Skip to main content

The WiKID Blog

Viewing posts tagged Phishing and Fraud

7-easy-steps-to-maximizing-your-fraudulent-stock

The SEC has noticed a dramatic rise in fraud against online brokerage accounts. This is a very interesting article in that it shows how an attacker can take over accounts and make money without necessarily removing money from those accounts. All they need is a couple of "legitimate" account that the fraudsters open, a thinly traded small-cap stock and to control a couple of pwned accounts with enough money to manipulate the targeted stock. The article describes "pumping" as using pwned accounts to drive up the price of stocks that you hold. However, you can also make money on the way down:

dhs-predicts-more-brokerage-attacks

The DHS is joining in on one of my earlier predictions: Brokerage accounts will be increasing targeted in the coming year. According to their post they are tempting accounts because they typically have more money in them. Further, typical anti-fraud transaction analysis doesn't really work because of the infrequency of transfers.

I'm convinced that brokerage accounts and other heavy transactions accounts will need cryptographically secure transaction authentication in addition to session and host/mutual authentication.

us-banks-given-authentication-deadline

From Finextra. Looks like two-factor authentication is coming to a bank near you.

brand-damage-stock-price-and-cockroaches

Brand Damage versus Corporate Competence

Yesterday, Tim Erlin had an interesting and very thought provoking post about breach and brand damage.. Tim rightly takes offense at the idea of the infinite "brand damage" often used to sell information security products. With as little as infosec geeks know about marketing, it's probably best to avoid that phrase altogether. A "brand" is a nebulous idea at best and security probably does not matter at all in most brands. I think it is also hard to try to tie stock performance to brand value. There a lots of great stocks that sell commodity goods. If Exxon/Mobil had a security breach when oil was at $30/barrel, how would you measure the impact of the breach as oil goes to $60?

banks-seek-tighter-security-from-vendors

According to today's WSJ, 6 big US banks and BITS will announce security standards for their vendors. This action shouldn't come as a surprise, since the banks are essentially following in the footsteps of VISA and Mastercard and their CISP/PCI standards that attempt to secure the credit card industry - especially since the banks own VISA and Mastercard.

Recent Posts

Archive

2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom