Skip to main content

The WiKID Blog

Viewing posts tagged Phishing and Fraud

reason-for-drop-in-cost-of-e-crime-now-clear

I have always been puzzled as to why the total cost of e-crime dropped in the most recent CSI/FBI crime survey. Now the reason is clear: online crime is no longer predominately the purvue of lonely teens seeking self-esteem, it is increasingly being propogated by organized crime gangs selling access to 'owned' machines. Since they only need 5,000-10,000 machines per sale, that is all they get. If they got more than that it increases the possibility of exposure, reducing the value of those machines.

sec-creates-extortion-scheme-opportunity

Following up on my recent post about the bizarre action of the SEC of punishing companies that are victims of pump-and-dump spam. Paul Moriarty, director of product development for Internet Content Security at Trend Micro has pointed out that suspending the stocks created a denial of service/extortion opportunity:

"Pretty soon, you'll start seeing extortion schemes. The spammers will simply call up a company and demand money on the threat of a pump-and-dump spam run. Think about it, a spammer now has the power to control which stocks are suspended by the SEC," Moriarty warned.
Of course, one hopes, that if the company can show it is been extorted, the SEC will realize the errors of its ways.

short-sighted-critiques-of-two-factor

There are two things to keep in mind when discussing two-factor authentication:

sitekey-study-released

And the results are not good.

“The premise is that site-authentication images increase security because customers will not enter their passwords if they do not see the correct image,” said Stuart Schechter, a computer scientist at the M.I.T. Lincoln Laboratory. “From the study we learned that the premise is right less than 10 percent of the time.”
The article also points out that perceived user convenience is more important than security:
Banks immediately knew what they did not want to do: ask customers to download new security software, or carry around hardware devices that feed them PIN codes they can use to authenticate their identities. Both solutions would add an extra layer of security but, the banks believed, detract from the convenience of online banking.
This is a problem, though, because their opponent is more than willing to install software on the user's computers. Moreover, they are willing to attack an ISP's computers in the middle. This asymmetry will cause problems for financial institutions.

spear-phishing

IBM released the results of a security study showing a dramatic increase in phishing attacks that target specific individuals and institutions have increased dramatically.

Recent Posts

Archive

2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom