise caught 1,850 people clicking on the phoney embedded links, or 37 per cent of everyone who received the emails.
That’s a much higher rate than for the general population, which a federal website says is only about five per cent.
The exercise did not put any confidential information at risk, but the poor results raise red flags about public servants being caught by actual phishing emails.
A spokeswoman says “no privacy breaches have been reported” from any real phishing scams at Justice Canada.
Carole Saindon also said that two more waves of mock emails in February and April show improved results, with clicking rates falling by half.
“This is an awareness campaign designed to inform and educate employees on issues surrounding cyber security to protect the integrity of the department’s information systems and in turn better protect Canadians,” she said in an email.
“As this project progresses, we are pleased that the effectiveness of this campaign is showing significant improvement.”
A February briefing note on the exercise was obtained by The Canadian Press under the Access to Information Act.
The document indicates there are more such exercises planned – in June, August and October – and that the simulations will be “graduating in levels of sophistication.”
Those caught by the simulation are notified by a pop-up window, giving them tips on spotting malicious messages.
The federal government’s Get Cyber Safe website says about 10 per cent of the 156 million phishing emails globally make it through spam filters each day.
Of those, some eight million are actually opened by the recipient, but only 800,000 click on the links – or about five per cent of those who received the emails.
About 10 per cent of those opening the link are fooled into providing confidential information – which represents a worldwide haul of 80,000 credit-card numbers, bank accounts, passwords and other confidential information every day.
“Don’t get phished!,” says the federal website, “Phishing emails often look like real emails from a trusted source such as your bank or an online retailer, right down to logos and graphics.”
The site says more than one million Canadians have entered personal banking details on a site they don’t know, based on surveys.
In late 2012, Justice Canada was embroiled in a major privacy breach when one of its lawyers working at Human Resources and Skills Development Canada was involved in the loss of a USB key.
The key contained unencrypted confidential information about 5,045 Canadians who had appealed disability rulings under the Canada Pension Plan, including their medical condition and SIN numbers. The privacy commissioner is still investigating the breach.
The department has some 5,000 employees, about half of them lawyers.
Visit our facebook page( http://www.facebook.com/pages/Abney-and-Associates/135106286651750 ) and follow us on twitter @Abney_and_Assoc( https://twitter.com/Abney_and_Assoc ).
An Abney Associates Fraud Awareness Program on Google disruption in China seen as government crackdown
BEIJING — When Yi Ran is working on new designs for his Yinshen Clothing company, he often turns to Google to search for pictures to use as inspiration. “The results are more complete and objective than Chinese search services,” the 30-year-old from Guangzhou said.
But for the past two weeks, when Yi has tried to call up the U.S. search engine, it’s been unavailable — as have a wide variety of other Google services, including Gmail, Google Books, Google Scholar and even country-specific search pages like Google.de, the company’s German home page.
Chinese authorities have given no explanation for the disruption, which began about five days before the 25th anniversary of the crackdown on pro-democracy protesters that culminated June 4, 1989, at Tiananmen Square in Beijing. Certain Google services such as YouTube have been totally unavailable in China for years, and politically sensitive periods like the Tiananmen anniversary often bring intensified, if temporary, censorship of many foreign news websites( http://abneyandassociates.tumblr.com ) and Internet search terms.
But experts said the current broad-based and prolonged disruption of Google offerings seems to be an escalated — and possibly long-term — crackdown on the Mountain View, Calif.-based Internet giant.
“It would be wrong to say this is a partial block. It is an attempt to fully block Google and all of its properties,” said a founder of GreatFire.org, a well-known website that has been monitoring China’s Internet( http://abneyandassociates.blogspot.com ) censorship program since 2011. The founder said via phone that the site’s administrators do not disclose their names publicly because of the sensitive nature of the content on their site. He would not reveal his real name, apparently fearing retribution.
So far, Google is taking a low-key approach. Spokesman Matt Kallman said the company had “checked extensively and there are no technical problems on our side” but refused to comment further. According to Google’s Transparency Report, an ongoing update on worldwide service disruptions to the company’s products, the slowdown in traffic from China began May 31.
Tensions between Beijing and Washington over cybersecurity have been escalating in recent weeks. Last month, the U.S. Justice Department formally charged five Chinese military officers with hacking into American companies and stealing trade secrets; China then said it would implement a security review on imported technology equipment.
Earlier this month, the state-run newspaper China Daily ran a story warning that companies like Google and Apple could pose a threat to Chinese users because of their cooperation with U.S. government surveillance activities. Those charges mirror warnings by American officials dating back several years that Chinese businesses, including Huawei Technologies Co. and ZTE Corp., have deep, suspicious ties with China’s government.
“We can only surmise that the step-up in blocking is linked to the increase in rhetoric and threats of retaliation sparked by the (FBI) ‘wanted’ posters with (People’s Liberation Army) officers, plus the smoldering resentment from the (Edward) Snowden disclosures,” said Duncan Clark, chairman of BDA, a Beijing investment consultant firm.
“All of this is emboldening the nationalist and protectionist camp, and weakening the voices of more pragmatic actors” such as corporate customers, consumers and those concerned about trade frictions, he added. Continue reading: http://www.knoxnews.com/news/2014/jun/22/google-disruption-in-china-seen-as-government/
An Abney Associates Fraud Awareness Program on Google disruption in China seen as government crackdown
BEIJING — When Yi Ran is working on new designs for his Yinshen Clothing company, he often turns to Google to search for pictures to use as inspiration. “The results are more complete and objective than Chinese search services,” the 30-year-old from Guangzhou said.
But for the past two weeks, when Yi has tried to call up the U.S. search engine, it’s been unavailable — as have a wide variety of other Google services, including Gmail, Google Books, Google Scholar and even country-specific search pages like Google.de, the company’s German home page.
Chinese authorities have given no explanation for the disruption, which began about five days before the 25th anniversary of the crackdown on pro-democracy protesters that culminated June 4, 1989, at Tiananmen Square in Beijing. Certain Google services such as YouTube have been totally unavailable in China for years, and politically sensitive periods like the Tiananmen anniversary often bring intensified, if temporary, censorship of many foreign news websites( http://abneyandassociates.tumblr.com ) and Internet search terms.
But experts said the current broad-based and prolonged disruption of Google offerings seems to be an escalated — and possibly long-term — crackdown on the Mountain View, Calif.-based Internet giant.
“It would be wrong to say this is a partial block. It is an attempt to fully block Google and all of its properties,” said a founder of GreatFire.org, a well-known website that has been monitoring China’s Internet( http://abneyandassociates.blogspot.com ) censorship program since 2011. The founder said via phone that the site’s administrators do not disclose their names publicly because of the sensitive nature of the content on their site. He would not reveal his real name, apparently fearing retribution.
