Fighting cybercrime in an economic downturn
Pamela Warren, cybercrime strategist at McAfee
(Credit: Daniel Q. McDowell)Editor's note: This is part of a series of stories about the recession's effect on the tech industry.
Last month, McAfee cybercrime strategist Pamela Warren sat down with a senior executive at a Sydney bank to discuss the risks to the corporate network from workers using social networking.
After going over the trade-offs associated with allowing insiders to use social networks at work, his team confirmed that they would use data leak prevention technology to monitor the network traffic--balancing the desire to benefit from such new technologies while ensuring company secrets remain protected.
Warren had a similar meeting with a U.S. government agency last week to discuss strategies for dealing with public employees using Web apps at work and mobile devices, which can introduce viruses and other security problems into a corporate network. And she's been preparing for the launch early next year of McAfee's Cybercrime Response Unit, a site where consumers can go when they think they've been victimized by online scams.
She's sharpening her focus on protecting Internet users because malware attacks are up now that economic times are tough. Online scammers have been going into overdrive with phishing and other online schemes aimed at people confused about the banking consolidation or who are desperate because of a layoff or foreclosure. In fact, there are direct correlations between targeted cyberattacks on consumers and the stock market decline over the past few months.
"It's a ripe economy to take advantage of people," she said.
Consumers are being scammed in a variety of ways. People are receiving phishing e-mails asking them to provide their bank account information so as to avoid having their bank account closed in a merger. They provide their bank information and their account balance is plundered.
People also are getting e-mails and seeing ads on the Web for work-from-home "jobs" where all they have to do to become an "international sales rep" is open a bank account to receive money in and then wire the money to some international third party. In reality, the transaction is nothing more than a money-laundering move, known as a "cyber mule operation," to transfer money to another country and hide the trail in an illegal deal. Typically, the transaction is a payment for some kind of illegal activity such as the exchange of lists of credit card information or personal data that can be used for identity fraud. (McAfee published a report about the rise in cybercrime earlier this week.)
An example of a cybermule ad.
(Credit: McAfee)People who get involved in the schemes don't always realize that they can be arrested for using their bank accounts in this manner, although most arrests so far seem to have been made outside the U.S. Money mules are much more likely to get caught than the operators of the scheme.
"If this happened five years ago, it would have been different. But today we share so much information online. We are much more comfortable with sharing personal information. We are more susceptible," Warren said. "Then you add the concept of a down economy where people need money. It's like a perfect storm brewing up."
Malware that aims to steal personal data has risen from 130,000 pieces last year to 1.3 million this year, while suspicious money mule solicitations rose 33 percent in the first half of 2008 over all of last year, according to McAfee.
"Our prediction is it is going to get worse," Warren said, echoing what experts are saying about the economy in general.
Warren's strong sense of right and wrong and her desire to protect the innocent are in her blood; her father and her younger brother are police officers.
"I was never the kind of person, like my dad or brother, that wants to walk around with a gun every day and go after that kind of criminal, so I chose the intelligence business path," she said. "The core of the entire Warren family is about helping other people. We are just driven by that."
The 43-year-old grew up in Williamsburg, Va., and studied international affairs at Florida State University before getting a master's in telecommunications from George Washington University. She's also a certified information system security professional and certified information privacy professional.
She worked in the U.S. intelligence community for about 10 years, primarily with the National Security Agency looking at threats against the U.S. "I had to understand the security of networks to help track down governments or individuals who were trying to harm the U.S." she said, declining to elaborate due to the sensitivity of the work. Before joining McAfee in January, Warren worked on security programs and consulting at Nortel Networks and security of chipsets at Intel.
Now, Warren, who spends her free time running with her dog, a Shiba Inu named Joey, in the mornings and volunteering at a marine mammal rehabilitation center in Sausalito, Calif., is helping "track the bad guys" on behalf of consumers and private companies.
The recent rise in threats aimed at financially downtrodden consumers offends her moral sensibilities. "You see the growth in identity theft and online fraud and you see what's happening to us worldwide in terms of the economic situation and it makes everything we do here more urgent," she said. "I think it's important to help people day to day around the world protect their privacy and protect themselves from loss.
Warren is adamant that people should not let the security risks associated with Internet applications keep them from taking advantage of what the technology has to offer. For instance, she relies on the Internet to keep connected with her nephew fighting in Iraq and would suffer if she were at a job where access to certain Web applications was restricted.
"Getting to see my nephew when he's in the middle of Iraq fighting in a war zone and I get snippets of his life on Facebook...it all helps motivate me on a daily basis," she said.
Next in the series: A contractor's roller-coaster ride in Redmond.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
See Snopes.com at http://www.snopes.com/crime/warnings/creditcard.asp
Summary: This one is pretty slick since they provide YOU with all the
information, except the one piece they want.
Note, the callers do not ask for your card number; they already have
it. This information is worth reading. By understanding how the VISA &
MasterCard Telephone Credit Card Scam works, you'll be better prepared
to protect yourself.
The scam works like this:
Caller:
'This is (name), and I'm calling from the Security and Fraud
Department at VISA. My Badge number is 12460. Your card has been
flagged for an unusual purchase pattern, and I'm calling to verify.
This would be on your VISA card which was issued by (name of bank).
Did you purchase an Anti-Telemarketing Device for $497.99 from a
Marketing company based in Arizona ?'
When you say 'No', the caller continues with, 'Then we will be issuing
a credit to your account. This is a company we have been watching and
the charges range from $297 to $497, just under the $500 purchase
pattern that flags most cards. Before your next statement, the credit
will be sent to (gives you your address), is that correct?'
You say 'yes'. The caller continues - 'I will be starting a Fraud
investigation. If you have any questions, you should call the 1- 800
number listed on the back of your card (1-800-VISA) and ask for
Security.'
You will need to refer to this Control Number. The caller then gives
you a 6 digit number. 'Do you need me to read it again?'
Here's the IMPORTANT part on how the scam works. The caller then says,
'I need to verify you are in possession of your card'. He'll ask you
to 'turn your card over and look for some numbers'. There are 7
numbers; the first 4 are part of your card number, the next 3 are the
security Numbers that verify you are the possessor of th e card. These
are the numbers you sometimes use to make Internet purchases to prove
you have the card. The caller will ask you to read the 3 numbers to
him. After you tell the caller the 3 numbers, he'll say, 'That is
correct, I just needed to verify that the card has not been lost or
stolen, and that you still have your card. Do you have any other
questions?' After you say No, the caller then thanks you and states,
'Don't hesitate to call back if you do, and hangs up.
You actually say very little, and they never ask for or tell you the
Card number. What the scammers want is the 3-digit PIN number on the
back of the card. Don't give it to them.
Instead, tell them you'll call VISA or Master card directly for
verification of their conversation. If you give the scammers your
3 Digit PIN Number, you think you're receiving a credit. However, by
the time you get your statement you'll see charges for purchases you
didn't make, and by then it's almost too late and/or more difficult to
actually file a fraud report.
If there was no cybercrime McAfee would be out of business.
They don't have a common interest to fight Cybercrime, they have a common interest to make money off the Cybercrime, that in my book makes them part of the crime.
- by kai7070 December 18, 2008 6:13 PM PST
- Santa got his identity ripped off from cybercrime!! :) http://www.viddler.com/explore/SantaFraud1/videos/2/
- Like this Reply to this comment
-
(6 Comments)and here's where they get busted... www.santafraud.com pretty damn good reason to have high security.