Profile of Likely E-Mail Phishing Victims Emerges in Human Factors/Ergonomics Research
Science Daily July 25, 2013
The author of a paper to be presented at the upcoming 2013 International Human Factors and Ergonomics Society Annual Meeting has described behavioral, cognitive, and perceptual attributes of e-mail users who are vulnerable to phishing attacks. Phishing is the use of fraudulent e-mail correspondence to obtain passwords and credit card information, or to send viruses.
In “Keeping Up With the Joneses: Assessing Phishing Susceptibility in an E-mail Task,” Kyung Wha Hong discovered that people who were overconfident, introverted, or women were less able to accurately distinguish between legitimate and phishing e-mails. She had participants complete a personality survey and then asked them to scan through both legitimate and phishing e-mails and either delete suspicious or spam e-mails, leave legitimate e-mails as is, or mark e-mails that required actions or responses as “important.”
“The results showed a disconnect between confidence and actual skill, as the majority of participants were not only susceptible to attacks but also overconfident in their ability to protect themselves,” says Hong. Although 89% of the participants indicted they were confident in their ability to identify malicious e-mails, 92% of them misclassified phishing e-mails. Almost 52% in the study misclassified more than half the phishing e-mails, and 54% deleted at least one authentic e-mail.
Gender, trust, and personality were correlated with phishing vulnerability. Women were less likely than men to correctly label phishing e-mails, and subjects who self-reported as “less trusting, introverts, or less open to new experiences” were more likely to delete legitimate e-mails.
Hong will continue to develop a user profile that can predict when and with whom phishing attacks are likely to be successful. Information gained in these studies will be used to design effective tools to prevent and combat phishing attacks.
The new Safe Browsing section of Google’s Transparency Report shows that you face a significantly bigger threat from compromised legit sites than intentionally dangerous sites.
C/NET News by Seth Rosenblatt June 25, 2013
Web sites you think are safe but have been compromised to distribute malicious software are far more prevalent than sites that are intentionally dangerous, according to a new Transparency Report from Google released on Tuesday.
The new Safe Browsing section of the report reveals some of the security trends that Google has been seeing. While Google reiterated that its Safe Browsing program flags up to 10,000 sites a day, the report showed that hacked sites remain a major problem — with about 60 percent hosting malware and 40 percent being used for phishing attacks.
Dedicated attack sites numbered in the hundreds until late 2009, when they began to increase. They crested at the end of last year above 6,000, but that number has since dropped. As of June 9, 2013, Google reports the number of these malicious sites at 3,891.
Dramatically worse is the problem of compromised sites, Web sites that are supposed to be legitimately safe but that have been hacked to infect visitors.
During the week of June 9, Google tallied 39,247 hacked sites, down from more than 60,000 last July and more than 76,000 in June 2009.
Webmaster response time to fixing those compromised sites has accelerated remarkably, although it has been slowly getting worse over past 18 months. Response time began to drop from more than 90 days in 2008 to a low of 12 days in May 2009. As of March 2013, the response time hovered around 50 days.
Bank security weaknesses led to cyber looting of $45M from ATMs
Indicted cyber thieves used pre-paid debit cards, maniulated bank accounts to withdraw huge sums from ATMs around the world
Computer World by Jaikumar Vijayan May 10, 2013
Alberto Yusi Lajud Pena, found dead in the Dominican Republic two weeks ago, was the leader of the New York cell of an international gang of cyber thieves that authorities allege stole a staggering $45 million from ATM machines around the world.
One startling aspect of the case, sure to be closely reviewed by banks worldwide, is that Pena and his cohorts pull off the theft quickly using just 17 prepaid debit cards.
Federal prosecutors in New York on Thursday handed down indictments against Pena and seven other individuals on cyber hacking charges related to the theft. The defendants allegedly formed a New York-based cell of an international group that hacked into global financial institutions to access prepaid debit card data that they later used to steal money from ATM machines.
Pena and his co-conspirators are accused of withdrawing about $2.8 million from ATMs in NYC on two separate occasions.
In the first operation last Dec. 22, the gang withdrew $400,000 in 750 fraudulent transactions at 140 ATM locations in the city in just two hours and 25 minutes. In February, the gang withdrew close to $2.4 million in 3,000 ATM transactions in the NYC area over a 10-hour period.
Details of the operation contained in court documents provide a fascinating look both at the sophisticated methods used by the hackers, and the vulnerabilities in the banking system that allowed it to happen.
The thefts began with an extensive intrusion last December into the network of an Indian credit card processing company that handles MasterCard and Visa prepaid debit cards.
Such cards are typically loaded with a finite amount of funds and are often used by employers in lieu of paychecks and by charitable organizations to distribute emergency assistance, according to a statement by the U.S. Department of Justice.
The hackers broke into the card processing company, manipulated account balances and eliminated withdrawal limits on each of five prepaid MasterCard debit cards issued by the National Bank of Ras Al-Khaimah in the United Arab Emirates.
Such manipulation of debit card information is referred to as “unlimited operation” in the cyber underworld and requires a very high degree of technical sophistication, according to the indictment. When successful, even a small number of compromised cards can lead to a “tremendous financial loss the victim financial institution,” the indictment said.
