Thursday, July 17, 2008

Another ATM fraud: Woman loses Rs 25,000 - - 17 Jul 2008

Pune, July 16 A woman lost Rs 25,000 to an ATM card fraud on Sunday soon. The victim, Trupti Nitin Menvelkar (39) of Tejas Society, Kothrud has lodged a complaint with the Kothrud police station.
Police said Trupti and her husband had gone for a movie at City Pride theatre on Saturday evening.

While coming back from the cinema hall, she lost her wallet carrying her ICICI bank ATM card. On Sunday, she received an SMS from the ICICI bank that Rs 25,000 has been withdrawn from her account in three transactions.

Trupti has told the police that her ATM card was blocked around 12.30 pm on Sunday. While the money was withdrawn from her account around 1.15 pm.

Investigation officer D A Walimbe said that money was withdrawn from the ATM centres in the city.

"The ATM centres were installed with CCTV cameras. So we have asked the bank to get the video clips of the time when money was withdrawn," he said.

Walimbe said that Trupti works with a private company. She has an account with Apte road branch of ICICI.

Russian Coreflood Gang targets online bank accounts - - 16 Jul 2008

Call them the Coreflood Gang. A ring of cyber bank robbers from southern Russia has quietly perfected a way to get a beachhead inside company networks.

Once inside, it infects every PC within reach with a custom-made data-stealing program called Coreflood. The goal: go rip off bank accounts online.

Over the past 16 months, the Coreflood Gang has infected swaths of PCs inside thousands of companies, hospitals, universities and government agencies, says SecureWorks researcher Joe Stewart, who has tracked and documented the spread of Coreflood over that period.

"It's spying on you, capturing your log-ons, user names, passwords, bank balances, contents of your e-mail," Stewart says. "It can capture anything."

Coreflood is part of a class of malicious software, called banking trojans, designed primarily to help crooks break into bank accounts online. The number of banking trojans detected on the Internet this month topped 24,800, up from 3,342 at the start of 2006, security firm F-Secure says.

An infection usually starts when you visit a Web page implanted with a snippet of malicious coding. By simply navigating to the tainted page, your browser gets redirected, unseen, to a hub server that downloads the data-stealing program onto your hard drive.

Dozens of gangs specialize in banking trojans. They have it much easier than phishing scammers, who must lure victims into typing sensitive data on spoofed Web pages, says F-Secure researcher Patrik Runald.

"This is very organized crime," Runald says. "These gangs are hiring people and making tons of money."

The Coreflood Gang is among the most sophisticated. Stewart recently analyzed 500 gigabytes of stolen data stored on a rented hub server. He pinpointed 378,758 Coreflood infections inside thousands of organizations, small and large.

A workplace PC can get a new infection each time someone logs on. The most infections: a county school district with 31,425, a hotel chain with 14,093 and a health care company with 6,744. About 230 networks turned up with 50 or more Coreflood infections, while 35 networks each had 500 or more.

Gang members cull the stolen data for log-ons and account statements, especially bank accounts online with high balances. Next, they log into the accounts and make online cash transfers into "drop" accounts they control.

After having two hub servers shut down by the tech security community in May, the Coreflood Gang rented two new hubs and picked up where they left off. Today, they continue operations unimpeded, says Stewart.

Companies infiltrated by the Coreflood Gang need to rethink how they do network security. Employees surfing the Internet on work PCs ought to take pause. "If you don't understand the threats that are out there, then you probably should not be banking online," Stewart says.

By Byron Acohido, USA TODAY

A Monster Phishing Scam - - 16 Jul 2008

Security analysts have warned users of the website of a phishing attack by Turkish hackers.

Almost a year ago hackers stole the details of 1.3 million users from Even more recently a group used an identity harvesting tool to extract information from resumes posted on Monster and other job sites.

Now a security analyst a McAfee, Greg day, has issued a warning of a new phishing attack at that targets both recruiters and those looking for jobs, according to Vnunet.

Day said:

"Scammers are trying more and more diverse and sophisticated techniques to obtain information that can be of financial reward.

"With concerns about potential job cutbacks, many people are looking to the internet to find potential employment opportunities and see what's available to provide some reassurance in the current climate.

"Unfortunately, scammers are getting wise to this as we have seen with a recent influx of phishing attacks looking to steal personal details by gaining access to online job hunting profiles or tempting victims with information of potential jobs."

The sam involves e-mails purportedly from sent to users, urging them to click on a link to update their profiles. McAfee has traced the attack back to a Turkish botnet, but said that if they’re able to obtain plenty of resumes, the potential for ID theft is large.

