SlideShare une entreprise Scribd logo

Fraud Report: RSA Monthly Online Fraud Report - March 2013

E
EMC

The RSA monthly fraud report discusses the value of an email address to a cybercriminal and how email account takeovers can lead to identity theft.

Technologie
1  sur  7
Télécharger pour lire hors ligne
EMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER March 2013 Phishing attacks are notorious for their potential harm to online banking and credit card users who may fall prey to phishers looking to steal information from them. Compromised credentials are then typically sold in the underground or used for actual fraud attempts on that user’s bank/card account. Financial institutions have all too often been the most targeted vertical with phishers setting their sights on monetary gain, followed by online retailers and social networks. Most understand the purpose of targeting financial institutions, but online retailers and social networking sites? Why would a fraudster target them? In most cases, they use an email address to authenticate their users’ identities, and they are not the only ones. Of course the user is made to choose a password when opening any new online account, but as research reveals, password reuse across multiple sites is a huge issue. A typical user reuses the same password an average of six times, or the same password to access six different accounts. Phishing, Trojans And Email Access Phishing campaigns have already been targeting webmail users for years now with campaigns purporting to be Hotmail, Yahoo!, Gmail, and the spear-phishing flavor in the shape of OWA (Outlook Web Access) for business users. Trojan operators followed suit and have not remained oblivious to the potential that lies in gaining control over victim identities through their email accounts. In fact, almost all Trojan configuration files contain triggers to webmail providers as well as to social networking sites. This is designed with the purpose of getting access in order to gain more information about potential victims in order to take over their online identities. FRAUD REPORT
Spear Phishing OWA phishing page designed to steal access credentials from business email users Since email accounts are an integral part of user identities online, they have also become the pivotal access point for many types of accounts. When it comes to online retailers and merchants, the email address is most often the username in the provider’s systems or databases. When it comes to bank accounts, the customer’s email is where communications and alerts are sent, and sometimes even serve as part of transaction verification. Beyond the fact that email is part of customer identification and point of communication, the compromise of that account by a cybercriminal can have more detrimental effects. Email takeover may mean that a hostile third party will attempt, and sometimes succeed, to reset the user’s account information and password for more than one web resource, eventually gaining access to enough personal information to enable complete impersonation of the victim. Although some webmail providers use two-factor authentication for account password resets (such as Gmail’s Authenticator), most don’t, thereby inadvertently making it simpler for criminals to access and sometimes attempt to reset access to accounts. Fraudsters will typically probe the account for more information and sometimes lock it (by changing the password) in order to prevent the genuine user from reading alerts after a fraudulent transaction was processed on one of their accounts. Email Access = Money? Since email is a convenient way for service providers to communicate with untold numbers of customers, online merchants will, in the name of ease of use, reset account credentials via email. Hence, if a cybercriminal is in control of the email account, they will also gain control over the user’s account with that merchant. page 2
From there, the road to e-commerce fraud shortens considerably, either using that person’s financial information, or attaching a compromised credit card to that account without ever having to log into their bank account in order to access their money, and in that sense, email access equals money. Another example is transportation companies, which are part of any online purchase and those who provide shipping service to companies as well as governmental offices. They also use email addresses as their users’ login identifiers and will reset the account via email. A takeover of a user’s email account in this scenario will also mean takeover of that person’s/business’ service account with the transport provider. For fraudsters, this type of access translates into purchasing labels for their reshipping mules, charging shipments to accounts that don’t belong to them, and providing an easier route to reship stolen goods and even reroute existing orders. Email Account Takeover And Online Banking Email account takeover may appear benign at first sight, but in fact it is an insidious threat to online banking