So far, Google is taking a low-key approach. Spokesman Matt Kallman said the company had “checked extensively and there are no technical problems on our side” but refused to comment further. According to Google’s Transparency Report, an ongoing update on worldwide service disruptions to the company’s products, the slowdown in traffic from China began May 31.
Tensions between Beijing and Washington over cybersecurity have been escalating in recent weeks. Last month, the U.S. Justice Department formally charged five Chinese military officers with hacking into American companies and stealing trade secrets; China then said it would implement a security review on imported technology equipment.
Earlier this month, the state-run newspaper China Daily ran a story warning that companies like Google and Apple could pose a threat to Chinese users because of their cooperation with U.S. government surveillance activities. Those charges mirror warnings by American officials dating back several years that Chinese businesses, including Huawei Technologies Co. and ZTE Corp., have deep, suspicious ties with China’s government.
“We can only surmise that the step-up in blocking is linked to the increase in rhetoric and threats of retaliation sparked by the (FBI) ‘wanted’ posters with (People’s Liberation Army) officers, plus the smoldering resentment from the (Edward) Snowden disclosures,” said Duncan Clark, chairman of BDA, a Beijing investment consultant firm.
“All of this is emboldening the nationalist and protectionist camp, and weakening the voices of more pragmatic actors” such as corporate customers, consumers and those concerned about trade frictions, he added. Continue reading: http://www.knoxnews.com/news/2014/jun/22/google-disruption-in-china-seen-as-government/
An Abney Associates Fraud Awareness Program: Symantec issues warning over FIFA scam malware
OWN GOAL: Security software company said fraudsters were attempting to entice users to click on corrupted links with the offer of World Cup tickets
Security software firm Symantec Corp yesterday issued an alert ahead of the FIFA World Cup soccer tournament, calling on Internet users to heed the threat of malware scams disguised as free ticket give-aways.
The antivirus vendor said that there has recently been a rise in Internet scams( http://www.facebook.com/pages/Abney-and-Associates/135106286651750 ), with many using offers of free World Cup tickets to spread viruses or malware.
The tricks involve e-mails about such popular soccer stars as Lionel Messi and Cristiano Ronaldo to entice people to click on corrupted links, it said.
There are also false “live broadcast” links which carry the threat of phishing.
This kind of Internet scam usually asks the user to download and install a video player or fill out a questionnaire — both of which are designed to deceive soccer fans into sending money to the fraudsters, it added.
Saying that it expected scammers to turn to social networks soon, Symentek reminded Web users to be alert to potential fraud perpetrated in the name of the FIFA World Cup.
Fans wishing to follow the latest news about their favorite soccer players are advised to go to the official Web site( https://twitter.com/Abney_and_Assoc ) of the sports event, it said.
Those who plan to watch the event online should keep away from dubious Web sites and use services provided by trusted sports channels only, it said.
As an added precaution Web users should also update their operating systems and other software to the latest versions, which would ensure that their Web-enabled devices have the best protection against malware, it added.
Article source: http://www.taipeitimes.com/News/taiwan/archives/2014/06/10/2003592424
An Abney Associates Fraud Awareness Program : IBM patents technique for killing fraud, using click patterns
A new technology( http://abneyandassociates.tumblr.com/ ) would pick up on suspicious changes in people's online activity
Someday, if you use your non-dominant hand to control your mouse or touchpad when you're say, shopping online, websites might interpret your irregular scrolling and clicking as a sign of fraud and require you to prove your identity, thanks to an IBM fraud-detection patent.
The company has patented a technique for better detecting fraud online to prevent the theft of log-in credentials and other sensitive information, particularly in e-commerce and banking, it said Friday.
U.S. patent #8,650,080 is intended for a "user-browser interaction-based fraud detection system."
How people interact with websites, such as the areas of a page they click on, whether they navigate with a mouse or keyboard, and even how they swipe through screens on a smartphone or tablet, can all be identified, IBM said. The technology could identify sudden changes in online behavior, which would then trigger a secondary authentication measure, like a security question. It would work on a mobile device or PC.
If the technology works as IBM says it will, and other businesses license it, it could help to secure online transactions( http://abneyandassociates.tumblr.com/ ) against cyberattacks, such as the recent eBay hack. Sensitive information of up to 145 million people may have been breached in that recent attack.
It would also lend credence to IBM's previously stated ideas related to a "digital guardian" that would protect Internet users.
"It's important to prevent fraudulent financial transactions before they happen," said Brian O'Connell, an IBM engineer and co-inventor of the patent.
Trusteer, an IBM-owned company that makes malware detection technology mostly for banks, is already using some of the technology in the patent, IBM engineers said Friday. Other sites like eBay or Amazon might one day choose to license it as well.
While it might seem that the technology has the potential to cause false positives, IBM said the prototype it tested successfully confirmed identities and showed that sudden changes in browsing behavior were likely due to fraud.
And some Internet users might consider the technology to be an invasion of privacy. But the data gathered through the technology would not amount to personally identifiable information, said Keith Walker, another co-inventor on the patent.
Tackling fraud and financial crime is high on the agenda for IBM. Recently the company announced new software and services to address the US$3.5 trillion lost each year to fraud.
Source link: http://www.networkworld.com/article/2358259/byod/ibm-patents-technique-for-killing-fraud--using-click-patterns.html
An Abney Associates Fraud Awareness Program on Tap-and-go card fraud in Australia low: financial institutions
Tap-and-go card fraud in Australia( http://www.smh.com.au/it-pro/security-it/tapandgo-card-fraud-in-australia-low-financial-institutions-20140603-zrvzt.html ) is costing about 2¢ for every $100 of legitimate spending – half the rate of conventional card fraud, and a third of the rate of international card fraud, according to Visa.
And that's why Australia’s major banks, the Australian Payments Clearing Association and cards issuers such as MasterCard and Visa have been left scratching their heads over suggestions by the Victorian Police last week that there is a runaway increase in theft and fraud associated with contactless payment cards. They all claim that is at odds with their experience.
A meeting of the Fraud in Banking group, which brings together financial institutions, regulators and police forces from around Australia, is scheduled to be held later this week in Melbourne, when the topic will again be raised.
What sparked the controversy was the release last week of Victoria Police statistics which revealed a 45 per cent increase in deception cases. The police said most of that increase was due to misuse of tap-and-go cards with thieves specifically seeking the cards in car and home burglaries.
Victoria Police has been contacted for further comment.