International Fraud Case Has Local Ties - - 15 Jul 2008

Women Known As 'Richmond Girls' Arrested

RICHMOND, Calif. -- An international crime ring involving more than a $1 million worth of credit card fraud has ties to the Central Valley, police said.

Police arrested six women from the Bay Area who were allegedly targeting 10 Central Valley stores in a credit card fraud scheme.

Officials of the Sacramento Valley High Tech Crimes Task Force said the group of women, called the "Richmond Girls," are responsible for $1 million in fraudulent credit card transactions in the past six months.

The women allegedly used credit card encoders to recode gift cards that were used at stores like Target and Wal-Mart along Interstate 80 between Roseville and the Bay Area, police said.

Police said they think the women are somehow connected to Ukrainian and Russian identity theft rings, who would e-mail the women credit card account numbers stolen from at least 400 U.S. and foreign citizens, according to investigators.

"We definitely think the ring is bigger than six," said task force spokesman Sean Smith. "I don't want to give too many details since it's an active investigation, but it is a significantly larger number than six people."

The "Richmond Girls" face 180 felony counts, officials said.

Police say largest case of credit card fraud in memory - - 16 Jul 2008

The San Marcos Police have made two arrests in what they say is the largest case of credit card fraud in memory.

The evidence room at the San Marcos Police Department looks like an electronics store.

When police arrested the men, they had 50 credit cards and close to $30,000 in video games, mp3 players, computers and movies.

San Marcos Police Commander Terry Nichols said it took hours to log the evidence.

"When you find that they have over 50 credit cards in their
possession and all the merchandise, we knew this was going to be a much bigger case," he said.

Investigators said Hector Gomez, 37, of Guadalajara, and Gabriel Rivas, 31, of Mexico City, made frequent shopping trips to Central Texas.

During each trip, they'd buy thousands of dollars in electronics.

"[He] buys it with fraudulent credit cards in the United States, ships it to Mexico and then resells it," Nichols said.

Police said the credit cards with the suspects' names on them were phony, but the electronic data on the cards were linked to victims' accounts.

Police are still working to identify those victims.

Experts say there are things you can do to protect yourself from this type of fraud.

First, if you use you card online, make sure the site is secure. When using card at a business, watch your card during the transaction.

Hays County District Attorney Sherri Tibbe said you should check your statements carefully.

"You have to be very vigilant with your information. Constantly check your account. If you see fraudulent activity, cancel the account immediately and notify law enforcement," she said.

By Russell Wilde

Wednesday, July 16, 2008

Beware! Your online tax records 'can be hacked' - - 15 Jul 2008

If you are thinking of filing your income tax returns online, think twice. It is very easy for anyone to hack into your account and have access to your income tax details.

How can this be done? All a hacker needs to know is your name, permanent account number (PAN) and your date of birth.

He first needs to log onto the e-filing website (

A ‘taxing’ exercise indeed! | Double pension tax liability | More India business stories | Get the latest Sensex update

After this, all he needs to do is click on the login link and then click on the 'forgot password' link that appears. Having clicked on the 'forgot password' link, a screen that allows him to change the password appears. There the hacker needs to choose method 1.

In order to change the password, the hacker first needs to know the login. The login in this case is the individual's PAN.

After entering the login data, he needs to enter your name and then finally your date of birth, or date of incorporation in case of a Hindu undivided family (HUF).

This done, he needs to enter the new password twice and click on the reset password button. And, voila, he has hacked your account. It is as simple as that.

After changing the password, he can access the account using the new password and have access to your tax records. This would include information like your gross income for the year, the amount of tax saving investments you made, the amount of tax deducted at source and the tax refund you may get. He would also have access to your phone number and address

Vivek Kaul/ DNA MONEY

Criminal methodologies: Identity theft - - 15 Jul 2008

THE VAST majority of identity fraud victims (68 per cent) incur no out of-pocket expenses. This points out that businesses are victims of fraud. The aim of this paper is to provide some clarity to the real losses sustained by organisations whose customers experience identity theft. This fraudulent behaviour by criminals erodes the reputation and profits of institutions, which I am calling ’institutional identity theft’. I also want to offer to the reader some of the best policies, procedures, and solutions to reduce your risk to institutional identity theft. Identity theft is a catch-all term for crimes involving illegal usage of another individual’s identity. The most common form of identity theft is credit card fraud.

Identity theft is often looked at as an individual’s problem. You know, something that consumers have to worry about. However, organisations often spend a lot of time, effort, and money trying to prevent their customers from experiencing it. The reason for this is because if customers of these organisations experience identity theft sometimes due to negligence or lack of proper security controls, and other times at no fault of their own, the organisation has to face several consequences. These consequences often include loss of customers, reduced client loyalty and trust, reparation costs including credit repair and monitoring fees, as well as hard costs (reissue fees, account reimbursements, insurance fees). In 2007, 9.4 million American citizens were victims of identity fraud with loses totaling more than 49.3 billion.

