www.itbusiness.ca/it/client/en/home/News.asp?id=64887
Print Printer friendly page Underground call-centre for identity theft uncovered by security researchers Identity thieves use professional calling services to obtain missing pieces of information about victims.
spotted an advertisement for making on-demand calls in English and other European languages to private individuals, banks, shops, post offices and similar organizations.
missing pieces of information they needed to pull off attacks. Fraudsters can either use malware to steal personal and financial information or buy it from the underground market in bulk, said Amit Klein, Trusteer's chief technology officer. However, sometimes this information is insufficient to perform fraud, he added. Cybercriminals are commonly faced with this problem because a large number of financial institutions have implemented advanced anti-fraud mechanisms.
one-time-use passwords (OTPs) to authenticate customers on their Web sites. Others require unique codes sent to mobile devices (mTANs) to authorize transactions.
However, not every cybercriminal is skilled in such techniques and those who are capable of pulling off these attacks are often faced with a language barrier. This is where call services like the one found by Trusteer come in. Their staff is trained to impersonate bank employees, computer technicians, travel agents, recruiters and other people to whom targeted individuals are likely to disclose information. The callers receive background information about the targets from cybercriminals and use it to establish trusting relationships with the victims. For example, if a fraudster wants to log into an account by using stolen online banking credentials, but is prompted for an OTP because he uses a different IP address than the real account holder, he can give a caller the information needed to impersonate a bank employee. Armed with things like the victim's name, account number, birth date and other personal information, the caller can claim that he's performing system checks and ask the targeted individual to read back the code sent to their phone. biz, a service that allowed cybercriminals to bypass phone verification checks enforced by US banks. However, the number of rogue call centres has increased in recent years. This year security companies reported cold-calling campaigns throughout the UK, Canada, US, Australia and other countries, in which the callers impersonated computer technicians from ISPs (Internet service providers) or Microsoft to trick people into installing malware on their computers. Some of the schemes were tracked back to India, where because of low-cost labour, these businesses are very profitable. In this case the advertisement was seen on a Russian forum, so there is a high probability that the service is managed by Russian-speaking individuals. "In addition, since the service is available during American and European working hours, it might indicate that the group is operating in these regions," said Trusteer security researcher Ayelet Heyman. According to Heyman, the service is still operational at this time and Trusteer is not aware of any types of actions taken to shut it down. There is also a possibility that the people behind it are routing the calls through compromised phone systems in order to decrease the costs of the operation, she said. Users should treat all unsolicited calls with caution, regardless of what kind of information the person on the other end of the line has about them, Klein advised. They should also confirm any suspicious requests with the organization the caller is claiming to represent, but they should do so by calling its publicly listed numbers, not those provided by the caller.
Case Study: Auto service and sales shop goes Wi-Fi When Scott McPhail, owner of McPhail Auto Service and Sales, wanted to embrace smartphone technology to better connect with his customers, he found that GSM unreliable in his concrete- and steel-heavy auto shop. A business-grade wireless access point and Rogers Wi-Fi Calling gave seamless wireless access while reducing costs.
net founder Art Maat has developed a unique Web service that helps workers with iPhones and iPads be more productive and make better decisions when building and maintaining outdoor spaces.
Hosted IP Voice: Levelling the Playing Field for Small Business As a small business, you need to stay connected with your customers, suppliers and other stakeholders, and your telephone system is a critical way of maintaining that connection. Not all business phone solutions are created equal, and they dont all deliver on the key needs of small businesses.
|
http://csua.com/feed/