Archive for March, 2013

Why identity theft is critical.

March 4th, 2013

A UK-based Fraud Prevention Service, Cifas made it apparent that the deceptive use of stolen or fictitious identity details is the biggest of all fraud threats. In a Fraud trend review revealed in 2012, it has been acknowledged that 50% of all fraud cases during the year relate to the use of completely false identities or impersonation of an innocent victim. Account takeover fraud, a kind where a fraudster get advantage of account access and commands an active running account through data theft with the help of data security details rocketed by 53% more as compared with the earlier records to 38,428 incidents. Personal information of a user are stolen with the help of computer hacking and social engineering techniques through popular websites and various other methods. Fraudulent acts, where the criminal requires identity informations accounts for about 65% of all the committed frauds in 2012. The total number of people affected by this identity fraud was up by 24% from the levels in 2011. Cifas, Head of communications Kate Beddington-Brown said, “These increases serve as a warning and a challenge to organisations and consumers equally.”

Despite the heavy investments made by various organisations in data security to ensure additional steps must be taken to validate user’s identity, the crimes relating to identity have continued rising, demonstrates that more must be done, she said. “For individuals, it is obvious that fraud relating to personal data is an immense criminal trade so, fundamentally, we all have to do all we can to ensure that we also protect ourselves from becoming a victim, as well as demanding that the organisations we deal with take their security responsibilities seriously,” said Beddington-Brown.

Cifas chief executive Peter Hurst said fraud prevention remains better than cure. He also said, “It is time for all organisations and consumers to start reviewing their approaches to preventing fraud rather than just dealing with its effects.” “Investment in proper fraud prevention systems and approaches, from online security to data sharing, and education are the cornerstones of such an approach. Without them, the only thing that is guaranteed is an ever increasing fraud losses to organisations and society at large, he said.

Hackers! Beware of Alertsec

By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption.

Alertsec’s mission is to continuously improve our products and services in order to deliver the easiest and most cost-effective managed encryption service on the marketThe only way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

Enhanced by Zemanta

Ready to hack systems for sale

March 1st, 2013

An alleged Point-of-Sale cyber crime duo from California were confronted with criminal charges late last week in Boston, Massachusetts.

The US Justice Department (DoJ) reported that the pair, Shahin Abdollahi, 46, and Jeffrey Thomas Wilkinson, 35, were charged with one count of conspiracy to commit computer intrusion and wire fraud, and with one count of wire fraud.

The indictment alleges that they:

  • Hacked into at least 13 Subway Point-of-Sale (PoS) systems.
  • Fraudulently added at least $40,000 in value to Subway gift cards.
  • Used some of the hooky gift cards to make purchases at Subway.
  • Sold other fraudulent cards on eBay and Craigslist.

What makes this a bit different from the usual “alleged crooks steal ‘digital money’ from retailer through hacking” story is how the pair are said to have pulled off the cyber-break-and-enter part of the attack.

Abdollahi and Wilkinson, claims the DoJ, ran a number of Subway franchises in Southern California between 2005 and 2008.

During this time, it looks as though they didn’t just make lots of sandwiches. They also learned enough about Subway operations to come up with a plan to make money out of the franchise on two fronts at the same time.

So they quit the sandwich supply business and started a business calledPOS Doctor, selling and installing point-of-sale systems into the Subway ecosystem.

Yep! You guessed it!

The POS Doctor systems came with a handy additional feature, at no extra charge: a preconfigured remote-access toolkit that allowed the crooks to connect in after hours.

They regularly added fraudulent credit onto Subway gift cards in at least 13 Subway outlets around the USA.

As mentioned above, they then spent some of the gift cards at Subway branches in California (they must have developed a taste for the product during their time as franchisees), and sold others of them on eBay and Craigslist.

Amusingly, it looks as though the alleged crooks went to the trouble of registering their fraudulent cards online with Subway, using email addresses from domains they owned themselves.

This precaution gave them the chance to reclaim unused funds if any of their bogus cards were lost or stolen.

Of course, this “dishonour amongst thieves” also ensured that the DoJ has been able to rack up additional evidence connecting the alleged perpetrators with the claimed criminal activities.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.