Tag Archives: ID Theft

Echosec launches security-focused anonymous search tool for The Dark Web

Online data aggregation and information discovery specialist Echosec has introduced Beacon, a search platform for The Dark Web purpose-designed to help discover threats and prevent future attacks.

Beacon is an intelligence tool that helps security teams and public safety professionals alike to find key information from The Dark Web safely through a regular web browser. Previously, the only way to access The Dark Web was through a TOR browser.

The Dark Web is non-indexed and non-secure, yet searching it is crucial for security and public safety organisations as it’s a veritable hotbed for nefarious activity. Beacon provides end users with a single point of entry into The Dark Web and presents critical information in a structured and consistent way.

Organisation of Dark Web data makes analysis of it more efficient and threat intelligence actionable for law enforcement, security and risk managers.

EchosecBeacon

“Beacon helps teams to quickly identify information that can prepare them for the worse case scenario,” said Michael Raypold, CTO at Echosec. “Through Beacon, end users can identify threats quickly and enable efficient issues management.”

A basic Beacon search can provide intelligence on subjects like drug trafficking, the sale of firearms and hacker data. A UK search conducted on 12 April found 14,849 instances of hacker data using the keyword “UK + hacking,” while “UK + credit card” returned 16,600 and “UK + guns” 2,650 results respectively.

More advanced search functions in Beacon have produced thousands of results for information on the sale of identities, e-mail addresses and other personally identifiable information. One excerpt from a credit card search result on a Dark Web site reads: “Hello all clients ! – I’m a hacker, good seller, best tools, sell online 24h. – I want introduce to you my services and sell fresh cvv (visa/master,amex,dis,bin,dob,fullz..) all country, Dumps track 1&2, Account paypal, SMTP, RDP, VPS, Mailers, do WU transfer and Software Bug Transfer Western Union. – I sell cvv Fresh – Fast and Good price.”

Beacon is commercially available and simple and safe to interact with for users of all backgrounds. However, due to the sensitive nature of The Dark Web, Echosec meets with potential customers to review and approve their case before providing access. Echosec also takes steps to ensure that Beacon use is compliant with the current privacy laws and data provider terms.

*More information about Beacon may be found at https://www.echosec.net/darknet/

Advertisements

Leave a comment

Filed under Risk Xtra

Banking fraud rises by 13% as criminals continue to wreak havoc

Crime figures just issued by the Office for National Statistics show that banking and credit fraud has risen by 13% in the year ending June 2016.

John Marsden, head of ID and fraud at Equifax, commented: “Companies have stepped up their fraud protection with multiple layered fraud defences, but this often moves criminal activity to those channels that are less well protected. Fraud is a surprisingly professional industry. The number of cases continues to rise as criminals find new ways to access information, often fuelled by a deep understanding of their target’s identity. Underlying this is the sharing of knowledge and consumers’ personal information across marketplaces on The Dark Web.”

Marsden went on to state: “Consumers must take steps to protect themselves from falling prey to fraudulent behaviour. People are without doubt confused about where to store and share confidential information like their bank account number, sort code and even their date of birth. As consumers seek the convenience and speed offered by digital correspondence, so they potentially position themselves in front of fraudsters who will steal this information to gain access to accounts and financially exploit individuals.”

fraudillustration

According to Marsden, data shared on The Dark Web cannot be treated as a one-time event. The data never truly vanishes and can spread globally in a short amount of time, enabling criminals to fraudulently takeover accounts and identities.

“To reduce the risks and damage associated with fraudulent activity,” observed Marsden, “more needs to be done to educate the public and give them a stronger chance of protecting themselves. The advice is very clear: remain vigilant and only share your details when you’re sure the channel is secure.”