The compromised account numbers, together with PINs needed to initiate withdrawals, were distributed to cell ‘managers’ like Pena in different parts of the world. The stolen account numbers were used to encode magnetic stripes on the back plastic cards such as gift cards and hotel key cards and later used to initiate the fraudulent withdrawals.
The first operation, in Dec. 2012, resulted in close to $5 million being withdrawn from ATM machines around the world in about 5,700 transactions. The hackers who had broken into the card processor network used their access to monitor the withdrawals to ensure they were not shortchanged.
In February, the group pulled off the same caper, but this time by breaking into a U.S.-based credit card processor that handles MasterCard and Visa prepaid debit card transactions.
In this instance, the hackers manipulated account balances and removed withdrawal limits on 12 prepaid debit cards issued by the Bank of Muscat in Oman. The compromised account numbers were distributed to gang members in 24 countries and used to create spoofed debit cards that were used to withdraw $40 million from ATM machines.
Members of Pena’s gang were identified and nabbed from surveillance tapes provided by financial institutions and by owners of the ATM machines that were robbed.
The thefts highlight continuing vulnerabilities in the payment industry said Jim Stickley, chief technology officer at TraceSecurity Inc., a Baton Rogue, La.-based company risk and compliance management vendor with several banking customers.
Stickley said that no mechanisms appear to have existed to prevent the same debit card numbers from being used over and over again to complete thousands of transactions in different countries in a very short period of time.
“It’s surprising that even some level of analytics wasn’t used,” to spot and prevent fraudulent transactions, he said. “When they were hitting 3,000 ATMs around the world at the same time, you’d think there’d be some analytics” to detect it, he said.
It’s likely that the banks did not have monitoring systems in place to track prepaid debit cards. There’s little chance that the bacnk would know who purchased such cards. There’s little risk to the bank with such cards, because they have already been paid for, Stickley said.
“They probably treated it somewhat differently because there is no way they can call somebody to tell them they are shutting it down,” he said. “I can see how they might have never imagined a situation where someone would use the cards in this manner.”
Avivah Litan an analyst with Gartner, added that the theft “could have been prevented with simple steps like privileged user monitoring and alerts when account limits are raised in this manner.” Accounts limits had to be raised substantially for the crooks to get so much money she said.
Strengthening authorization on raising account limits is one way to mitigate such issues she said.
Banks, for example, can enforce dual authorization whenever someone wants to raise accounts limits in the manner that needed to have been done in this case, she said.
PIN and Chip cards could also have prevented the heist, she said. Chip-and-PIN systems use smartcards that have embedded microprocessors (or chips) rather than magnetic stripes to store cardholder data.
To use the cards at an ATM machine a cardholder needs to have the original and personal identification number. “There simply wasn’t enough attention paid to simple controls that should have been put on these systems,” Litan said
“The only good news here is that consumers weren’t hurt. The bad news is that the payment industry still has not learned its lesson,” she said. “The industry needs to implement a major change in the way cardholders are authenticated, either using chip and PIN, biometrics, or something else much stronger than a PIN.”
I know, I know…. Washington D.C. keeps saying that “Everything Is Getting Better!” But, I wish Washington and our so called Leaders would tell that to the “Scumbag Trolls” on the internet that it is okay to stop ripping people off because the gravy train is back! Until then, you should BE AWARE that there are new phishing scams in the works that will not only put you, your family, your friends, co-workers financially at risk… But also cost you more money on your cellular bill in the way of unwanted text messages.
Very soon, if not already, you will begin getting text messages from somebody you don’t know telling you something like…
“Hey its Jennifer, and I just took some new pictures and wanted to know what you think”
Well, if you decide to look, YOU’RE AN IDIOT!
This is another popular one that goes like this….
“OMG, I can’t believe you let them get a picture of you like that. Check it out (with a link)”
Well, I you decide to look, YOU’RE AN EVEN BIGGER IDIOT!
Or how about these two texts…
From: email@example.com Message: Call 8 0 0 8 5 1 7 2 6 8 Attention Required California C U
From: firstname.lastname@example.org Message: Attention Required 802 851 7268 California CU
The point in a nutshell is that you should not click or call anything remotely like this nor should you trust the message because it came from what you believe to be a loved / trusted one because it could be they clicked or the information was “SPOOFED” to look legitimate.
We have been posting article on this time of “PHISHING” Schemes, Malware, Trojans, Viruses, etc for awhile now to keep you in the know and as safe as you can be, based on your own caution and habits online.
Also known as “SPE” and “John” by the attackers who use it, miniFlame was probably cooked up by the U.S. and Israel and fills an important little niche in its malware family; it plugs itself directly into Flame and Gauss installations in addition to working on its own. Once it’s on a target PC, it opens up a backdoor that lets attackers directly control the infected computer, something neither Flame nor Gauss can do. As a last little bonus, miniFlame can actually delete infections of (mega)Flame and immunize the computer from further Flame infections.
Compared to the other state-sponsored malware, miniFlame has hit relatively few computers, somewhere in the the neighborhood of 50, and there’s no real geographical concentration of infections. Chances are this is because its use was reserved for particularly high-profile targets, where the “total control” feature would be especially useful. Kapersky Labs calls it a “surgical attack tool.”
Chances are you’re not a high-value target, so it’s not a risk to we rank-and-file, but it just goes to show how sophisticated and specialized the secret suite of operating cyberweapons is. And you can bet there are more out there, still hiding. [Kapersky Labs via Wired]