EMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER

Similar documents
PHISHING IN SEASON TAX TIME MALWARE, PHISHING AND FRAUD

BUGAT TROJAN JOINS THE MOBILE REVOLUTION

CITADEL TROJAN OUTGROWING ITS ZEUS ORIGINS

MALWARE TOOLS FOR SALE ON THE OPEN WEB

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

Phishing Scams Security Update Best Practices for General User

Analysis One Code Desc. Transaction Amount. Fiscal Period

Case 2:08-cv ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138. Exhibit 8

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Phishing Activity Trends Report for the Month of December, 2007

Enhanced Vessel Traffic Management System Booking Slots Available and Vessels Booked per Day From 12-JAN-2016 To 30-JUN-2017

Dragonfly: Energy Companies Under Sabotage Threat Symantec Security Response

Emerging Trends in the Payment Ecosystem: The Good, the Bad and the Ugly DAN KRAMER

A!Team!Cymru!EIS!Report:!Growing!Exploitation!of!Small! OfCice!Routers!Creating!Serious!Risks!

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Gladiator NetTeller Enterprise Security Monitoring Online Fraud Detection INFORMATION SECURITY & RISK MANAGEMENT

Consumer ID Theft Total Costs

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

2012 NORTON CYBERCRIME REPORT

Effectively Managing Data Breaches

Vulnerability Assessment & Compliance

How To Prevent Cybercrime

Using big data analytics to identify malicious content: a case study on spam s

Update on the Latest Developments of the Madrid System Madrid Working Group Roundtable

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

VISA International Security Summit. Dr. Colonel Tran Van Hoa Deputy Director Viet Nam Hightech Crime Police Department

Protecting Online Customers from Man-inthe-Browser and Man-in-the-Middle Attacks

Protecting Against Online Fraud with F5

CyberSource Managed Risk Services ONE POINT OF CONTACT GIVES YOU ACCESS TO EXPERTS

Protect Your Business and Customers from Online Fraud

OpenEdge Research & Development Group April 2015

ThreatMetrix Cybercrime Report: Q1 2015

Ashley Institute of Training Schedule of VET Tuition Fees 2015

How To Protect Your Online Banking From Fraud

Online Payment Processing What You Need to Know. PayPal Business Guide

Phishing Trends Report

Five Trends to Track in E-Commerce Fraud

Fighting ACH fraud: An industry perspective

ACH AND WIRE FRAUD LOSSES

Current counter-measures and responses by CERTs

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Deep Security/Intrusion Defense Firewall - IDS/IPS Coverage Statistics and Comparison

Multi Factor Authentication Security Beyond Usernames and Passwords. Brian Marshall Vanguard Integrity Professionals go2vanguard.

How Extended Validation SSL can help to increase online transactions and improve customer confidence

The Advanced Cyber Attack Landscape

Advanced Biometric Technology

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

Chargelytics Consulting

Rupay - The Future Payment Gateway Of India

Deep Security Intrusion Detection & Prevention (IDS/IPS) Coverage Statistics and Comparison

Best Practices: Reducing the Risks of Corporate Account Takeovers

CENTERPOINT ENERGY TEXARKANA SERVICE AREA GAS SUPPLY RATE (GSR) JULY Small Commercial Service (SCS-1) GSR

Deception scams drive increase in financial fraud

EUROPEAN MOBILE INSIGHTS 2012 NORTON CYBERCRIME REPORT APRIL 2013

Evaluating DMARC Effectiveness for the Financial Services Industry

Welcome to the Protecting Your Identity. Training Module

PRELIMINARY STEEL IMPORTS INCREASE 17% IN JANUARY Import Market Share 32% in January

WHAT ARE THE BENEFITS OF CELEBRITY-BASED CAMPAIGNS?

RSA Adaptive Authentication and Citrix NetScaler SDX Platform Overview

Modern two-factor authentication: Easy. Affordable. Secure.

Detailed guidance for employers

A multi-layered approach to payment card security.