Visa’s senior director of risk services, Ian McKindley, said the company monitored card fraud internationally, adding that the Australian rate of card fraud in face-to-face (not online) transactions was one of the lowest in the world. He added that the rate of contactless fraud was half that of other cards despite 45 per cent of all face-to-face card transactions in Australia now being contactless.
Mr McKindley said that after removing internet( http://abneyandassociates.blogspot.com/ ) fraud (transactions knows as card-not-present are a bigger financial fraud problem for the banks) the Australian cost of fraud using conventional cards was 4¢ in $100, contactless was around 2¢ in every $100, while the global figure is 6¢ in the $100.
Not only was the cost of fraud lower, criminal gangs had been unable to counterfeit the contactless cards, he said, alluding to the active underground market for stolen credit cards and payment details.
Mr McKindley said that Visa had been liaising with the Victorian government over its concerns since September.
Unlike most other states and territories in Australia, which simply record any reports of card theft at local police stations, in Victoria copies of reports( http://www.scribd.com/abney_and_associates ) of card theft are provided to issuing banks, which investigate the cases in place of Victoria Police.
Police forces were, however, alerted by the banks and card issuers if there was evidence of possible criminal gang activity in a particular area.
Australian Bankers’ Association chief executive Steven Munchenberg agreed that contactless card fraud levels were low.
“These cards use the same intelligent systems that look for stolen card activity to identify possible fraud on customers’ cards. This helps prevent fraud if the systems believe your card has been stolen. As is the case with credit cards, the bank may contact the customer to check that a transaction is legitimate. If a customer cannot be contacted, a staff member will decide whether to block the card until the bank can talk to the customer.”
Consumers who are issued with contactless payment cards are not yetable to disable that function, which was one of the concerns raised by Victorian Police and consumer protection bodies. However eftpos Australia, which is developing its own contactless payment card and smartphone app, is still deciding what limits it will set for contactless transactions (it may be lower than the $100 limit on the major cards) and whether it will allow users to turn off the tap-and-go function.
While the ABA was unable to comment on the extent of smartphone-based tap-and-go payments fraud, the still relatively low penetration of mobile payments apps coupled with the fact that many are secured with a PIN, suggests this is less of an issue for the banks and card issuers at present.
APCA CEO Chris Hamilton welcomed any efforts to reinforce the need for consumers to treat payment cards or apps with the same care as cash, but said APCA’s own statistics had not revealed a sudden surge in contactless card fraud.
However, he noted that the rise of chip and PIN cards, and the planned move away from the use of signatures to complete payments, was perhaps forcing an “opportunistic” change in criminal behaviour. Chip and PIN cards “shut down counterfeiters and skimmers” he said, which may have prompted a rise in direct card theft.
That had also been seen in other markets, such as Britain, when chip and PIN were rolled out, he said.
An Abney Associates Fraud Awareness Program on Most common cyber crimes in UAE are fraud involving money and extortion
Dubai: The number of people reporting cyber crimes has almost doubled in Dubai, according to Dubai Police.
Statistics from the cyber investigation department of Dubai Police show that they received a total of 1,419 reports in 2013, 792 in 2012 and 588 in 2011.
Lieutenant Colonel Saeed Al Hajiri, Director of the Cyber Investigation Department at Dubai Police, told Gulf News that the most common cybercrimes are fraud involving money and blackmail or extortion, especially sextortion.
He said these crimes are common because they are easy to commit from anywhere in the world.
All the cyber crimes that are found in the UAE, he said, are also found everywhere in the world, as the internet( http://abneyandassociates.tumblr.com/ ) is an open environment.
“But what matters is how we handle them. We work with international organsiations such as the Interpol, VGT [Virtual Global Taskforce] and the Europol to fight all kinds of internet crimes.” he said.
He added that the “internet has a lot of evil; we get a lot of different reports and complaints, so we have up-to-date data of all the trends in cyber crime.” Recently, the department launched a campaign to raise awareness about cyber crimes such as promises of non-existent jobs, personal information theft – especially photos, money-related fraud and so on.
No tolerance for paedophiles
Lt Col Al Hajiri, said they get reports from people of all ages, and there is no specific age group that is most vulnerable.
However, he said, they have a zero tolerance policy for paedophiles.
“We are proactive in protecting children from internet predators. Anyone who posts photos or videos or content that have paedophilic themes is tracked and arrested immediately, and sent to court for trial and deported.”
He said that they do not wait for someone to report such a crime; they monitor the internet and handle it instantly.
In the UAE, he said, there aren’t many instances of children-related internet sex crimes.
People fall into the trap of internet criminals due to a number of reasons, all of which have nothing to do with how well educated they are, he said.
He explained that usually people who fall into the trap of online criminals have some weakness or character flaw that the criminal uses to abuse and exploit them. Lack of social intelligence, being greedy, not being content, having an emotional void, and having financial troubles are some weaknesses that criminals target, he said.
Pornographic activities are illegal, and people should not get into illegal activities that can later on lead to sextortion. Lt Col Al Hajiri added that the country has a proxy in place to block pornographic content in order to protect people. However, he said, some people bypass this security measure and get into problems related to sextortion.
Follow us on twitter @Abney_and_Assoc( https://twitter.com/Abney_and_Assoc ).
An Abney Associates Fraud Awareness Program on Why Advertising Fraud is so high on the Internet
...and how the industry is trying to fix it.
When news that a sample of Mercedes-Benz's adverts was more widely viewed by bots than humans breaks in the same week that an audit company reveals four in five British advertisers have no idea how many of their advert impressions are fraudulent, you know an industry is in some sort of trouble.
"The market has been has been relentlessly pursuing success and performance and in so doing has lost sight of where adverts actually appear," said Duncan Trigg, chief executive of Project Sunblock, an auditing firm for advertisers and the authors of the aforementioned report( https://www.facebook.com/pages/Abney-and-Associates/135106286651750 ).
"Brand safety" has long been important for Project Sunblock's clients, with regular investigations run to check whether adverts are displayed alongside undesirable editorial content such as pornographic or racist material. But since the rise of programmatic advertising in 2009, in which space is bid for based on which demographics a company wishes to target, bots have become an increasing concern.
The Interactive Advertising Bureau (IAB) surveyed enterprise marketers last November, and found that 85% were using programmatic advertising. Of those who did half were trying to buy adverts more efficiently, with slightly more trying to target more effectively, and only 16% motivated by cost-cutting. Over the next two years 91% of advertisers are expected to take up programmatic advertising, despite anxieties about the practice.