It’s worth bearing in mind the following guidelines when handling personal information:

  1. Do not do your online banking in public places and definitely do not use public Wi-Fi (criminals can set up bogus public Wi-Fi ‘hotspots’ to access devices and information)
  2. Never respond to unprompted banking messages unless you are absolutely certain the request is genuine (ie when you have spoken with your bank to confirm)
  3. Be very aware of domain names online and the security signs visible in a browser. Make sure you log on to a banking website at a web address you know and not via a link
  4. Never provide any banking details to a third party you don’t know or are unsure about (in part or as a whole)
  5. Avoid unnecessarily sharing details such as your name, address and date of birth

Leave a comment

Filed under Risk UK News, Uncategorized

Cyber Streetwise survey reveals 75% of Britons place online safety at risk

A new survey conducted by Cyber Streetwise has revealed that most people are not taking the necessary steps to protect their identity online, with 75% of those who took part in the study admitting they don’t follow Best Practice to create complex passwords.

The figures have been released during Cyber Security Awareness Month to mark the launch of the latest phase of the UK Government’s Cyber Streetwise campaign. In partnership with the police service and industry experts, Cyber Streetwise aims to raise awareness of wise and unwise behaviour in the online space.

Despite 95% of Britons saying it’s their own responsibility to protect themselves online, two thirds are risking their safety by not using symbols in passwords. Nearly half (47%) exhibit other unsafe password habits such as using pet names or significant dates as their password.

Modern Slavery and Organised Crime Minister Karen Bradley MP explained: “When passwords are compromised, financial and banking details can be stolen and cause problems for the person affected, for businesses and for the economy. There’s an emotional impact caused by the loss of irreplaceable photos, videos and personal e-mails, but even worse these can be seized to extort money.”

Bradley added: “We can and must play a role in reducing our risk of falling victim to cyber crime. Most attacks can be prevented by taking some basic security steps, and I encourage everyone to do so.”

Vulnerability to ID theft, fraud and extortion

This latest research shows that 82% of people manage more online accounts that require a password than they did last year, with the average Briton dealing with 19. Over a third (35%) of those questioned admit that they do not create strong passwords because they struggle to recall them. However, poor passwords leave people vulnerable to identity theft, fraud and extortion.

Cyber crime presents a serious threat to the UK and the Government is taking action to increase public awareness of the risk, dedicating £860 million to this issue over the next five years through the National Cyber Security Programme. In essence, the Government is working hard to transform the UK’s response to cyber security.

The latest survey conducted by Cyber Streetwise has revealed that the majority of people are not taking necessary steps to protect their identity online

The latest survey conducted by Cyber Streetwise has revealed that the majority of people are not taking necessary steps to protect their identity online

Jamie Saunders – director of the National Crime Agency’s (NCA) National Cyber Crime Unit – commented: “The NCA is working closely with law enforcement colleagues all over the world to target and disrupt cyber criminals. We should be clear that the criminals will target weaknesses. On that basis, having weak passwords will leave people vulnerable.”

Saunders continued: “Nobody wants their personal financial details, business information or photographs to be stolen or held to ransom, so simple things like using three or more words, a mixture of numbers, letters and symbols and upper and lower case letters will make it much more difficult for hackers to access personal information.”

Creating strong and memorable passwords

Advice on creating strong and memorable passwords can be found at http://www.cyberstreetwise.com along with other easy tips for staying safe online. Tips for creating and remembering passwords include the following:

Loci method
Imagine a familiar scene and place each item that needs to be remembered in a particular location (ie a red rose on the table, a book on the chair, a poster on the wall). Imagine yourself looking around the room in a specific sequence. Re-imagine the scene and the location of each item when you need to remember

Acronyms
Use a phrase or a sentence and take the first letter from that sentence

Narrative methods
Remember a sequence of key words by creating a story and littering it with memorable details (for example, ‘The little girl wore a bright yellow hat as she walked down the narrow street…’)

Further information on Cyber Security Awareness Month is available at: http://www.staysafeonline.org/ncsam/

Leave a comment

Filed under Risk UK News

Top 10 online-enabled frauds hitting British wallets to the tune of £670 million

Organisers of Get Safe Online – the joint public-private sector Internet safety initiative – have revealed the financial and emotional cost of cyber crime. In a specially commissioned poll of 2,000 people by Vision Critical for Get Safe Online Week 2014 (running from 20 to 26 October), half (50%) of those who have been a victim of cyber crime (including online fraud or cases resulting in economic loss, ID theft, hacking or deliberate distribution of viruses and online abuse) said they felt either ‘very’ or ‘extremely’ violated by their ordeal.