IT Security Risks & Trends

Don t Fall Victim to Cybercrime:

Payment Fraud and Risk Management

ACI Response to FFIEC Guidance

Transcription:

EMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER March 2013 Phishing attacks are notorious for their potential harm to online banking and credit card users who may fall prey to phishers looking to steal information from them. Compromised credentials are then typically sold in the underground or used for actual fraud attempts on that user s bank/card account. Financial institutions have all too often been the most targeted vertical with phishers setting their sights on monetary gain, followed by online retailers and social networks. Most understand the purpose of targeting financial institutions, but online retailers and social networking sites? Why would a fraudster target them? In most cases, they use an email address to authenticate their users identities, and they are not the only ones. Of course the user is made to choose a password when opening any new online account, but as research reveals, password reuse across multiple sites is a huge issue. A typical user reuses the same password an average of six times, or the same password to access six different accounts. Phishing, Trojans And Email Access Phishing campaigns have already been targeting webmail users for years now with campaigns purporting to be Hotmail, Yahoo!, Gmail, and the spear-phishing flavor in the shape of OWA (Outlook Web Access) for business users. Trojan operators followed suit and have not remained oblivious to the potential that lies in gaining control over victim identities through their email accounts. In fact, almost all Trojan configuration files contain triggers to webmail providers as well as to social networking sites. This is designed with the purpose of getting access in order to gain more information about potential victims in order to take over their online identities. FRAUD REPORT

Spear Phishing OWA phishing page designed to steal access credentials from business email users Since email accounts are an integral part of user identities online, they have also become the pivotal access point for many types of accounts. When it comes to online retailers and merchants, the email address is most often the username in the provider s systems or databases. When it comes to bank accounts, the customer s email is where communications and alerts are sent, and sometimes even serve as part of transaction verification. Beyond the fact that email is part of customer identification and point of communication, the compromise of that account by a cybercriminal can have more detrimental effects. Email takeover may mean that a hostile third party will attempt, and sometimes succeed, to reset the user s account information and password for more than one web resource, eventually gaining access to enough personal information to enable complete impersonation of the victim. Although some webmail providers use two-factor authentication for account password resets (such as Gmail s Authenticator), most don t, thereby inadvertently making it simpler for criminals to access and sometimes attempt to reset access to accounts. Fraudsters will typically probe the account for more information and sometimes lock it (by changing the password) in order to prevent the genuine user from reading alerts after a fraudulent transaction was processed on one of their accounts. Email Access = Money? Since email is a convenient way for service providers to communicate with untold numbers of customers, online merchants will, in the name of ease of use, reset account credentials via email. Hence, if a cybercriminal is in control of the email account, they will also gain control over the user s account with that merchant. page 2

From there, the road to e-commerce fraud shortens considerably, either using that person s financial information, or attaching a compromised credit card to that account without ever having to log into their bank account in order to access their money, and in that sense, email access equals money. Another example is transportation companies, which are part of any online purchase and those who provide shipping service to companies as well as governmental offices. They also use email addresses as their users login identifiers and will reset the account via email. A takeover of a user s email account in this scenario will also mean takeover of that person s/business service account with the transport provider. For fraudsters, this type of access translates into purchasing labels for their reshipping mules, charging shipments to accounts that don t belong to them, and providing an easier route to reship stolen goods and even reroute existing orders. Email Account Takeover And Online Banking Email account takeover may appear benign at first sight, but in fact it is an insidious threat to online banking users. The first issue with email account takeover (due to credentials theft or a password reset), is that users re-use passwords. When fraudsters steal a set of credentials, they will likely be able to use it to access additional accounts, sometimes even an online banking account. The second issue is that fraudsters will use victim email access for reconnaissance with that person s choice of financial services providers, bank account types, card statements (paperless reports delivered via email), recent online purchases, alert types received from the bank, contact lists (often including work-related addresses), social networking profile and more. How Risky Is Email Account Takeover? Email account takeover can be a route to identity theft that only requires access to perhaps the least secure part of the online identity used by financial and other organizations and is perhaps one of the least evident elements that can become a potential facilitator of online fraud scenarios. Email addresses can serve as a glue that binds many parts of a person s online identity, connecting a number of different accounts that interlink. A typical online banking customer may use a Gmail address with their bank account, use that same address for a PayPal account, shop on ebay using that address, and receive their card statements at that address from their card issuer. All too often, that address is also their Facebook access email, where they have saved their phone number, stated where they work and for how long, and mentioned a few hobbies. CONCLUSION Account hacks of this type happen all the time, and often make the headlines in the media. In some cases, there are a few hundred potential victims while in others, there are millions. The value of an email address to a cybercriminal should not be underestimated. This element of an online identity must be treated with added caution by all service providers that cater to consumers. The line that crosses between ease of access and user experience always passes very close to security redlines, but sometimes very slight modifications in the weight customer email accounts can have on overall account access can turn a fraud attempt into a failed fraud attempt. page 3