users. The first issue with email account takeover (due to credentials theft or a password reset), is that users re-use passwords. When fraudsters steal a set of credentials, they will likely be able to use it to access additional accounts, sometimes even an online banking account. The second issue is that fraudsters will use victim email access for reconnaissance with that person’s choice of financial services providers, bank account types, card statements (paperless reports delivered via email), recent online purchases, alert types received from the bank, contact lists (often including work-related addresses), social networking profile and more. How Risky Is Email Account Takeover? Email account takeover can be a route to identity theft that only requires access to perhaps the least secure part of the online identity used by financial and other organizations and is perhaps one of the least evident elements that can become a potential facilitator of online fraud scenarios. Email addresses can serve as a “glue” that binds many parts of a person’s online identity, connecting a number of different accounts that interlink. A typical online banking customer may use a Gmail address with their bank account, use that same address for a PayPal account, shop on eBay using that address, and receive their card statements at that address from their card issuer. All too often, that address is also their Facebook access email, where they have saved their phone number, stated where they work and for how long, and mentioned a few hobbies. CONCLUSION Account hacks of this type happen all the time, and often make the headlines in the media. In some cases, there are a few hundred potential victims while in others, there are millions. The value of an email address to a cybercriminal should not be underestimated. This element of an online identity must be treated with added caution by all service providers that cater to consumers. The line that crosses between ease of access and user experience always passes very close to security redlines, but sometimes very slight modifications in the weight customer email accounts can have on overall account access can turn a fraud attempt into a failed fraud attempt. page 3
59406 60000 Phishing Attacks per Month 51906 49488 In February, RSA identified 27,463 50000 phishing attacks launched worldwide, 41834 Source: RSA Anti-Fraud Command Center marking a 9% decrease from January. 40000 37878 35558 35440 The overall trend in attack numbers when 33768 29581 30151 looking at it from an annual view shows 30000 27463 slightly lower attack volumes through the 21030 first quarter of the year. 19141 20000 10000 0 Jan 13 Feb 13 Feb 12 Mar 12 Apr 12 May 12 Jun 12 Jul 12 Aug 12 Sep 12 Oct 12 Nov 12 Dec 12 350 314 303 298 288 290 291 300 281 284 269 259 257 257 Source: RSA Anti-Fraud Command Center Number of Brands Attacked 250 242 In February, 257 brands were targeted in 200 phishing attacks, marking a 12% decrease from January. Of the 257 targeted brands, 150 48% endured five attacks or less. 100 50 0 Feb 12 Mar 12 Apr 12 May 12 Jun 12 Jul 12 Aug 12 Sep 12 Oct 12 Nov 12 Dec 12 Jan 13 Feb 13 page 4
100 3% 12% 7% 20% 10% 11% 11% 9% 9% 12% 6% 15% 8% US Bank Types Attacked 11% 12% 9% 15% U.S. nationwide bank brands were the prime 80 21% 30% 18% 15% 15% 14% 14% 15% 23% target for phishing campaigns – with 69% of Source: RSA Anti-Fraud Command Center total phishing attacks – while regional banks 60 saw an 8% increase in phishing attacks in February. 40 20 76% 58% 82% 62% 78% 74% 74% 77% 77% 79% 79% 70% 69% 0 Feb 12 Mar 12 Apr 12 May 12 Jun 12 Jul 12 Aug 12 Sep 12 Oct 12 Nov 12 Dec 12 Jan 13 Feb 13 a Australia South Korea Canada China Germany UK South Africa 3% India 4% Canada 5% Top Countries by Attack Volume The U.S. remained the country that suffered a majority of attack volume in United Kingdom 14% February, absorbing 54% of the total phishing volume. The UK, Canada, India, and South Africa collectively absorbed U.S. 54% about one-quarter of total phishing volume in February. 41 Other Countries 20% page 5
Italy 3% a US S Africa China Italy Canada Netherlands India Bra India 3% China 4% Canada 4% 38 Other Countries 37% Top Countries by Attacked Brands Brazil 4% In February, U.S brands were targeted by 30% of phishing volume – continuing to Australia 4% remain the top country by attacked brands. Brands in Brazil, Italy, India, Australia, China and Canada were each respectively targeted by 4% of phishing volume. United Kingdom 10% U.S. 30% a US S Africa China Brazil 3% Italy Chile 3% Canada Netherlands India B Russia 3% Top Hosting Countries Canada 4% In February, the U.S. hosted 44% of global Germany 5% phishing attacks (down 8%), while the UK and Germany each hosted 5% of attacks. United Kingdom 5% Other top hosting countries in February included Canada, Russia, Brazil and Chile. U.S. 44% 54 Other Countries 33% page 6
CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa ©2013 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective www.emc.com/rsa holders. MAR RPT 0313