Separate figures prepared by the National Fraud Intelligence Bureau (NFIB) for Get Safe Online Week offer an indication as to the sheer scale of online crime, with over £670 million lost nationwide to the Top 10 Internet-enabled frauds reported between 1 September 2013 and 31 August this year. The £670 million statistic emanates from reported instances of fraud, calculated when the first contact with victims was via an online function.

Given that a significant number of Internet-enabled fraud cases still pass by unreported, the true economic cost to the UK is likely to be significantly higher.

The Get Safe Online survey also reveals that over half (53%) of the population now views online crime just as seriously as they do ‘physical world’ crimes, destroying the notion that online crime is ‘faceless’ and less important than other crimes. As a result, more cyber crime victims (54%) wish to unmask a perpetrator but only 14% have succeeded in doing so.

Get Safe Online Week 2014 is focused on awareness around individuals not becoming the victim of cyber fraud

Get Safe Online Week 2014 is focused on awareness around individuals not becoming the victim of cyber fraud

As stated, half (50%) of those individuals surveyed for Get Safe Online Week have been a victim of online crime although only 32% of these people reported the fact. Around half (47%) of victims did not know to whom they should report an online crime, although this figure is expected to drop due to the ongoing work of Action Fraud (the UK’s national fraud reporting centre) and the considerable Government resources now dedicated to fighting cyber crime.

On a more positive note, victims in the Get Safe Online poll said that their experiences have shocked them into changing their behaviour for the better, with nearly half (45%) opting for stronger passwords and 42% now being extra vigilant when shopping online. Over a third (37%) always log out of accounts when they go offline and nearly a fifth (18%) have changed their security settings on their social media accounts.

In stark contrast, however, most people still don’t have the most basic protection in place. More than half (54%) of mobile phone users and around a third (37%) of laptop owners do not have a password or PIN number for their device. That figure rises to over half (59%) for PC users and two thirds (67%) when it comes to tablet owners.

The 'Don't Be A Victim' Infographic produced by the team at Get Safe Online

The ‘Don’t Be A Victim’ Infographic produced by the team at Get Safe Online

Supporting law enforcement’s response to cyber crime

Commenting on the survey results, Francis Maude (Minister for the Cabinet Office) stated: “The UK cyber market is worth over £80 billion a year and rising. The Internet is undoubtedly a force for good, but we simply cannot stand still in the face of these threats which already cost our economy billions every year.”

Maude continued: “As part of this Government’s long-term economic plan, we want to make the UK one of the most secure places in which to do business in cyberspace. We have an £860 million Cyber Security Programme in place which supports law enforcement’s response to cyber crime, and we’re also working with the private sector to help all businesses protect their vital information assets.”

Francis Maude MP: Minister for the Cabinet Office

Francis Maude MP: Minister for the Cabinet Office

In conclusion, the Cabinet Office leader added: “Our Get Safe Online and Cyber Streetwise campaigns provide easy to understand information for the public on how and why they should protect themselves. Cyber security is not an issue for Government alone. We must all take action to defend ourselves against the threats now being posed.”

Tony Neate, CEO at Get Safe Online, explained: “Our research shows just how serious a toll cyber crime can take, both on the wallet and on well-being. This has been no more apparent than in the last few weeks with various large-scale personal photo hacks of celebrities and members of the general public. Unfortunately, this is becoming more common now that we live a greater percentage of our lives in the online space.”

Neate went on to state: “This year, Get Safe Online Week is all about ‘Don’t Be A Victim’. We can all take simple steps to protect ourselves, including putting a password on our computers and mobile devices, never clicking on a link sent by a stranger, using strong passwords and always logging off from an account or website when we’re finished. The more the public do this, the more criminals will not be able to hide behind a cloak of anonymity.”

Tony Neate: CEO at Get Safe Online

Tony Neate: CEO at Get Safe Online

Detective Superintendent Pete O’Doherty, head of the NFIB at the City of London Police, said: “Cheap and easy access to the Internet is changing the world and transforming our lives. What many of us may be less aware of is the fact that financial crime has moved online and poses a major threat to people of all ages and from all walks of life. Men and women, young and old, rich and poor. It matters little who you are, where you live or what you do.”

