Friday, 30 March 2007

Renewed call for ".safe" domain

Source: F-Secure
Summary: F-Secure (anti-virus company) has renewed the call for a top-level domain name for banks and other targets of phishing. It's interesting that F-Secure is advocating this particular approach, but to me it looks like a fairly hollow press release backed by no real intention of pushing the process any further.

Keyloggers: How they work and how to detect them

Summary: first part of a two-part article on keylogger technology -- one of the most commonly used tools in cybercrime and phishing in particular. This is a relatively basic introduction to the subject.

Wednesday, 28 March 2007

12% of adults in UK have experienced fraud online

Source: Get Safe Online
Summary: a survey of UK internet adult users found that 12% had experienced online fraud in the last year, losing an average of £875 each. The survey also looks at the attitudes of Internet users as regards responsibility for their online safety, and the popular view is that it's someone else's responsibility. Most felt that there should be lessons in schools to help young people understand the risks.

Education failing to fight phishing

Source: vnunet
Summary: Joseph Sullivan, associate general council of PayPal, told the e-Crime Congress in London today that relying on education alone will not stop phishing and that an integrated campaign is needed to stamp out the menace. William Beer, European director of Symantec's security practice, says that education needs to be varied and targeted to particular demographics. Mention is made of a phishing attack in which targets were directed to phone a fake call centre rather than visit a fake website.

Experts rubbish two-factor authentication

Source: vnunet
Summary: opinion at the e-Crime Congress in London is that two-factor authentication will not help soaring phishing levels because it is vulnerable to man-in-the-middle attacks. Apparently there is a rising demand for two-factor systems nonetheless.

Wednesday, 21 March 2007

Anatomy of an eBay scam

Source: The Register

Summary: an email exchange between an eBay fraudster and a reporter posing as an interested buyer. The first step in the fraud involves phishing an eBay account with a good reputation. An auction is then posted under this phished ID with instructions to contact the seller directly via email (in contravention of eBay acceptable usage policy). If a buyer contacts the fraudster in this manner, the fraudster will spoof an email from eBay instructing the buyer to send money to an agent via Western Union.

Tuesday, 20 March 2007

FBI Internet Crime Report 2006

As reported in The Register, the FBI have released their 2006 Internet Crime Report. This contains useful facts and figures on the types and scales of cybercrime reported in the USA in 2006.