Online scammers, always quick to exploit the latest news event, are sending out e-mails promising economic-stimulus package payments but that instead steal sensitive data, the US-CERT warned on Friday.
The e-mails are disguised to look like official Internal Revenue Service communications. They offer a link to a Web site that asks for personal information or include a form that needs to be filled out and returned, the security organization said in an alert.
People who receive the fraudulent e-mail messages are encouraged to send the e-mail message and the Web site URL to the IRS at phishing@irs.gov.
CERT advises people against following unsolicited Web links in e-mails and offers more tips on its Web site.
The U.S. Senate was debating President Obama's $920 million economic-stimulus plan on Friday after the House of Representatives had approved a version.
Pamela Warren, cybercrime strategist at McAfee
(Credit: Daniel Q. McDowell)Editor's note: This is part of a series of stories about the recession's effect on the tech industry.
Last month, McAfee cybercrime strategist Pamela Warren sat down with a senior executive at a Sydney bank to discuss the risks to the corporate network from workers using social networking.
After going over the trade-offs associated with allowing insiders to use social networks at work, his team confirmed that they would use data leak prevention technology to monitor the network traffic--balancing the desire to benefit from such new technologies while ensuring company secrets remain protected.
Warren had a similar meeting with a U.S. government agency last week to discuss strategies for dealing with public employees using Web apps at work and mobile devices, which can introduce viruses and other security problems into a corporate network. And she's been preparing for the launch early next year of McAfee's Cybercrime Response Unit, a site where consumers can go when they think they've been victimized by online scams.
She's sharpening her focus on protecting Internet users because malware attacks are up now that economic times are tough. Online scammers have been going into overdrive with phishing and other online schemes aimed at people confused about the banking consolidation or who are desperate because of a layoff or foreclosure. In fact, there are direct correlations between targeted cyberattacks on consumers and the stock market decline over the past few months.
"It's a ripe economy to take advantage of people," she said.
Consumers are being scammed in a variety of ways. People are receiving phishing e-mails asking them to provide their bank account information so as to avoid having their bank account closed in a merger. They provide their bank information and their account balance is plundered.
People also are getting e-mails and seeing ads on the Web for work-from-home "jobs" where all they have to do to become an "international sales rep" is open a bank account to receive money in and then wire the money to some international third party. In reality, the transaction is nothing more than a money-laundering move, known as a "cyber mule operation," to transfer money to another country and hide the trail in an illegal deal. Typically, the transaction is a payment for some kind of illegal activity such as the exchange of lists of credit card information or personal data that can be used for identity fraud. (McAfee published a report about the rise in cybercrime earlier this week.)
An example of a cybermule ad.
(Credit: McAfee)People who get involved in the schemes don't always realize that they can be arrested for using their bank accounts in this manner, although most arrests so far seem to have been made outside the U.S. Money mules are much more likely to get caught than the operators of the scheme.
"If this happened five years ago, it would have been different. But today we share so much information online. We are much more comfortable with sharing personal information. We are more susceptible," Warren said. "Then you add the concept of a down economy where people need money. It's like a perfect storm brewing up."
Malware that aims to steal personal data has risen from 130,000 pieces last year to 1.3 million this year, while suspicious money mule solicitations rose 33 percent in the first half of 2008 over all of last year, according to McAfee.
"Our prediction is it is going to get worse," Warren said, echoing what experts are saying about the economy in general.
Warren's strong sense of right and wrong and her desire to protect the innocent are in her blood; her father and her younger brother are police officers.
"I was never the kind of person, like my dad or brother, that wants to walk around with a gun every day and go after that kind of criminal, so I chose the intelligence business path," she said. "The core of the entire Warren family is about helping other people. We are just driven by that."
The 43-year-old grew up in Williamsburg, Va., and studied international affairs at Florida State University before getting a master's in telecommunications from George Washington University. She's also a certified information system security professional and certified information privacy professional.
She worked in the U.S. intelligence community for about 10 years, primarily with the National Security Agency looking at threats against the U.S. "I had to understand the security of networks to help track down governments or individuals who were trying to harm the U.S." she said, declining to elaborate due to the sensitivity of the work. Before joining McAfee in January, Warren worked on security programs and consulting at Nortel Networks and security of chipsets at Intel.
Now, Warren, who spends her free time running with her dog, a Shiba Inu named Joey, in the mornings and volunteering at a marine mammal rehabilitation center in Sausalito, Calif., is helping "track the bad guys" on behalf of consumers and private companies.
The recent rise in threats aimed at financially downtrodden consumers offends her moral sensibilities. "You see the growth in identity theft and online fraud and you see what's happening to us worldwide in terms of the economic situation and it makes everything we do here more urgent," she said. "I think it's important to help people day to day around the world protect their privacy and protect themselves from loss.
Warren is adamant that people should not let the security risks associated with Internet applications keep them from taking advantage of what the technology has to offer. For instance, she relies on the Internet to keep connected with her nephew fighting in Iraq and would suffer if she were at a job where access to certain Web applications was restricted.
"Getting to see my nephew when he's in the middle of Iraq fighting in a war zone and I get snippets of his life on Facebook...it all helps motivate me on a daily basis," she said.
Next in the series: A contractor's roller-coaster ride in Redmond.
Screenshot of IRC discussion between people buying and selling tools for cybercrime.
