Firewalls Up, Security On
This is no time to become complacent over computer security and banks need to continually remind customers of this. Software that is written to commit crimes, "crimeware" if you will, such as identity theft, is growing. From November to December 2005 the number of sites used to distribute crimeware nearly doubled to 7,197. This is according to a report issued recently by the Anti-Phishing Working Group (APWG).
David Jevans, APWG Chairman, said, "The speed, precision and massive scale by which the phishers were able to identify and exploit this vulnerability for criminal enterprise highlights the fact that the eCrime industry has reached a level of efficiency that has the potential to threaten the larger online economy."
The recent Windows Meta File vulnerability made it easier for these malicious programs. Your bank should have executed its patch management program already by downloading, and installing the software to fill this hole. Microsoft releases patches the first Tuesday of each month. More often if necessary. Have you reminded your customers to install all security patches?
It was a Trojan horse that a gang of hackers in Brazil used to steal money. On February 15, 200 police there executed 65 arrest warrants in Campina Grande and six other states. These hackers used the Trojan horse to obtain bank account numbers, user names and passwords to steal $6.38 million.
The leader, a 19 year old, was one of those arrested. Five of the gang members arrested were minors. Police are still looking for 24 more members.
And closer to homes in the US, everything old is new again. I remember when scammers would make evening calls and tell the person on the other end that "you won if your Visa account starts with the number 4." The other scam was if your MasterCard started with a "5" and yes, they all do.
Spear phishing expeditions in Salt Lake City, Utah have increased. This is a phishing attack with a narrow market. Mountain America Credit Union customers received an email that they were automatically enrolled in the Verified by Visa program. Many customers have heard about this and know that it promotes security. The email however, revives part of the old scam and tells them the first five digits of the card that is now in the program. Yes, they all have those same first five numbers, but the customers don't know that and this adds legitimacy to the email. Adding even more validity is that the site the email links the customer to, so that they can activate the new security feature, has Secure Socket Layer (SSL) security. We've mentioned this before on BOL and while it isn't common yet, it is happening. So the customer sees the "gold lock" in the browser and the "https" in the web address and believes they are in a valid site.
David Jevans, APWG Chairman, said, "The speed, precision and massive scale by which the phishers were able to identify and exploit this vulnerability for criminal enterprise highlights the fact that the eCrime industry has reached a level of efficiency that has the potential to threaten the larger online economy."
The recent Windows Meta File vulnerability made it easier for these malicious programs. Your bank should have executed its patch management program already by downloading, and installing the software to fill this hole. Microsoft releases patches the first Tuesday of each month. More often if necessary. Have you reminded your customers to install all security patches?
It was a Trojan horse that a gang of hackers in Brazil used to steal money. On February 15, 200 police there executed 65 arrest warrants in Campina Grande and six other states. These hackers used the Trojan horse to obtain bank account numbers, user names and passwords to steal $6.38 million.
The leader, a 19 year old, was one of those arrested. Five of the gang members arrested were minors. Police are still looking for 24 more members.
And closer to homes in the US, everything old is new again. I remember when scammers would make evening calls and tell the person on the other end that "you won if your Visa account starts with the number 4." The other scam was if your MasterCard started with a "5" and yes, they all do.
Spear phishing expeditions in Salt Lake City, Utah have increased. This is a phishing attack with a narrow market. Mountain America Credit Union customers received an email that they were automatically enrolled in the Verified by Visa program. Many customers have heard about this and know that it promotes security. The email however, revives part of the old scam and tells them the first five digits of the card that is now in the program. Yes, they all have those same first five numbers, but the customers don't know that and this adds legitimacy to the email. Adding even more validity is that the site the email links the customer to, so that they can activate the new security feature, has Secure Socket Layer (SSL) security. We've mentioned this before on BOL and while it isn't common yet, it is happening. So the customer sees the "gold lock" in the browser and the "https" in the web address and believes they are in a valid site.
posted by Andy at
6:05 AM
0 Comments:
Post a Comment
<< Home