Ascertaining who is actually viewing the campaigns is a growing trend for the auditors. Adverts appearing below the fold of a web page( http://abneyandassociates.blogspot.com/ ) are much less likely to be seen than those visible when the page opens. But more problematic than that is the rise of botnets in directing fraudulent traffic, with the IAB claiming that as much as a third of online traffic for adverts is robotic rather than human.
"Botnets are already surprisingly sophisticated and will only become more potent in time," said Andrew Goode, chief operating officer of Project Sunblock. "There are many pieces of malware used to infect PCs which are used to create fake traffic and then sold on to publishers through ad exchanges, and some of the bots are almost indestructible." Continue reading: http://www.cbronline.com/news/social/why-advertising-fraud-is-so-high-on-the-internet-4285415
An Abney Associates Fraud Awareness Program: Fraud soars as Britons fail to protect online identity
The number of confirmed identity fraud cases increased by 37 per cent between 2012 and 2013, new data reveals.
Analysis by credit-checking specialist Experian found that almost 13,000 cases of fraud were confirmed in 2013, with the biggest increases reported in account takeover fraud, loan fraud and mobile phone account-related fraud.
Experian said these increases are linked to the online habits of Britons.
An Abney Associates Fraud Awareness Program
One reader was victim to a scam email. She asks our consumer expert how she can be better informed about such emails in future
Ideally this type of email should be detected and diverted into a “spam” folder, but that doesn't always happen. You may not have such a filter, in which case have one installed. Even with one it is worth being alert to the fact that such emails can still get through to your main folder. It is best to delete them if they do, and also from any spam or trash folders.
An Abney Associates Fraud Awareness Program: Beware online banking scams
The New Zealand Bankers’ Association today encouraged people to be wary of online banking scams as part of Fraud Awareness Week 2014.
"Online scammers are constantly thinking up new ways to trick people into handing over personal information," said New Zealand Bankers’ Association chief executive Kirk Hope.
"Never give anyone your PIN or internet banking username or password. Your bank will never ask you for this confidential information. Anyone who asks for this, even if they say they’re from your bank or a retailer you know, will in all likelihood be trying to scam you.
"Once scammers have that information, such as your account number, log-in details, or password, they can access your identity and your money."
An Abney Associates Fraud Awareness Program on Nine tips for councils on tackling fraud
As fraud gets harder to detect, what can councils do to protect themselves?
- Fraud is getting harder to detect – so be vigilant Technology means fraud has become more sophisticated and harder to detect. Awareness and vigilance must be key to protecting ourselves and the economy from these organised criminals.
– Lee Ormandy is intelligence and legal manager at Surrey county council
- Beware of corruption growing in local government We think that the corruption risk for local government in the England has increased, and that – as a result – corruption in UK local government is likely to increase. We may not see the consequences for a decade. Many changes, such as those to the audit regime and ethical standards, are recent, and the precise consequences are not possible to predict. However, a lesson Transparency International has learnt across the world is that it is better to take notice of emerging risks and to act early, because once corruption takes root it can be very hard to eradicate. Relatively few cases of fraud and corruption can have high impact, and this affects trust in local government and in politics more generally.
– Nick Maxwell works for Transparency International UK
See more:
An Abney Associates Fraud Awareness Program: When Someone Steals Your Smartphone, Snap a Theftie
We all know selfies. And even dronies. But if you thought it could stop there, you are deeply naive. Bring on the “thefties.”
The name may come from a cheery social phenomenon, but thefties are a little more serious. They’re photos of electronics thieves taken with a tablet or smartphone’s front-facing camera. The goal is to give police something to go on if your device is stolen, or let you ID the culprit if it's someone you know.
Join us/Follow us:
An Abney Associates Tech Tips: Visa, MasterCard Renew Push for Chip Cards
Visa and MasterCard are renewing a push to speed the adoption of microchips into U.S. credit and debit cards in the wake of recent high-profile data breaches, including this week's revelation that hackers stole consumer data from eBay's computer systems.
Card processing companies argue that a move away from the black magnetic strips on the backs of credit cards would eliminate a substantial amount of U.S. credit card fraud. They say it's time to offer U.S. consumers the greater protections microchips provide by joining Canada, Mexico and most of Western Europe in using cards with the more advanced technology.
Chips aren't perfect, says Carolyn Balfany, MasterCard's group head for U.S. product delivery, but the extra barrier they present is one of the reasons criminals often choose to target U.S.-issued cards, whose magnetic strips are easy to replicate.
"Typically, fraudsters are going to go to the path of least resistance," Balfany says.
An Abney Associates Tech Tips: Americans Are More Afraid Of Credit Card Fraud
What are you afraid of?
That's the question that information technology company Unisys aims to answer in the 2014 installment of its annual security index, which measures eight major concerns of U.S. citizens in four areas: national, financial, internet, and personal security.
This year, credit card security tops the list, which may not be too surprising when you consider the hysteria surrounding the Heartbleed Bug. In fact, Americans are more concerned about technological threats than they are about physical ones, like war or terrorism.
An Abney Associates Tech Tips: Europe's order to mute Google angers US
MOUNTAIN VIEW, CALIF. — Europe's moves to rein in Google — including a court ruling this month ordering the search giant to give people a say in what pops up when someone searches their name — may be seen in Brussels as striking a blow for the little guy.
But across the Atlantic, the idea that users should be able to edit Google search results in the name of privacy is being slammed as weird and difficult to enforce at best and a crackdown on free speech at worst.
An Abney Associates Tech Tips: Inside the ‘iWatch’
Apple's anticipated entry to the wearable devices market has taken on near-mythical status, with rumors reaching every corner of the technology map. AppleInsider has rounded up some of the technologies most likely to find their way into the still-unannounced "iWatch."
An Abney Associates Tech Tips Google, Facebook Unmask Tech Support Scams
The Internet companies uncover 4,000 ad accounts using the names of 2,400 legitimate tech support businesses to trick people into downloading malicious software
Google and Facebook are finding cunning scams in which shysters advertise 800 numbers for bogus tech support that typically leads to people giving up personal data and downloading malicious software.
The companies described the schemes in the first report published by TrustInAds.org, a nonprofit group launched this week by AOL, Facebook, Google and Twitter. The organization is dedicated to educating people about malicious Web advertisements and deceptive practices.
Tech support scams were chosen for the subject of the group's debut report because of the craftiness of the fraudsters, Rob Haralson, executive director of TrustInAds.org, said Friday. Posing as a legitimate business and providing an 800 number in an online ad or related web page makes it difficult to identify the service as a scam.
An Abney Associates Tech Tips New online video aims to cut fraud
Derbyshire Constabulary have launched an online video to raise awareness and offer advice on courier fraud following recent incidents across the county.