Recommandé

V mware organizing-for-the-cloud-whitepaper
V mware organizing-for-the-cloud-whitepaperV mware organizing-for-the-cloud-whitepaper
V mware organizing-for-the-cloud-whitepaperEMC
 
Beetle 20 operating_manual_english
Beetle 20 operating_manual_englishBeetle 20 operating_manual_english
Beetle 20 operating_manual_englishRadiant Global ADC Vietnam Co., Ltd.
 
Canals de tv via satel·lit asma
Canals de tv via satel·lit asmaCanals de tv via satel·lit asma
Canals de tv via satel·lit asmamgonellgomez
 
Dell Webinar 2014-06-24: Subqueries For Superheroes
Dell Webinar 2014-06-24: Subqueries For SuperheroesDell Webinar 2014-06-24: Subqueries For Superheroes
Dell Webinar 2014-06-24: Subqueries For SuperheroesTracy McKibben
 
Day 7
Day 7Day 7
Day 7Travis Klein
 
Ict policy for networked society
Ict policy for networked societyIct policy for networked society
Ict policy for networked societyRene Summer
 
July Webinar: The New Frontier
July Webinar: The New FrontierJuly Webinar: The New Frontier
July Webinar: The New FrontierResearch Now
 
La televisió blai
La televisió blaiLa televisió blai
La televisió blaimgonellgomez
 

Recommandé

V mware organizing-for-the-cloud-whitepaper
V mware organizing-for-the-cloud-whitepaperV mware organizing-for-the-cloud-whitepaper
V mware organizing-for-the-cloud-whitepaperEMC
 
Beetle 20 operating_manual_english
Beetle 20 operating_manual_englishBeetle 20 operating_manual_english
Beetle 20 operating_manual_englishRadiant Global ADC Vietnam Co., Ltd.
 
Canals de tv via satel·lit asma
Canals de tv via satel·lit asmaCanals de tv via satel·lit asma
Canals de tv via satel·lit asmamgonellgomez
 
Dell Webinar 2014-06-24: Subqueries For Superheroes
Dell Webinar 2014-06-24: Subqueries For SuperheroesDell Webinar 2014-06-24: Subqueries For Superheroes
Dell Webinar 2014-06-24: Subqueries For SuperheroesTracy McKibben
 
Day 7
Day 7Day 7
Day 7Travis Klein
 
Ict policy for networked society
Ict policy for networked societyIct policy for networked society
Ict policy for networked societyRene Summer
 
July Webinar: The New Frontier
July Webinar: The New FrontierJuly Webinar: The New Frontier
July Webinar: The New FrontierResearch Now
 
La televisió blai
La televisió blaiLa televisió blai
La televisió blaimgonellgomez
 
2 shifts to demand
2 shifts to demand2 shifts to demand
2 shifts to demandTravis Klein
 
Rethinking tax friday
Rethinking tax fridayRethinking tax friday
Rethinking tax fridayTravis Klein
 
20131130社会事業家100人インタビュー@静岡
20131130社会事業家100人インタビュー@静岡20131130社会事業家100人インタビュー@静岡
20131130社会事業家100人インタビュー@静岡Maco Yoshioka
 
Sticky wages
Sticky wagesSticky wages
Sticky wagesTravis Klein
 
Visibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseVisibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseEMC
 
Diminishing marginal returns
Diminishing marginal returnsDiminishing marginal returns
Diminishing marginal returnsTravis Klein
 
Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics EMC
 
Kerala needs not new malls,mosques,churches and temples
Kerala needs not new malls,mosques,churches and templesKerala needs not new malls,mosques,churches and temples
Kerala needs not new malls,mosques,churches and templesDr. Raju M. Mathew
 