O’Doherty continued: “It’s vitally important people are fully aware of the dangers around fraud and Internet-enabled fraud which is why the City of London Police, in its role as the National Policing Lead for Fraud and home to the National Fraud Intelligence Bureau, is fully supportive of Get Safe Online’s week of action.”

Importantly, O’Doherty added: “I would also call on anyone who has fallen victim to an online fraud to report this to Action Fraud. It’s only then that local police forces will be able to track down the main offenders and ensure victims receive the best possible support as they try to recover from what can be an extremely difficult and upsetting experience.”

Have you been a victim of cyber-enabled fraud?

George Anderson, director of product marketing at Internet security specialist Webroot, has also offered his views on the survey results.

“It’s sad but not surprising that 53% of British people have fallen victim to cyber crime,” asserted Anderson. “The Internet has been assimilated into our daily lives to the point where it’s easy to forget how hazardous it is if the proper security measures are not taken.”

Anderson continued: “The key to making the UK a safe Internet user zone is education. As a country, as communities and as individuals we should be actively promoting awareness of Internet safety and security issues. The Government’s research should not scare people away from online activities, but rather start the process of serious and continuous conversations whereby we evaluate the online precautions we take both at home and at work. Education should start at an early age, with parents and education bodies working to ensure future generations populated by ‘security savvy’ individuals.”

Adding to that message, Anderson said: “Understanding what preventative measures we can take ranges from a rudimentary awareness through to in-depth technical knowledge. However, far too many people have become too complacent with modern technology to even practice the basics. The modern person should by now know that computers ought to be protected by updated, Best-of-Breed anti-spyware and anti-virus software. They should practice safe surfing habits and harbour a full comprehension of online activities that would place their information at more risk than others. Also, they ought to be able to identify and understand website privacy policies and know when or when not to impart information regarding personal data.”

*If you think you may have been the victim of cyber-enabled economic fraud (ie where you have lost money), you should report the occurrence to Action Fraud and include as much detail as possible. Telephone: 0300 123 2040. Alternatively, visit: http://www.actionfraud.police.uk

**If you have been the victim of online abuse or harassment, you should report it to your local police force

***For general advice on how to stay safe online visit: http://www.GetSafeOnline.org

Leave a comment

Filed under Risk UK News

“Beware what you share” warns new CIFAS guide on social media usage

People are being warned by CIFAS – the UK’s Fraud Prevention Service – of the consequences of sharing too much information on social media platforms.

‘Beware What You Share’ is a new publication designed to highlight the often unexpected dangers of posting too much information online through social networking sites such as Facebook. From pointing out what a fraudster will see when someone posts their holiday details through to understanding privacy settings on popular social networking sites, ‘Beware What You Share’ points out some of the common dangers and encourages individuals to think about how information might be used by those who are not in their close circle of friends or family.

“With a new academic year in its infancy, and the festive season looming large on the horizon, the latter part of the year is invariably one where younger people, for example, will be meeting new acquaintances and creating friendships that will last a lifetime,” stated Richard Hurley, communications manager at CIFAS.

“Social media is now an essential part of that whole process, of course, but in the same way that you wouldn’t advertise all of your personal details in the pub to a group of people you have not long known, you also need to be very careful that you don’t share far too much information in the online space.”

CIFAS is urging people to be aware in terms of the information they post on social media platforms

CIFAS is urging people to be aware in terms of the information they post on social media platforms

The second publication in a planned series designed to educate young people about fraud and how to protect themselves, this new document has already been sent to universities and colleges and is available online.

The aim is not to stop social media from being used, but rather to educate young people around the potential risks they’ll face by effectively ‘living their life in public’. The guide contains eight examples of ‘seeing what a fraudster might see when looking at your social media profiles’, from highlighting that someone is away from home and that their house is empty through to where they work and details of those companies with which they have online accounts. Each small piece of information can be used to create a much larger picture, in turn increasing an individual’s chances of falling victim to fraud.

