Articles

Dark Reading reports a new fraud campaign aims to separate users of Facebook, Google Mail, Hotmail, and Yahoo from their debit card data. A series of attacks is being carried out by a P2P variant of the Zeus platform against some of the Internet’s leading online services and websites according to Amit Klein, CTO of Trusteer. The attacks come disguised as offers for great rebates or hot new security functionality. But in reality, the scams exploit the trust relationship between users and these well-known service providers, as well as the Visa and MasterCard brands, to steal users’ debit card data. Each of the social engineering attacks differs slightly in its execution. In the case of Facebook, for example, the scam offers people a 20% discount if they link their Visa or MasterCard details to their Facebook account. The scam claims that after registering their card information, the victim will earn cash back when they purchase Facebook points. A fake Web form then requests that the user enter their debit card number, its expiration date, as well as their security code and PIN.

CSO Online reports the UK’s adoption of security technologies including Chip & PIN has resulted in marked drops in credit and debit card fraud in the last four years and set an example other European countries should follow, based upon data from analytics firm FICO. Using information from Euromonitor International, the peak year for all types of UK plastic fraud was 2008. Despite the UK’s falling levels it is clear that fraud levels in the country had reached extraordinary levels in the last decade for a country of 62 million people, many times higher than Germany, a country with a population of 81 million. This suggests that banks were slow to get on top of the issue until the credit crunch focused minds on the unacceptable level of UK losses. Despite investment, the UK remains a card fraud hotspot. The effect Chip & PIN has had on overall fraud is also open to some interpretation. First introduced in 2003, fraud levels continued to rise until 2008, which hints that other anti-fraud measures (such as transaction checking and verification) have probably had the biggest effect. More likely, Chip & PIN caused a change in the type of fraud after banks invested in the sort of transaction checking and modeling that was non-existent a decade ago when the problem first emerged.

The Strongsville Patch reports two men from Canada were caught putting data skimming devices on several First Merit ATMs in the area last week, raising concerns about the high-tech method of credit card fraud. Detective Lt. John Janowski said no one in Strongsville has reported being a victim of card skimming. With this type of high-tech skimming, thieves equip ATMs with false card readers that send them your data by text message. Customers swiping their cards at the money machine or a gas pump would be hard-pressed to see the phony reader. Bath police Chief Michael McNeely said an investigation found the men had placed the skimmers on several First Merit machines in the area. He believes the men are tied to an organized effort out of Canada.

SC Magazine reports a lead figure in what’s considered to be the largest cyber crime bust in history was sentenced recently to more than five years in prison. Nichole Michelle Merzi, 26, of Oceanside, Calif., played an integral part in what authorities code-named “Operation Phish Phry,” an international phishing ring that looted more than $1 million. Merzi, who has been in custody since she was convicted last year of bank and wire fraud conspiracy, aggravated identity theft, computer fraud conspiracy and money laundering, was found guilty of all charges by a district judge, according to a statement released by the Federal Bureau of Investigation.

RTE News Ireland reports there has been a 24% increase in the level of credit and debit card fraud in the last year. In 2011 card fraud cost over €25m with most of the card fraud taking place online or over the telephone. Nine out of ten fraudulent credit card transactions happened without the card being present – where the card number was used either online or over the phone. Card skimming only accounted for 8% of credit card fraud. A small number of fraudulent transactions happened with a lost or stolen card, or one that had been intercepted in the postal system. Once the card details had been illegally accessed, almost half of the fraudulent spending took place in the UK (47%), with 18% of fraudulent transactions taking place in the USA and 12% in Ireland.

RTE News Ireland reports there has been a 24% increase in the level of credit and debit card fraud in the last year. In 2011 card fraud cost over €25m with most of the card fraud taking place online or over the telephone. Nine out of ten fraudulent credit card transactions happened without the card being present – where the card number was used either online or over the phone. Card skimming only accounted for 8% of credit card fraud. A small number of fraudulent transactions happened with a lost or stolen card, or one that had been intercepted in the postal system. Once the card details had been illegally accessed, almost half of the fraudulent spending took place in the UK (47%), with 18% of fraudulent transactions taking place in the USA and 12% in Ireland.

The Herald News reports 46 people were arrested in 60 raids for credit card fraud. It was a theft allegedly carried out on a massive scale, with military precision, and it repeatedly victimized the holders of debit and credit cards. Two-dozen “runners” would allegedly be on standby at different ATM machines in the wee hours of the morning, awaiting a call from a ringleader. Upon getting the green light, they would start withdrawing money simultaneously from different machines, using cloned bank cards. Police say it would only take five minutes. On just one such occasion, 79 bogus cards were allegedly used to make 203 transactions at 23 different bank machines – with the accused thieves getting away with $30,000. The RCMP says that scam was being replayed multiple times each week in the Montreal area, as it announced a series of arrests of alleged members of a $100 million debit- and credit-card scheme that had international ties. The alleged criminal group is believed to be associated with accomplices in Vancouver, as well as others operating in countries such as Australia, New Zealand, Malaysia, Tunisia and England.

CU Info Security reports banking institutions and their customers need to be aware of a new online retailer data breach. New York-based clothing and shoes retailer Opening Ceremony has reported a breach of its global online boutique that likely compromised payment card details of customers who purchased products online between Feb. 16 and March 21, 2012. Opening Ceremony CEO Carol Lim disclosed in a letter sent to affected customers that the hacker may have accessed the names, addresses, and credit card information of customers who purchased an item on their website during this period. Opening Ceremony has yet to provide details about the number of accounts exposed and exactly how the breach occurred.

SC Magazine reports the Internet Crime Complaint Center received more than 310,000 complaints last year, representing a 3.4 percent spike over the previous year, according to the entity’s annual report. Complainants reported more than $485 million in losses, many related to identity theft, advance-fee schemes and ruses in which victims are targeted via email by someone posing as an FBI agent. More than 14,000 people reported being conned by the latter, resulting in losses of more than $3.5 million. The IC3, a partnership of the FBI, National White Collar Crimes Center and Bureau of Justice Assistance, advised users to avoid opening unsolicited emails and to be wary of individuals who only accept cash or request payment up front. Alaska, the District of Columbia and New Jersey were the source of the most complaints on a per-capita basis.

Dark Reading reports if it’s malware, it’s more than likely a Trojan. New data found that four out of five new malware samples are Trojan programs, and there were 6 million new pieces of malware created in the first quarter of this year alone. Last year, Trojans represented about 73 percent of all malware, according to PandaLab’s Quarterly Report for Q1. Worms were the second-most common form of malware in the first quarter of this year at 9.3 percent, followed by viruses at 6.43 percent, adware at 2.89 percent, and other malware at 0.6 percent. Worldwide, the average number of infected PCs is 35.51 percent, a drop of 3 percent since 2011. China is home to the most infected PCs, with 54.1 percent of its desktops infected, followed by Thailand (47.2 percent) and Turkey (42.8 percent). European nations tend to have the fewest infected machines, with Sweden as the cleanest, with less than 20 percent infected computers. Japan has less than 30 percent of its computers infected.