White Paper: Sizing EMC VNX Series for VDI Workload — An Architectural Guidel...
White Paper: Sizing EMC VNX Series for VDI Workload — An Architectural Guidel...White Paper: Sizing EMC VNX Series for VDI Workload — An Architectural Guidel...
White Paper: Sizing EMC VNX Series for VDI Workload — An Architectural Guidel...EMC
 
Cv pers. montanaro m.a.ba1 l
Cv pers. montanaro m.a.ba1 lCv pers. montanaro m.a.ba1 l
Cv pers. montanaro m.a.ba1 lsabemarie
 
White paper holistic_approach_to_government_continuity_of_operations_apr2014
White paper holistic_approach_to_government_continuity_of_operations_apr2014White paper holistic_approach_to_government_continuity_of_operations_apr2014
White paper holistic_approach_to_government_continuity_of_operations_apr2014EMC
 
Broadview Mortgage Long Beach - California Extra Credit Teacher Program
Broadview Mortgage Long Beach - California Extra Credit Teacher ProgramBroadview Mortgage Long Beach - California Extra Credit Teacher Program
Broadview Mortgage Long Beach - California Extra Credit Teacher ProgramBroadview Mortgage Long Beach
 
ARAB KNOWLEDGE BANK - WHY AND HOW?
ARAB KNOWLEDGE BANK - WHY AND HOW?ARAB KNOWLEDGE BANK - WHY AND HOW?
ARAB KNOWLEDGE BANK - WHY AND HOW?Dr. Raju M. Mathew
 
International trade
International tradeInternational trade
International tradeTravis Klein
 
A present
A presentA present
A presentChandan Dubey
 
โรคขาดโปรตีน
โรคขาดโปรตีนโรคขาดโปรตีน
โรคขาดโปรตีนPraexp
 
AP stock market investing
AP stock market investingAP stock market investing
AP stock market investingTravis Klein
 
Beauty of-mathematics
Beauty of-mathematicsBeauty of-mathematics
Beauty of-mathematicsChandan Dubey
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up EMC
 
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 

Contenu connexe

En vedette

2 shifts to demand
2 shifts to demand2 shifts to demand
2 shifts to demandTravis Klein
 
Rethinking tax friday
Rethinking tax fridayRethinking tax friday
Rethinking tax fridayTravis Klein
 
20131130社会事業家100人インタビュー@静岡
20131130社会事業家100人インタビュー@静岡20131130社会事業家100人インタビュー@静岡
20131130社会事業家100人インタビュー@静岡Maco Yoshioka
 
Visibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseVisibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseEMC
 
Diminishing marginal returns
Diminishing marginal returnsDiminishing marginal returns
Diminishing marginal returnsTravis Klein
 
Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics EMC
 
Kerala needs not new malls,mosques,churches and temples
Kerala needs not new malls,mosques,churches and templesKerala needs not new malls,mosques,churches and temples
Kerala needs not new malls,mosques,churches and templesDr. Raju M. Mathew
 
White Paper: Sizing EMC VNX Series for VDI Workload — An Architectural Guidel...
White Paper: Sizing EMC VNX Series for VDI Workload — An Architectural Guidel...White Paper: Sizing EMC VNX Series for VDI Workload — An Architectural Guidel...
White Paper: Sizing EMC VNX Series for VDI Workload — An Architectural Guidel...EMC
 
Cv pers. montanaro m.a.ba1 l
Cv pers. montanaro m.a.ba1 lCv pers. montanaro m.a.ba1 l
Cv pers. montanaro m.a.ba1 lsabemarie
 
White paper holistic_approach_to_government_continuity_of_operations_apr2014
White paper holistic_approach_to_government_continuity_of_operations_apr2014White paper holistic_approach_to_government_continuity_of_operations_apr2014
White paper holistic_approach_to_government_continuity_of_operations_apr2014EMC
 
Broadview Mortgage Long Beach - California Extra Credit Teacher Program
Broadview Mortgage Long Beach - California Extra Credit Teacher ProgramBroadview Mortgage Long Beach - California Extra Credit Teacher Program
Broadview Mortgage Long Beach - California Extra Credit Teacher ProgramBroadview Mortgage Long Beach
 