The online video gives the public an insight into the scam to see how fraudsters are calling members of the public to convince them to hand over their banks cards and PIN to a courier.
The Daily Times’ phone number used as part of phishing scam: An Abney Associates Tech Blog
A phone number on a Maryville man’s caller ID that appeared to be from The Daily Times ended up being nothing more than a phishing scam.
The scam is described as con artists using techniques such as phony caller ID numbers to solicit personal information and money.
Beware of Phishing Scams: An Abney Associates Tech Blog
For the second week in a row, local bank customers have been being targeted by “phishing” scams designed to separate them from the cash in their accounts.
Phishing is a term used to describe various scams that use automated phone calls, texts or email messages, sent by criminals, to trick you into divulging personal information. Thieves use this information to access your bank account, steal your identity or take over your computer.
These types of cyber scams are on the rise across the country, according to the FBI and the Internet Crime Complaint Center. They also are getting more sophisticated.
Big 'win' became $5000 loss: An Abney Associates Tech Blog
A Christchurch woman lost $5000 in a scam after hackers cloned her best friend's Facebook account.
Maria, not her real name, was last week convinced to send the money - her only savings - by "Halbert Colb" after an online conversation with scammers posing as Kay Snee.
Instead, hackers, likely to be from overseas, had cloned Snee's profile, re-friended Maria, in her 70s, and started chatting to her.
The scammers, posing as her trusted friend, convinced Maria she had won $500,000 in a Facebook lottery. They said she would receive it after paying a $5000 deposit to a man in the United States.
Australian victims of identity crime with computer hacking: An Abney Associates Tech Blog
SO you think you’re safe online and take all the necessary steps to protect your information? Think again — your details may not be as private as you think.
More Australians than ever are falling victim to identity crime and the victims aren’t signing up to dodgy scams and being careless either.
They’re using internet banking, shopping online and sending email, actions that millions of Australians do each day without a second thought.
A startling new survey by the Australian Institute of Criminology (AIC) shows 1 in 5 Australians have had their personal information misused and 10 per cent have experienced in the past year.
Where Australia Is Still Going Wrong With Cyber-Security, An Abney Associates Tech Blog
The recently released Commission of Audit report recommends that the Australian government needs to become “digital by default“. The continued shift to digital service delivery is intended to reduce costs, improve quality of service and provide greater transparency. But it will also open up new vulnerabilities to cyber attacks that could be used to access secure and confidential data compromise the integrity of trusted authorities and disrupt critical services.
PC Speak: Abney Associates Tech Blog, Peter Hoss: Skritt å ta for å bo trygt på Internett
Det blir stadig vanskeligere å leve uten Internett. Vi oppfordres til å kjøpe produkter, betale regninger, lagre og hente informasjon på nettet. Telefonkataloger blir foreldet. Flere eldre kjøper og bruker en rekke hånd gjennomført produkter kan ikke bare ta telefonsamtaler, men også å lagre en mengde av privat personlig informasjon.
Vi seniorer vokser ikke med Internett og ofte er ikke dyktigere i å bruke den. Vi søker ofte veiledning fra våre barnebarn. Vi må lære et nytt språk på datamaskinen snakke. Denne voksende trenden av Internett-bruk er trolig fortsette raskere enn vi seniorer kan holde tritt med den. Avslår å bruke Internett på alle er ikke anbefalt, selv om noen prøver den. Vi er også sannsynlig å bli igjen i en raskt skiftende kultur.
PC Speak: Abney Associates Tech Blog Indisk FB brukernes havne i hacking egne kontoer
Noen Facebook-brukere i India ble lurt inn hacking sine egne kontoer av en lurendreier hevder å avsløre passord av deres venner.
Svindel kompromittert brukerkontoen ved å lure dem til å bruke noen kode som tar kontroll over kontoen og eksponerer sine venners data i prosessen.
"Hva skjer egentlig når du limer inn denne koden i nettleservinduet konsollen er at en rekke handlinger utføres med Facebook-kontoen din uten din viten.
PC Speak: Abney Associates Tech Blog Være proaktiv om kreditt etter brudd
Mike Rosinski, 51, vet ikke hvordan en rekke bedragerisak spenner fra så lite som $3.19 for noen merkelig antrekk i Missouri til $434.10 på en yngel er elektronikk i en annen stat havnet treffer sin Visa-kortet i midten av April.
Kanskje han spekulert at det var da en parkeringsplass dreng tok sitt kredittkort, hevdet det var ikke går gjennom og så sa han kunne parkere gratis? Kanskje det var noe relatert til får hacket i målet hendelsen sent i 2013, men det synes tvilsomt som han allerede er utstedt et nytt kort etter at en.
PC Speak: Abney Associates Tech Blog Teknologi loven vil snart bli omformet av folk som ikke bruker e-post
USAs Høyesterett forstår ikke Internett. Ler alt du vil, men når NSA, Pandora og personvern tilfeller treffer docket, mangel på teknisk kunnskapsrike på benken får skremmende
PC Speak: Abney Associates Tech Blog: What Can Go Wrong When Firms Use Your IP Address Against Fraud
All the worries stirred up by the Heartbleed security flaw highlight why it makes good sense to take precautions with personal data. But sometimes companies erect security barriers so high that they shut out even their own clients.
I recently went online to our Schwab account and requested a wire transfer. After a delay and a second request, followed by verification by telephone, several days passed without any money transfer.
Schwab then said: “In order to complete your request please go to one of our branches and bring a picture ID with you.” In a follow up call, an agent explained that the company grew suspicious based on a computer IP address — the identifying number given to a computing device — that did not match the location they expected.
PC Speak: Abney Associates Tech Blog: Protecting your identity
Globally, cybercrime costs hundreds of billions of dollars each year and it comes in many forms, from computer hacking to phishing scams.
At the forefront of the fight is the U.S. Secret Service.
While law enforcement is trying to stay on top of it, people are urged to do their part because in the end it's the consumers who will foot the bill.
A listing of stolen credit card numbers was found last month when authorities searched two homes on Quiet Way in Louisville.
"I'll be pretty conclusive -- it probably came from a recent data breech," said Paul Johnson with the U.S. Secret Service. "In this case we hit the mother lode."
According to Johnson, who heads up the Louisville Secret Service Office, the paperwork, an encoder, and a laptop -- everything needed to wreak havoc on someone's credit -- were in a child's backpack.
"Stolen credit card numbers get re-encoded on a re-encoding device. You go to a legitimate store and you want to start buying as many of these as you can," Johnson said.