Phishing Attacks per Month In February, RSA identified 27,463 phishing attacks launched worldwide, marking a 9% decrease from January. The overall trend in attack numbers when looking at it from an annual view shows slightly lower attack volumes through the first quarter of the year. 60000 50000 40000 30000 20000 10000 0 21030 19141 Feb 12 Mar 12 35558 Apr 12 37878 May 12 59406 51906 Jul 12 Jun 12 49488 Aug 12 41834 35440 33768 Nov 12 Oct 12 Sep 12 29581 30151 Dec 12 Jan 13 27463 Feb 13 Source: RSA Anti-Fraud Command Center Number of Brands Attacked In February, 257 brands were targeted in phishing attacks, marking a 12% decrease from January. Of the 257 targeted brands, 48% endured five attacks or less. 350 300 250 200 150 100 50 0 281 Feb 12 303 Mar 12 288 Apr 12 298 May 12 259 Jun 12 242 Jul 12 290 Aug 12 314 Sep 12 269 Oct 12 284 Nov 12 257 Dec 12 291 Jan 13 257 Feb 13 Source: RSA Anti-Fraud Command Center page 4

US Bank Types Attacked U.S. nationwide bank brands were the prime target for phishing campaigns with 69% of total phishing attacks while regional banks saw an 8% increase in phishing attacks in February. 100 80 60 40 20 0 3% 12% 7% 20% 10% 11% 11% 9% 9% 12% 6% 15% 8% 21% 30% 11% 18% 12% 15% 15% 14% 14% 9% 15% 15% 23% 76% 58% 82% 62% 78% 74% 74% 77% 77% 79% 79% 70% 69% Source: RSA Anti-Fraud Command Center Feb 13 Jan 13 Dec 12 Nov 12 Oct 12 Sep 12 Aug 12 Jul 12 Jun 12 May 12 Apr 12 Mar 12 Feb 12 a Australia South Korea Canada China South Africa 3% Germany UK Top Countries by Attack Volume The U.S. remained the country that suffered a majority of attack volume in February, absorbing 54% of the total phishing volume. The UK, Canada, India, and South Africa collectively absorbed about one-quarter of total phishing volume in February. United Kingdom 14% Canada 5% India 4% U.S. 54% 41 Other Countries 20% page 5

a US S Africa China India 3% Italy 3% Italy Canada Netherlands India Bra Top Countries by Attacked Brands In February, U.S brands were targeted by 30% of phishing volume continuing to remain the top country by attacked brands. Brands in Brazil, Italy, India, Australia, China and Canada were each respectively targeted by 4% of phishing volume. China 4% Canada 4% Brazil 4% Australia 4% United Kingdom 10% 38 Other Countries 37% U.S. 30% a US S Africa China Brazil 3% Italy Chile 3% Canada Netherlands India B Russia 3% Top Hosting Countries Canada 4% In February, the U.S. hosted 44% of global Germany 5% phishing attacks (down 8%), while the UK and Germany each hosted 5% of attacks. United Kingdom 5% Other top hosting countries in February included Canada, Russia, Brazil and Chile. U.S. 44% 54 Other Countries 33% page 6

CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller or visit us at www.emc.com/rsa www.emc.com/rsa 2013 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. MAR RPT 0313

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information