ARAB KNOWLEDGE BANK - WHY AND HOW?
ARAB KNOWLEDGE BANK - WHY AND HOW?ARAB KNOWLEDGE BANK - WHY AND HOW?
ARAB KNOWLEDGE BANK - WHY AND HOW?Dr. Raju M. Mathew
 
International trade
International tradeInternational trade
International tradeTravis Klein
 
โรคขาดโปรตีน
โรคขาดโปรตีนโรคขาดโปรตีน
โรคขาดโปรตีนPraexp
 
AP stock market investing
AP stock market investingAP stock market investing
AP stock market investingTravis Klein
 
Beauty of-mathematics
Beauty of-mathematicsBeauty of-mathematics
Beauty of-mathematicsChandan Dubey
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up EMC
 

En vedette (19)

2 shifts to demand
2 shifts to demand2 shifts to demand
2 shifts to demand
 
Rethinking tax friday
Rethinking tax fridayRethinking tax friday
Rethinking tax friday
 
20131130社会事業家100人インタビュー@静岡
20131130社会事業家100人インタビュー@静岡20131130社会事業家100人インタビュー@静岡
20131130社会事業家100人インタビュー@静岡
 
Sticky wages
Sticky wagesSticky wages
Sticky wages
 
Visibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized EnterpriseVisibility & Security for the Virtualized Enterprise
Visibility & Security for the Virtualized Enterprise
 
Diminishing marginal returns
Diminishing marginal returnsDiminishing marginal returns
Diminishing marginal returns
 
Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics
 
Kerala needs not new malls,mosques,churches and temples
Kerala needs not new malls,mosques,churches and templesKerala needs not new malls,mosques,churches and temples
Kerala needs not new malls,mosques,churches and temples
 
White Paper: Sizing EMC VNX Series for VDI Workload — An Architectural Guidel...
White Paper: Sizing EMC VNX Series for VDI Workload — An Architectural Guidel...White Paper: Sizing EMC VNX Series for VDI Workload — An Architectural Guidel...
White Paper: Sizing EMC VNX Series for VDI Workload — An Architectural Guidel...
 
Cv pers. montanaro m.a.ba1 l
Cv pers. montanaro m.a.ba1 lCv pers. montanaro m.a.ba1 l
Cv pers. montanaro m.a.ba1 l
 
White paper holistic_approach_to_government_continuity_of_operations_apr2014
White paper holistic_approach_to_government_continuity_of_operations_apr2014White paper holistic_approach_to_government_continuity_of_operations_apr2014
White paper holistic_approach_to_government_continuity_of_operations_apr2014
 
Broadview Mortgage Long Beach - California Extra Credit Teacher Program
Broadview Mortgage Long Beach - California Extra Credit Teacher ProgramBroadview Mortgage Long Beach - California Extra Credit Teacher Program
Broadview Mortgage Long Beach - California Extra Credit Teacher Program
 
ARAB KNOWLEDGE BANK - WHY AND HOW?
ARAB KNOWLEDGE BANK - WHY AND HOW?ARAB KNOWLEDGE BANK - WHY AND HOW?
ARAB KNOWLEDGE BANK - WHY AND HOW?
 
International trade
International tradeInternational trade
International trade
 
A present
A presentA present
A present
 
โรคขาดโปรตีน
โรคขาดโปรตีนโรคขาดโปรตีน
โรคขาดโปรตีน
 
AP stock market investing
AP stock market investingAP stock market investing
AP stock market investing
 
Beauty of-mathematics
Beauty of-mathematicsBeauty of-mathematics
Beauty of-mathematics
 
Information Security Shake-Up
Information Security Shake-Up Information Security Shake-Up
Information Security Shake-Up
 

Plus de EMC

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityEMC
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsEMC
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookEMC
 

Plus de EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 

Dernier

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Dernier (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Fraud Report: RSA Monthly Online Fraud Report - March 2013