PC Speak: Abney Associates Tech Blog, Online fraud risks: protect yourself
The internet is such a part of everyday life that we don't even think about it any more. It's no more exotic and unexpected than having water coming out of the taps. However, unlike the water coming out of our taps, the internet isn't always pure and clear. And by using it without taking the proper precautions, we could find ourselves becoming the victims of online fraud.
So how can we protect ourselves?
CIFAS, the UK's fraud prevention service, discovered that in the last year, card fraud and identity theft had surged - with over 125,000 separate instances. A significant proportion of these frauds are perpetrated because people don't take sufficient precautions online. So what do you need to be aware of, and how can you protect yourself?
PC Speak: Abney Associates Tech Blog, Hacker claim about bug in fixed OpenSSL likely a scam
Hackers claim to have found a new vulnerability in the cryptographic library as serious as Heartbleed, and are selling it for 2.5 bitcoins
Security experts have expressed doubts about a hacker claim that there's a new vulnerability in the patched version of OpenSSL, the widely used cryptographic library repaired in early April.
A group of five hackers writes in a posting on Pastebin that they worked for two weeks to find the bug and developed code to exploit it. They've offered the code for the price of 2.5 bitcoins, around $870.
PC Speak: Abney Associates Tech Blog: Online Debit, Credit Fraud Will Soon Get Much Worse
I’m not much of a Nostradamus, but one thing I can predict with near certainty is that this time next year we are likely to find ourselves witnessing an all-time high in the rate of online credit and debit card fraud. Ironically, that surge in online theft will be the result of efforts to make the offline use of credit and debit cards more secure.
By Oct. 1 of next year, retail establishments are supposed to be able to accept new credit and debit cards that have a chip embedded and require the use of a PIN when making purchases at the checkout counter. The point is to make the cards smarter so that financial institutions can better detect fraudulent usage. Requiring a PIN clearly adds a layer of identification and protection that can deter such fraud.
Abney Associates Tech Blog, Cellphone banking fraud at record high
JOHANNESBURG – Internet banking fraud perpetrated via cellphones was at its highest to-date level in 2013, a report out Wednesday from the banking ombudsman revealed.
Cellphone phishing accounted for 46% of the total internet banking-related complaints received by the ombudsman in 2013, a 27% increase on 2012.
Cellphone phishing involves fraudulent e-mails and text messages being sent to unsuspecting bank customers in an effort to extract confidential internet banking credentials.
According to Nicky Lala-Mohan, a board member of the Ombudsman for Banking Services (OBS), SIM swaps will become a bigger problem going forward. “The fact that cellphone companies are also implicated creates additional liability,” he said at a media discussion following the release of the OBS’s 2013 annual report.
SIM swapping is where an individual (in this case the fraudster) replaces a SIM card on a particular cellphone number so that all bank communication is directed to the replacement SIM card, such as once-off passwords used to transact via internet banking.
Johan Conradie, investigations manager at the OBS, said that no sooner had banks advanced security to combat SIM swaps, were fraudsters teleporting numbers from one cellphone service provider to another.
Where there was negligence on the part of cellphone companies, the ombud referred cases to the Independent Communications Authority of South Africa (ICASA).
ATM fraud climbs
Of the 4 613 cases opened by the ombudsman in 2013 (2012: 4 450), 37% were related to fraudulent ATM transactions – a 6% year-on-year increase.
Internet banking accounted for the second highest number of cases opened per category, at 17%. This was followed by mortgage finance at 12% (a 5% drop since 2011) and credit cards and personal loans, which each held 7% of cases opened.
Fraudulent ATM transactions accounted for 23% of all the complaints received by the ombudsman’s office, but only a third of these cases found in favour of complainants, as they were most often the fault of bank customers.
For instance, cases where a customer unwittingly allowed someone to assist them at an ATM or peer over their shoulder and view their personal identification number (PIN), as well as where ATM machines were tampered with so that customers left their cards in the machines in the belief that they had been swallowed.
Lala-Mahon said that the increase in ATM-related fraud was opportunistic, “like cash-in-transit heists were a few years ago”, before police and vehicle intelligence curbed it.
He noted that banks were increasing physical security measures and controls around ATMs and said that new-generation ATMs were more sophisticated and could determine, for example, whether notes inserted into them were counterfeits.
Complaints against Capitec jump
“The internet banking onslaught against Capitec continued well into 2013, increasing the number of complaints against the bank,” commented Edrich Buytendorp, case processing and assessments manager at the OBS.
Capitec had 867 files opened against it in 2013, an increase of 615 from 2012, when it had just 252 cases. Buytendorp said this was also on account of its growing customer base and that in many cases Capitec accounts were the beneficiaries of fraud perpetrated at other banks.
Conradie explained that fraudsters often opened accounts for the sole purpose of facilitating fraud. “Where banks fail to act in line with their duty of care when opening accounts, or don’t stop accounts timeously after fraud has been reported, they could be held partly or fully liable for damages suffered by the customer,” he noted.
In one case, the bank partially compensated a customer where it had failed to stop a card immediately after it was notified of ATM fraud. The delay on the part of the bank allowed a third transaction to go through, which the bank refunded to the affected customer.
Cases opened against Standard Bank, which increased to 980 in 2013 (2012: 845), were largely ATM-related. Buytendorp noted that this was not an indication that there was something wrong with Standard Bank’s ATMs.
“Fraudsters target different banks at different times and in different ways. So when one bank improves security in one area, they will target another bank in that area,” Conradie explained.
Cases opened against Absa were down from 1 335 in 2012 to 970 in 2013. FNB also saw complaints fall, to 927 (2012: 1 260), while complaints against Nedbank climbed by 40 to 688.
Forty per cent of cases closed in favour of complainants, down 2% from 2012.
“This is attributable, in large, to the fact that many complainants were simply debt-stressed and others were victims of fraud. In these instances, there was no maladministration on the part of the bank,” the OBS report notes.
The ombud closed 5 134 cases in 2013, a considerable amount more than the 4 450 cases it closed in 2012. Forty-six per cent of the cases were closed within two months (2012: 44%).
The office awarded R23 million to complainants, an increase of R6.6 million on 2012. This was due to the larger number of cases closed in 2013, as well as bigger awards being made in ATM (R3 million), internet banking (R10 million) and mortgage finance (R4.5 million) cases.