(Credit: Symantec)Did you know that you can buy a keystroke logger for $23 or pay $10 to have someone host your phishing scam? Having a botnet at your fingertips will cost you $225, and a tool that exploits a vulnerability on a banking site averages $740 and runs as high as $3,000.
That's according to the Symantec Report on the Internet Underground Economy due to be released Monday.
Symantec researchers spent a year observing the chat among cybercriminals on IRC channels and forums on the Internet between July 1, 2007 and June 30, 2008 and were able to piece together a veritable menu of malicious code, as well as dig up detailed information on the exchange of highly prized financial information.
For example, credit card information accounted for more than 30 percent of all of the types of goods and services sold and was the most requested category. Bank account credentials were the most commonly advertised thing for sale on underground economy servers monitored by Symantec, with prices ranging from $10 to $1,000 depending on the balance and location of the account.
This is a lucrative business, Symantec has discovered. If the sellers were able to sell everything they were offering, the amount would reach more than $275 million. That represents just the sales amount. Factoring in the emptying of victims' accounts and maxing out credit cards, the potential worth of credit card information and bank credentials for sale would be $7 billion, the report estimates.
The report also studied trends in software piracy, with researchers monitoring those sales between July and September of this year. The most pirated software was found to be desktop games, followed by utility applications and then multimedia software, such as photo editors, 3D animation, and HTML editors.
There is some interesting geographical data as well. Most of the people uploading pirated software to be sold were in the United States, the report found. The U.S. was home to most of the underground economy servers (41 percent) followed by Romania (13 percent) and North America had the largest number of underground economy servers.
Meanwhile, cybercriminals in Russia and Eastern Europe appear to be more organized than their counterparts in the North America who are "often made up of acquaintances who have met in online forums and/or IRC channels," the report says.
"The big picture is this system is highly self-sustaining. You can buy the attack tool kit, use it to steal information and sell that information to others in the economy," Zulfikar Ramzan, technical director of Symantec Test and Response, said in an interview. "You don't need to have expertise in every area of cybercrime. You can have expertise in just one area and with others, form a supply chain to make money."
The report joins a growing list of research devoted to the organization and sophistication of the cyber underground. Affinion Group , as well as McAfee and Finjan monitor such underground marketplaces. RSA discovered that data from 550,000 online bank accounts and credit card accounts was stolen with the aid of one Trojan, and has done research on the "Internet Fraud Chain".
This table shows the sales price and estimated value of pirated software sold on underground economy servers monitored by Symantec.
(Credit: Symantec)Updated Nov. 24 with Symantec researcher comment and background on other research.
The Web site Dictionary.com defines the word focus as "a central point, as of attraction, attention, or activity." This is an apt description of McAfee's inaugural customer event, McAfee Focus.
McAfee customers received the message that the company is focused in three areas:
Growth through acquisition. McAfee is intent on becoming a one-stop shop for governance, compliance, and risk management. To this end, the company purchased outside firms like Reconnex, SafeBoot, and Secure Computing. Look for McAfee to continue this trend by buying companies in areas like application security, identity management, IT operations management, and security management.
Product integration. McAfee has two areas for integration: the endpoint (i.e., one agent for security, encryption, network access control, etc.) and its management platform Enterprise Policy Orchestrator (ePO). McAfee wants to surround its customers with broad functionality AND central command-and-control.
Industry relationships. In the past few weeks, McAfee announced partnerships with Commvault, HP, Intel, and VMware. The goal? Make McAfee a development nexus for anything related to security integration.
These initiatives come right from the playbook of McAfee CEO, Dave DeWalt, a veteran of the software industry. The results of this game plan seem good so far: McAfee reported record revenue of $410 million (27 percent growth) in the third quarter.
So will this focus and aggressive behavior continue? I expect McAfee to back off the gas pedal a bit to feel its way through muddy economic waters but the company will also capitalize on deflated market capitalization values to acquire more companies and a softening job market to grab top talent. In this growing global recession, McAfee may be one company that is able to swim against the tide.
Here's more evidence of a connection between the economic crisis and cybercrime. PandaLabs reported on Wednesday about a direct correlation between the recent stock market declines and increases in targeted cyberattacks.
For instance, while the U.S. stock market saw declines between September 1 and October 9, the volume of malware threats grew, doubling to more than 24,000 per day between September 8 and September 10 alone and to more than 30,000 per day on September 16.
The recent malware spikes could be due to the fact that cybercriminals now have fewer possible targets with the consolidation in the banking industry, and the perception of instability in the financial community could be causing panic even within the cyberunderground, PandaLabs said.
"Cybercriminals have to increase their activity to reach more users with campaigns designed to put money directly into their pockets, especially during times of economic instability," Ryan Sherstobitoff, chief corporate evangelist for Panda Security, said in a statement. "For example, we have seen a surge in the number of fake antivirus software scams that trick unsuspecting consumers into making an online transaction, instead of criminals relying heavily on phishing the credentials for banks."
Such fake antivirus scams generate an estimated $14 million in profit each month for criminals, he said.
MessageLabs reported earlier this week about statistics showing that banking-related phishing scams have risen.
Stock market evolutions (September 1 to October 9)
(Credit: moneycentral.msn.com)
Threat evolutions with key highlights (September 1 to October 9)
(Credit: PandaLabs)
- prev
- 1
- next