  • 1. EMAIL ACCOUNT TAKEOVER TO IDENTITY TAKEOVER March 2013 Phishing attacks are notorious for their potential harm to online banking and credit card users who may fall prey to phishers looking to steal information from them. Compromised credentials are then typically sold in the underground or used for actual fraud attempts on that user’s bank/card account. Financial institutions have all too often been the most targeted vertical with phishers setting their sights on monetary gain, followed by online retailers and social networks. Most understand the purpose of targeting financial institutions, but online retailers and social networking sites? Why would a fraudster target them? In most cases, they use an email address to authenticate their users’ identities, and they are not the only ones. Of course the user is made to choose a password when opening any new online account, but as research reveals, password reuse across multiple sites is a huge issue. A typical user reuses the same password an average of six times, or the same password to access six different accounts. Phishing, Trojans And Email Access Phishing campaigns have already been targeting webmail users for years now with campaigns purporting to be Hotmail, Yahoo!, Gmail, and the spear-phishing flavor in the shape of OWA (Outlook Web Access) for business users. Trojan operators followed suit and have not remained oblivious to the potential that lies in gaining control over victim identities through their email accounts. In fact, almost all Trojan configuration files contain triggers to webmail providers as well as to social networking sites. This is designed with the purpose of getting access in order to gain more information about potential victims in order to take over their online identities. FRAUD REPORT
  • 2. Spear Phishing OWA phishing page designed to steal access credentials from business email users Since email accounts are an integral part of user identities online, they have also become the pivotal access point for many types of accounts. When it comes to online retailers and merchants, the email address is most often the username in the provider’s systems or databases. When it comes to bank accounts, the customer’s email is where communications and alerts are sent, and sometimes even serve as part of transaction verification. Beyond the fact that email is part of customer identification and point of communication, the compromise of that account by a cybercriminal can have more detrimental effects. Email takeover may mean that a hostile third party will attempt, and sometimes succeed, to reset the user’s account information and password for more than one web resource, eventually gaining access to enough personal information to enable complete impersonation of the victim. Although some webmail providers use two-factor authentication for account password resets (such as Gmail’s Authenticator), most don’t, thereby inadvertently making it simpler for criminals to access and sometimes attempt to reset access to accounts. Fraudsters will typically probe the account for more information and sometimes lock it (by changing the password) in order to prevent the genuine user from reading alerts after a fraudulent transaction was processed on one of their accounts. Email Access = Money? Since email is a convenient way for service providers to communicate with untold numbers of customers, online merchants will, in the name of ease of use, reset account credentials via email. Hence, if a cybercriminal is in control of the email account, they will also gain control over the user’s account with that merchant. page 2
  • 3. From there, the road to e-commerce fraud shortens considerably, either using that person’s financial information, or attaching a compromised credit card to that account without ever having to log into their bank account in order to access their money, and in that sense, email access equals money. Another example is transportation companies, which are part of any online purchase and those who provide shipping service to companies as well as governmental offices. They also use email addresses as their users’ login identifiers and will reset the account via email. A takeover of a user’s email account in this scenario will also mean takeover of that person’s/business’ service account with the transport provider. For fraudsters, this type of access translates into purchasing labels for their reshipping mules, charging shipments to accounts that don’t belong to them, and providing an easier route to reship stolen goods and even reroute existing orders. Email Account Takeover And Online Banking Email account takeover may appear benign at first sight, but in fact it is an insidious threat to online banking users. The first issue with email account takeover (due to credentials theft or a password reset), is that users re-use passwords. When fraudsters steal a set of