“Ask yourself, would you reveal all of this information in one chat in the pub?”

“The pressures on young people – to fit in, to socialise, to make friends and so on – are immense,” added Hurley. “Social media is undoubtedly the easiest way to do all of this, but it’s worth remembering something. Would you – in a pub, with people you were only just getting to know – tell them all about your address, holiday plans, shopping habits and the rest? No. You would not open yourself up so quickly.”

Hurley concluded: “‘Beware What You Share’ highlights very succinctly how putting too much information online is the equivalent of telling a stranger everything about yourself at a first meeting. The majority of people are, of course, simply wanting to connect and be friends, but individuals need to be aware that there are some people who are just waiting to use any information that’s revealed.”

CIFAS provides the UK’s most comprehensive databases of confirmed fraud data as well as an extensive range of fraud prevention services to over 300 organisations operational across the public and private sectors.

Member organisations share information in order to prevent fraud and emanate from a variety of sectors including banking, grant giving, credit card provision, asset finance, retail credit, mail order and online retail, insurance, telecommunications, factoring, share dealing, vetting agencies, contact centres and insurance brokering sectors.

Leave a comment

Filed under Risk UK News

“Nearly half of all frauds are identity crimes” reveals CIFAS

Data-driven identity crimes – ie frauds carried out using a victim’s identity details to obtain new accounts or take over existing ones – accounted for over 45% of all the confirmed frauds identified in the first three quarters of 2014. These figures issued by CIFAS continue the pattern seen in recent years, underlining the severity of the challenge facing consumers and businesses.

While identity fraud existed before the proliferation of online services, the use by online crooks of data such as passwords and e-mails or personal data harvested through hacking attacks and social engineering can now be considered the ‘norm’ in terms of fraud.

The 45% figure may represent a small decrease from some of the proportions recorded in previous years, but identity crimes represent as strong a challenge as ever to the financial well-being of organisations and consumers.

CIFAS’ communications manager Richard Hurley commented: “For the modern fraudster, knowing somebody’s personal or financial details is a licence to print money and the continuing preponderance of such data-driven financial crime must serve as a warning. Defeating it means we have to demand that organisations do more to handle our data securely, and ramp up their fraud prevention efforts accordingly. Individually, however, we also have a responsibility to look after our own details. Without doing so, we are effectively handing access to our bank accounts to a complete stranger.”

Data-driven identity crimes - ie frauds carried out using a victim’s identity details to obtain new accounts or take over existing ones - accounted for over 45% of all the confirmed frauds identified in the first three quarters of 2014

Data-driven identity crimes – ie frauds carried out using a victim’s identity details to obtain new accounts or take over existing ones – accounted for over 45% of all the confirmed frauds identified in the first three quarters of 2014

Victims of fraud must not be forgotten

Since 2010, there have consistently been over 100,000 instances of victimisation each year. The figures for 2014 to date indicate that this year will repeat the pattern, with almost 90,000 victims of identity crime already pinpointed by the organisations using the CIFAS National Fraud Database.

“Fraud is far from a victimless crime,” noted Hurley. “Not only do the victims suffer an immediate financial cost but they also have to contend with the time taken to sort out the mess left behind and the worry caused by not knowing how the fraudster managed to steal their details. While it’s understandable that a financial cost is always asked for in relation to fraud, it must be remembered that fraud has a far more lasting and personal impact upon victims. It’s one that cannot be summed up in terms of monetary value alone.”

While fraud may never be eliminated, figures such as these – and the patterns of recent years – prove that UK plc must become more aggressive in its approach to fraud prevention.

CIFAS CEO Simon Dukes explained: “While many organisations have put in place robust and comprehensive strategies designed to combat online crooks, and have empowered their customers to do the same, that doesn’t mean all organisations have done so.”

Dukes concluded: “Surely now every organisation and individual must recognise that if they don’t co-operate with others in terms of identifying and implementing good practice, data sharing and responsible online behaviour then they instantly become the weakest link in the chain. This means that they encourage fraudsters to continue their crimes, in turn damaging us all individually and collectively.”

Leave a comment

Filed under Risk UK News