New Tricks in Online Fraud

Amuleek Bijral, Country Manager — India & SAARC RSA, The Security Division of

EMC

Online criminals consistently build upon techniques to conduct online attacks

against financial institutions, to refine the fraud supply chain, and to find

new opportunities for financial gain in areas outside the consumer realm. They

work to mock the legitimate world of business by staying innovative, competitive

and organized. However, there are methods to help mitigate and prevent the

resulting losses caused by successful online attacks, through layered security.

The fraud analysts at the RSA Anti-Fraud Command Center have compiled a list

of techniques likely to be adopted by cyber criminals in the near future. Let's

take a look.

Money Muling: Preying upon the innocent



A money mule within the fraud supply chain is a person works on behalf of an

online criminal. They happen to be the innocent players within the fraud supply

chain. The combination of money mule recruitment networks and “mule herders”

(managers who control a network of mules) is a specialized cashout service

offered for sale within the fraud underground. In 2008, we observed numerous

mule recruitment scams sent via spam attacks that directed people to

professional-quality websites that offered allegedly legitimate jobs to perform

money transfers. These websites lured people to apply for a position described

as a "money transfer agent" or "regional manager.” This brings honest people

into the fraud and money laundering cycle. Mules move cash that originates from

compromised bank accounts, from one online criminal to the other. Depending on

the amount of money laundered, a mule will receive a small percentage for

compensation.

As a result of the weakened economy, money mules will be easier to recruit

over the next year or two until there is a significant growth in new job

opportunities. To leverage the growing unemployment rates, more money muling

operations will develop over the next year. The continuing economic slump means

more people will be looking for jobs and will be less selective in the jobs to

which they apply. This will enable more people to be recruited as money mules

and keep this part of the supply chain fully active.

Consolidation of 'traditional' phishing and malware attacks



In April 2008, we discovered a new technique that merged classic phishing

and malware content and related tactics. The Rock Phish group was the first to

pioneer this double-vector attack when they used both phishing sites and the

Zeus Trojan to attack and infect online users. Upon receiving the fraudulent

correspondence, victims of these attacks were directed to phony websites that

solicited personal information. Concurrently, the Zeus Trojan infected their

computers. As a result, even if the online user did not fall for the phishing

scam and divulge personal details on the website, the Trojan would later steal

information that was transmitted while the victim interacted with other

websites.

As online banking users have become more educated about cyber crime and the

risks they face by providing personal information on financial institutions'

websites, criminals have had to develop alternative ways to dupe them. By

leveraging spammed emails designed to initiate a phishing attack and direct

unsuspecting users to a website infected with malware, criminals can achieve

greater results. This way, a computer infected by a Trojan via this attack

method helps to ensure that fraudsters can gain access to personal information

without requiring online users to submit their information themselves.

The volume of phishing attacks during 2008 grew 66% over those detected

throughout 2007. Despite heightened awareness among online banking users,

phishing remains a popular platform for fraudsters as it has a very low

execution cost, can reach broad sets of users, and requires limited technical

expertise to set up. For these reasons, the rate of phishing attacks will

continue to increase throughout 2009 and beyond. And while silent "drive-by

download" infections (in many cases, planted within legitimate web pages) is a

leading Trojan infection method, we anticipate an increase in combined phishing

and Trojan attacks. Socially engineered online attacks using spammed email that

contain information on popular societal issues will also serve as an additional

way to direct unsuspecting user to malware infection sites.

Enterprise fraud will increase



Enterprise fraud is still in its infancy and online criminals are just

starting to realize the potential benefits of it. We have witnessed many

incidents of enterprises of all kinds that have been targeted unknowingly. For

example, fraud analysts have uncovered VPN and web mail account credentials

within online criminal's drop zones during the credential recovery process. We

have also witnessed transactions occurring among fraudsters such as the

solicitation of e-mail addresses for top executives at the US corporations at

the offered price of $50 each. This is indicative of the likelihood that there

will be an increase in the number of spear phishing incidents in the coming

year. Spear phishing is a targeted form of online attack directed at those with

access to high-value accounts, applications and business information — quite

often the targets are business executives.

We expect to see an increase in enterprise fraud in the next 12 — 18 months.

This is a nefarious threat as online criminals stand the chance of gaining

access to sensitive corporate data such as intellectual property and business

plans.

Layered security is the best protection



Staying a step ahead of online criminals and being prepared to address new

threats as they come knocking at the door is critical to fending off fraud.

Financial institutions should consider instituting a layered approach to

security which is critical to lowering the overall risk posed by online crime. A

layered security approach has three core elements:

Understand the threat landscape: Financial institutions must understand the

threats that are targeting their business and the relative risks they pose. By

doing so, they can mitigate the risk of online fraud or even prevent it from

occurring at all. By gathering and sharing intelligence and developing a broad

knowledge of potential threats, financial institutions can better evaluate their

own vulnerabilities and implement security solutions to address them.

Use multi-factor authentication to protect login: User name and password

authentication is not enough to protect access to sensitive data with the

advanced nature of today's threat landscape. Moreover, many countries have

imposed regulations requiring organizations to protect access to user accounts

and personal information with a second form of strong authentication.

Multi-factor authentication is essential to prevent unauthorized access to a

user's sensitive and personal data.

Monitor transactions and activities that occur post-login: Beyond

authentication solutions that challenge users to assure their identity at login,

financial institutions should consider implementing a transaction monitoring

solution that analyzes and challenges high-risk transactions after login has

occurred. Transactions typically require more scrutiny and pose more risk to

organizations and their customers than just the act of logging in to an account.

Transaction monitoring can help identify suspicious post-login activities and

mark them for further review.