credentials, they will likely be able to use it to access additional accounts, sometimes even an online banking account. The second issue is that fraudsters will use victim email access for reconnaissance with that person’s choice of financial services providers, bank account types, card statements (paperless reports delivered via email), recent online purchases, alert types received from the bank, contact lists (often including work-related addresses), social networking profile and more. How Risky Is Email Account Takeover? Email account takeover can be a route to identity theft that only requires access to perhaps the least secure part of the online identity used by financial and other organizations and is perhaps one of the least evident elements that can become a potential facilitator of online fraud scenarios. Email addresses can serve as a “glue” that binds many parts of a person’s online identity, connecting a number of different accounts that interlink. A typical online banking customer may use a Gmail address with their bank account, use that same address for a PayPal account, shop on eBay using that address, and receive their card statements at that address from their card issuer. All too often, that address is also their Facebook access email, where they have saved their phone number, stated where they work and for how long, and mentioned a few hobbies. CONCLUSION Account hacks of this type happen all the time, and often make the headlines in the media. In some cases, there are a few hundred potential victims while in others, there are millions. The value of an email address to a cybercriminal should not be underestimated. This element of an online identity must be treated with added caution by all service providers that cater to consumers. The line that crosses between ease of access and user experience always passes very close to security redlines, but sometimes very slight modifications in the weight customer email accounts can have on overall account access can turn a fraud attempt into a failed fraud attempt. page 3
  • 4. 59406 60000 Phishing Attacks per Month 51906 49488 In February, RSA identified 27,463 50000 phishing attacks launched worldwide, 41834 Source: RSA Anti-Fraud Command Center marking a 9% decrease from January. 40000 37878 35558 35440 The overall trend in attack numbers when 33768 29581 30151 looking at it from an annual view shows 30000 27463 slightly lower attack volumes through the 21030 first quarter of the year. 19141 20000 10000 0 Jan 13 Feb 13 Feb 12 Mar 12 Apr 12 May 12 Jun 12 Jul 12 Aug 12 Sep 12 Oct 12 Nov 12 Dec 12 350 314 303 298 288 290 291 300 281 284 269 259 257 257 Source: RSA Anti-Fraud Command Center Number of Brands Attacked 250 242 In February, 257 brands were targeted in 200 phishing attacks, marking a 12% decrease from January. Of the 257 targeted brands, 150 48% endured five attacks or less. 100 50 0 Feb 12 Mar 12 Apr 12 May 12 Jun 12 Jul 12 Aug 12 Sep 12 Oct 12 Nov 12 Dec 12 Jan 13 Feb 13 page 4
  • 5. 100 3% 12% 7% 20% 10% 11% 11% 9% 9% 12% 6% 15% 8% US Bank Types Attacked 11% 12% 9% 15% U.S. nationwide bank brands were the prime 80 21% 30% 18% 15% 15% 14% 14% 15% 23% target for phishing campaigns – with 69% of Source: RSA Anti-Fraud Command Center total phishing attacks – while regional banks 60 saw an 8% increase in phishing attacks in February. 40 20 76% 58% 82% 62% 78% 74% 74% 77% 77% 79% 79% 70% 69% 0 Feb 12 Mar 12 Apr 12 May 12 Jun 12 Jul 12 Aug 12 Sep 12 Oct 12 Nov 12 Dec 12 Jan 13 Feb 13 a Australia South Korea Canada China Germany UK South Africa 3% India 4% Canada 5% Top Countries by Attack Volume The U.S. remained the country that suffered a majority of attack volume in United Kingdom 14% February, absorbing 54% of the total phishing volume. The UK, Canada, India, and South Africa collectively absorbed U.S. 54% about one-quarter of total phishing volume in February. 41 Other Countries 20% page 5
  • 6. Italy 3% a US S Africa China Italy Canada Netherlands India Bra India 3% China 4% Canada 4% 38 Other Countries 37% Top Countries by Attacked Brands Brazil 4% In February, U.S brands were targeted by 30% of phishing volume – continuing to Australia 4% remain the top country by attacked brands. Brands in Brazil, Italy, India, Australia, China and Canada were each respectively targeted by 4% of phishing volume. United Kingdom 10% U.S. 30% a US S Africa China Brazil 3% Italy Chile 3% Canada Netherlands India B Russia 3% Top Hosting Countries Canada 4% In February, the U.S. hosted 44% of global Germany 5% phishing attacks (down 8%), while the UK and Germany each hosted 5% of attacks. United Kingdom 5% Other top hosting countries in February included Canada, Russia, Brazil and Chile. U.S. 44% 54 Other Countries 33% page 6
  • 7. CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa ©2013 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective www.emc.com/rsa holders. MAR RPT 0313