Banking ombudsman Clive Pillay said that the OBS’s turnaround times were largely unmatched by global banking ombuds. The only ombud with a better record is in Canada, where fewer than 300 complaints were handled in 2013.
weblink:
http://www.moneyweb.co.za/moneyweb-financial/cellphone-banking-fraud-at-record-high
try this:
http://pinterest.com/jamesassoc1/abney-and-associates/
http://abneyandassociates.blogspot.com/
Abney Associates Tech Blog, Online fraud – why Heartbleed isn’t the only cyber threat
More than a decade ago, I attended an excellent talk by well-known cryptographer and security expert Bruce Schneier, where his key point was that there was nothing new under the sun when it came to security issues.
Yes, the scary stuff happening on the internet at the time, involving hackers and algorithm-cracking and malware, might seem particularly alarming because it was, or seemed, as if it had never been seen before. But actually, he argued, it was all the same old crimes, just done with new tools. Theft, identity-stealing, fraud – they’d all be familiar to a Roman.
Every time I attend a security event, or, as last week, the launch of a security report, his point comes to mind, as it puts the latest trends in malware, or the most recent outrageous hacker exploit, in a useful context. It isn’t so much what’s being done, as how it’s being done. And that, as I discovered way back when I stumbled into my first security conference in Silicon Valley and was hooked like a phishing victim, is endlessly inventive and fascinating.
And so it was, out at Symantec’s security centre in Dublin, as researchers talked through Symantec’s 2014 Internet Security Threat Report , which looks back over key developments in 2013.
Hence Heartbleed, the internet security bug that has made headlines this month, didn’t feature at all. But there were many bizarre and intriguing developments.
I found particularly fascinating a discussion on some of the potential ways to get money out of an ATM.
Most ATM crime still involves boring old “skimming”, the practice of getting hold of people’s account information, generally using some sort of card reader, coupled with a secret camera for recording passwords.
But, said Symantec security operations manager Orla Cox, in South America and more recently the US, groups are beginning to use malware to attack ATMs. They open up the front of the machine by picking the lock or using a duplicate key, then use the USB port on the machine’s computer innards to launch malware.
click here:
http://abneyandassocia.livejournal.com/
https://twitter.com/Abney_and_Assoc
Abney Associates Tech Blog, Zeus Malware: A Continuing Threat
The indictment of nine alleged participants in a fraud scheme that involved infecting thousands of business computers with Zeus malware to steal millions of dollars shows that the malware remains a formidable ongoing threat, financial services security experts say.
The victims in the case included a Nebraska bank and a Nebraska company, according to an announcement of the indictment from federal prosecutors. The indictment was unsealed in connection with the April 11 arraignment of two Ukrainian nationals, who were recently extradited from the United Kingdom. Three other Ukrainians and a Russian have not yet been arrested; the indictment also names three other "John Doe" defendants.
"These actors are only a few of those who operate Zeus botnets out of a sea of cybercriminals who use variations to commit fraud," says Ryan Sherstobitoff, a threat researcher at security vendor McAfee, a unit of Intel. "Zeus will always be a continuing threat, and cybercriminals will continue to use Zeus to steal money. We as an industry must be vigilant."
Kevin Haley, security response director at security vendor Symantec, says the indictments won't put much of a dent in the use of the malware. "Zeus is not a gang; it's a toolkit, a very popular one used by many gangs," he says. "While today there is one less gang, there are still plenty of others using Zeus to attack us."
Andreas Baumhof, chief technology officer at anti-fraud vendor ThreatMetrix, says that when it comes to fighting fraud, the latest indictments are "like taking a scoop of sand out of the beach.
"The thing about Zeus is that the people who develop and distribute Zeus are not the same people who use Zeus to steal money," Baumhof says. "Now we have a couple less people using Zeus."
Zeus is a continuing threat because many financial institutions aren't looking necessarily for the malware itself, says George Tubin, banking expert at anti-malware provider Trusteer. "What [banks] are trying to do is use different authentication means and different fraud prevention technologies to try to spot when fraud happens," he says. "But very few institutions are actually trying to identify when man-in-the-middle malware [such as Zeus] is being used."
check over here:
http://www.bankinfosecurity.com/zeus-malware-continuing-threat-a-6751/op-1
Click This Link
http://www.scribd.com/abney_and_associates
https://foursquare.com/p/abney-and-associates/46489475
Abney Associates Tech Blog, Online Debit, Credit Fraud Will Soon Get Much Worse. Here's Why.
I’m not much of a Nostradamus, but one thing I can predict with near certainty is that this time next year we are likely to find ourselves witnessing an all-time high in the rate of online credit and debit card fraud. Ironically, that surge in online theft will be the result of efforts to make the offline use of credit and debit cards more secure.
By Oct. 1 of next year, retail establishments are supposed to be able to accept new credit and debit cards that have a chip embedded and require the use of a PIN when making purchases at the checkout counter. The point is to make the cards smarter so that financial institutions can better detect fraudulent usage. Requiring a PIN clearly adds a layer of identification and protection that can deter such fraud.
How do we know that this effort to increase security at the point of sale is going to actually drive online fraud? We already saw it happen in Europe.
Related: Preventing Another Target Attack
In 2002, European financial institutions starting rolling out these very same cards and point-of-sale terminals. We call this technology EMV (Europay, MasterCard and Visa). Financial institutions intend to make EMV a global standard for authenticating credit and debit card transactions using integrated chip technology.
This technology has now been partially or fully deployed in about 14 countries and regions, including most Asian Pacific nations, all of Europe, most of Latin America and the Caribbean. Every country and region in which EMV has been deployed has seen a corresponding surge in online fraud.
Four years after beginning the deployment of cards and new point-of-sale terminals, about 99 percent of businesses and consumers were utilizing EMV. No doubt the cards were effective at cutting offline abuse. Before EMV, Europe saw fraud losses in stores of about 13 basis points of net sales. After EMV, the offline fraud rate plummeted to just 3.5 basis points, according to Douglas King in the study, “Chip-and-Pin: Success and Challenges in Reducing Fraud.”
However, the online world was a fraud nightmare. Online credit and debit card fraud rates more than doubled from the pre-EMV days. In 2004, Europe had an online credit and debit card fraud rate of 25 percent. By 2010, the rate had soared to 64 percent. Further, the European Central Bank’s February 2014 report on card fraud found that card-not-present (CNP) payments, i.e. payments via the internet, post or phone, were the source of 60 percent of total fraud incidents across Europe in 2012. With about $1.1 billion in fraud losses in 2012, CNP fraud showed the highest growth rate, up 21.2 percent from 2011, and analysts project this growth rate will continue to increase in 2013 and 2014.
Related: Better Late Than Never? Target Accelerating Program to Detect Credit-Card Fraud.
Making credit and debit cards smarter made the crooks smarter. They stopped using cards with EMV technology in brick-and-mortar stores. Even the thieves knew that using one of the new EMV cards in a store was quickly going to get the card shut down.
So they doubled their efforts at stealing online, where the chips in cards did no good when all that was required were card numbers. Additionally, the bad guys shifted more of their nefarious online activity to foreign countries where it’s even harder to tell a legitimate card user from a thief.
When EMV technology was established, the crooks also started targeting debit cards over credit. Most debit cards use the magnetic stripe and therefore behave like credit cards without the chip and pin, making it easier for fraudsters to exploit both offline using the swipe and online using the debit card number.
Some will probably ask why online retailers don’t just require a PIN for all purchases as in-store clerks do with EMV. We may see more of that kind of adoption here in the U.S. than we’ve seen in other countries that saw this surge in online fraud, even as offline fraud declined. However, putting any barrier to check out in the ecommerce world means a lot of full shopping carts that never make it to purchase.
We’re all just going to have to be a lot more vigilant about how and when our cards are used. My financial institution now emails me every time one of my cards is charged. I can even set limits so I only get notified for charges more than $25.
But something tells me I’m going to be sitting in my living room in California when I get an email notifying me I just bought a couch in Russia. Let’s just hope I’m no Nostradamus.
weblink:
http://www.entrepreneur.com/article/233199
try this out:
https://plus.google.com/b/116164595270606535651/116164595270606535651
http://abneyandassociates.tumblr.com/
Abney Associates Tech Blog, 3 work-at-home online jobs that aren’t scams
Many people see working at home as the Holy Grail of job perks and thanks to the Internet it’s totally possible. Whether you want a full-time job or just want to make a little extra money on the side, the options are there if you know where to look.
Here are three jobs that you can do from home – and the site and tools you need to make them happen.
But first, I should mention that a lot of “work from home” jobs you’ll find online are scams. You really need to be alert when searching.
Here are some quick guidelines:
• Always make sure the company is legitimate and has a solid online history.
• Watch out for jobs that promise outrageous amounts of money a week or month.
• Never pay any money – such as application processing fees – up front.
• Never give out personal information in your application that a typical company wouldn’t ask for.
• Do your research.
With those caveats in mind, let’s look at some jobs.
weblink:
http://www.komando.com/tips/248655/3-work-at-home-online-jobs-that-arent-scams
visit this:
http://www.facebook.com/pages/Abney-and-Associates/135106286651750
http://abneyandassociates.blogspot.com/
In a prying world, news organizations are struggling to encrypt their online products
The old-fashioned newspaper, long maligned for its stodginess and sagging profits, has one advantage over high-tech alternatives: You read it. It never reads you.
The digital sources that increasingly dominate our news consumption, by contrast, transmit information across the fundamentally public sphere of the Internet, leaving trails visible to anyone with the right monitoring tools — be it your employer, your Internet provider, your government or even the scruffy hacker sitting next to you at the coffee shop, sharing the WiFi signal.
This is why privacy advocates have begun pushing news organizations, including The Washington Post, the New York Times and the Guardian, to encrypt their Web sites, as many technology companies increasingly do for e-mails, video chats and search queries.
Abney and Associates Tech Research: Bitcoin gets easier to buy and spend
It's getting easier for consumers to buy and spend bitcoin, the cybercurrency that has captured much of the tech world.
With each passing month, Bay Area entrepreneurs are rolling out new technology for consumers to buy and store bitcoin, shop online with the virtual currency and send it to friends. Last week, a bitcoin ATM was unveiled in Mountain View -- put in a few hundred bucks, out comes a bitcoin. And more retailers -- from consumer electronics to coffee roasters and pizza delivery -- are accepting bitcoin, making it easier for consumers to choose the Internet currency over dollars.
"It's all about to change over the next 12 to 24 months," said Marshall Hayner, a San Francisco entrepreneur who this month will launch bitcoin app QuickCoin. "We are going to see all kinds of people adopt it. It's going to power transactions on the Internet."
Abney and Associates Tech Research: The Credit Card of Tomorrow
SINCE the 1970s, paying with plastic has been pretty standard everywhere: Customers swiped their cards, signed receipts and took home their purchases.
But after security breaches at Target late last year led to the loss of personal data from as many as 110 million customers, the financial industry is racing to adopt technologies that will alter that decades-old ritual.
Driven largely by security concerns, credit card companies and issuers say they are working to make the system as consumers know it obsolete through smart chips and advanced computer programming.
Abney and Associates Tech Research: Bitcoin Regulation Roundup
Rumours, Court Cases and Taxing Times
Regulatory attitudes towards crypto currencies around the world are shifting. Hardly a day goes by without a central bank issuing a warning on the digital currency. However, it’s not all bad news – as some authorities are taking a much more positive approach.
In CoinDesk’s regulation roundup, Certified Public Accountant and ACFE Certified Fraud Examiner Jason Tyra examines the most significant digital currency news from the world’s regulators and law courts over the past two weeks.
Abney and Associates Tech Research: If you block ads, then websites may block you
Adblock Plus wants you to sign its acceptable ads manifesto, but general counsel for a large advertising bureau called it a ransom before warning if you continue to block ads then websites may block you from accessing their content.
While it's mostly tech-savvy surfers who install Adblock Plus browser plug-in, an advertising bureau suggested that websites will fight ad-blocking by blocking the content with an error message or a paywall if you use an ad blocker.
BagTheWeb Recommends
Related Bags (0)
No bags have been linked.
BagTheWeb Suggests

Dyman & Associates Risk Management Projects
Dyman & Associates Risk Management Projects utilizes its decades-old track record in cyber security to provide protection for your employees, intellectual property, and other precious assets. Our consultants not only have many years of experience, but are also dedicated to the regular honing of their skills and keeping current on the innovations in...

Micron Associates Travel Guide
Welcome to the most exciting list of tourist attractions and travel destinations around the world. Our directory helps you find information and reviews about activities from sites all around the world that offers different places of interest and types of recreation. Drill down into the locations below to find out more about each place and see how the...

The Peterson Wellness Group
The Peterson Group is a non-profit organization with an aim to create awareness to the public on the wide spread of alternative medicines and its incorporation with evidence-based medicines that have been used in substitute for scientifically based medicines.

The Corliss Group Luxury Travel Agency
The Corliss Group has remained in the top five for sales annually for Crystal Cruises. The Corliss Group offers you, the traveller, Experience, Excellence, Expertise, and most of all, Superior Service both domestic and international tour and even cruise adventure.

Insomnia Solution
Sleeping tablets and pills like Zopiclone, Ambien, Diazepam and Xanax for the treatment of insomnia