Nearly a quarter of a million identity theft complaints were made to the Federal Trade Commission during 2007 (32 per cent of all fraud complaints). Credit card fraud was the most common form of identity theft reported (23 per cent), while bank fraud wasn’t far behind at 13 per cent. Additionally, there were 221,226 complaints of Internet related fraud, which constituted 40 per cent of all fraud complaints.

While there are many types of identity theft, the landscape is changing in the preferred methods
criminals use. For example, the general movement towards consumers using online bill payment, and
receiving electronic statements as opposed to paper statement has decreased the effectiveness of
dumpster diving (stealing mail or rummaging through garbage for statements or electronics that might have personal data stored). While this is true for consumers, dumpster diving at a financial institution such as a bank or credit union can still pay off for bad guys. Internet databases, government registers, and public records remain a target, but significant improvements around the security of these systems has reduced the frequency they are used in identity theft and fraud cases. Eavesdropping on public transactions to obtain personal information (shoulder surfing), stealing credit cards or other identification cards by pick pocketing or surreptitiously by skimming through a compromised card reader will always exist while we continue to use plastic cards. The fastest growing and most preferred method criminals use to collect sensitive customer information is where more of our efforts should be spent. This includes more ’high tech’ methods using malware, browsing, spam, phishing, pharming, trojan horses, and other hacking techniques.

Changing Criminal Methodologies

For example, a loan officer in your branch opens his Internet browser and goes to a site Msnbc to get the latest news. Most organisations allow this as part of their Internet use policy. However, if this user goes to Msnbc on St Patrick’s Day 2008 and had a vulnerable browser, the site would have opened up as iFrame (hidden window on the website) that loads malicious code in the background. Malware, once installed, is virtually unlimited in what it can do. Often, these malicious. A combination of high tech fraud methods, such as malware, phishing, pharming, key-loggers, and trojan horse programmes, combined with various social engineering techniques (a collection of techniques used to manipulate people into performing actions or divulging confidential information) has led to a lucrative practice for many criminals. But even searching on Google or any other search engine can lead to system compromise.

Anyone who has done a fair bit of searching on the Internet will often run across ’Spam pages’. These web pages are filled with the most commonly searched keywords on the Internet. They will have strings of words and phrases like ’tribadism fight scenes, free tribadism porn video Britney Spears, make money fast terrorism Iran Election 2008, primaries, Obama, Clinton,’ etc. They seed these pages with ’statistically improbably phrases’ (phrases that are usually unique to the most legitimate or desirable search results), which rank much higher than other sites. Then the criminals will distribute these pages across hundreds of compromised, legitimate websites. Malicious code (viruses, worms, Trojan programmes, Bot net software and the like) is then injected into these pages so when someone simply browses them, they are immediately infected. So when one of your users simply goes to Google and types in some search string, several of the pages that are listed as top results may be these infected pages that could compromise that system, which can lead to an entire network compromise. In fact, in many cases, five out of six results are infected ’Spam pages’. Remember, they don’t have to open an attachment. They don’t have to execute a programme. All they have to do is click on a search result link in Google, like you and I do many times a day.

Most companies use an outsourced firm or third party to host their website. Because these companies use a single, common platform, if a vulnerability is found in the third parties hosting platform, it has the potential of being able to compromise every website hosted by that provider. In one study, one person or group had infected hundreds and hundreds of legitimate websites all hosted by the same ISP in Eastern Europe. Most of the sites had redirectors to a site with a ’virus dropper’ (website that injects a virus into the computer that has accessed the web page). In other words, we have seen evidence that someone has figured out how to penetrate websites hosted by a hosting company at will, and has all at once placed web pages on all of them, which intercept popular Google keyword searches and redirect them to virus droppers. This company boasts over 700,000 websites.


While the Internet is not the culprit, it has become a tool that identity that thieves have embraced and abuse to find victims and commit fraudulent activities. A layered security approach that combines policy, procedures, training, and a variety of technologies managed and monitored centrally is the best way
to combat institutional identity theft. Many managed service providers can offer you a solution that mitigates a single threat or risk within your environment. With this approach, many companies are already finding it difficult to manage the various vendors and technologies. With Perimeter eSecurity, you get all the benefits of outsourced security management and monitoring while maintaining the visibility and control through our client portal ’Viewpoint’. Only Perimeter eSecurity can offer your organisation the complete solution that can protect your institutions profits and identity.

By Ramesh Manghirmalani