This action might not be possible to undo. Are you sure you want to continue?
/2/2010 hjklzxcvbnmqwertyuiopasdfghjklzxc D. Vamsi Krishna (109) P. Pavan Kumar(114) vbnmqwertyuiopasdfghjklzxcvbnmq wertyuiopasdfghjklzxcvbnmqwertyui opasdfghjklzxcvbnmqwertyuiopasdfg hjklzxcvbnmqwertyuiopasdfghjklzxc vbnmqwertyuiopasdfghjklzxcvbnmq wertyuiopasdfghjklzxcvbnmqwertyui opasdfghjklzxcvbnmqwertyuiopasdfg hjklzxcvbnmrtyuiopasdfghjklzxcvbn mqwertyuiopasdfghjklzxcvbnmqwert yuiopasdfghjklzxcvbnmqwertyuiopas
Financial fraud has many faces. In the US alone. If we are going to use online banking to conduct financial transactions. deceptive telemarketing. or money laundering. when bankruptcies and business failures are more prevalent. an estimated $500 billion is electronically transferred among financial institutions daily. In order to protect their customers against fraud. as more individuals discover the ease of accessing their bank accounts and transferring money electronically each day. Therefore. More and more. providing criminals and financial terrorists vast opportunities to intercept funds. EFT services are quickly becoming one of the fastest growing segments of the financial services industry in the US and abroad. Fraudsters are attracted by the huge potential for online theft and are posing increasingly sophisticated and effective threats to the security of customer transactions carried out over the Internet. EFTs put the customer at risk for serious security problems. To further complicate the problem. real estate fraud.INTRODUCTION Internet banking is now a mass-market product that is demanded as an essential service by increasing numbers of bank customers. the goal of cybercriminals is to make as much money as possible within a short time and to do so inconspicuously. with this trend. the quality of a bank‟s Internet banking service can affect the overall level of satisfaction and loyalty of its customers. The growing popularity of Electronic Funds Transfers (EFTs) may soon make paper bills obsolete. an increasing number of frauds involving money laundering and identity theft in EFTs are continuing to emerge. While affording convenience. More and more people rely upon the convenience and ease of use of Internet banking services in their daily life. drug trafficking. Millions of people have had their checking accounts compromised. However. it is imperative that financial institutions be fully aware of the dangers EFTs pose and the steps they must take in order to maintain the security of their funds. . financial institutions must be proactive in their approach to training their staff on how to the identify risks associated with EFTs. Whether it involves swindling. The growing availability and popularity of Internet banking has created the biggest challenge to its continued viability and growth. evidence suggests that credit risk and fraud are of even more concern during weak economic periods. as well as the funds of their customers. debit or credit card fraud. mainly as a result of online banking. Online banking continues to present challenges to financial security and personal privacy. identity theft. we should be aware of the risks and take precautions to minimize them.
before an EFT can be posted as either a debit or credit. paying bills and buying products online or transferring money from an account to another through a financial institution‟s website. many of our banking activities are performed electronically. Whether a customer is withdrawing money from an ATM. ATTACKS THAT TARGET ONLINE BANKING Several types of electronic fraud specifically target online banking. In modern society. The real web site address is displayed. called “Vishing. password. for example. EFTs can even be performed from a cell phone or Personal Digital Assistant (PDA). any information you type directly into the pop-up will go to unauthorized users. intruders can access your personal account information and finances and make financial transactions from your account. a system of the US Federal Reserve Bank that provides EFTs between banks. and so forth) and provides links to a counterfeit web site. however. Some of the more popular types are: Phishing attacks Phishing attacks use fake email messages from an agency or individual pretending to represent your bank or financial institution. either within the same financial institution or across multiple institutions.ELECTRONIC FUNDS TRANSFER (EFT) An EFT is the electronic exchange or transfer of money from one account to another. It is about an International Lottery for which my e-mail was selected and to claim this lottery I need to send my details of . In some cases. The email asks you to provide sensitive information (name. pop-up windows can appear in front of a copy of a genuine bank web site. In a similar scheme. In US. using a credit card at a gas station. account number. it must first pass through an Automated Clearing House (ACH). If you follow the link and provide the requested information. it is an EFT being performed. And there are often many steps.” a person calls you and pretends to be a bank representative seeking to verify account information. The box below shows an example of a phishing attack which I got to my mail.
To file for your claim. L70 1NL London.000. Tracy Kelly" <jfarris21@chartertn. Liverpool. Due to mix up of some numbers and names. which consequently won in the 2ND category. All participants were selected through a computer ballot system drawn from over 20. September 30. you have therefore been approved for a lump sum pay out of £100. please contact our fiduciary agent: Mr. To begin your claims process therefore. you are advised to expeditiously contact our Director of finance for the processing of your winning and remittance to your designated bank account after all statutory obligations have been satisfactorily dispensed with. This is part of our security protocol to avoid multiple claims and unwarranted abuse of this program by some participants.000 (One hundred thousand pounds sterling). Your e-mail address attached to ticket number 564 75600545-188 with serial number 5388/02 drew lucky numbers 7-14-18-31-45. .net> Add sender to Contacts To: Undisclosed-recipients British National Lottery P O Box 1010 Liverpool. Paul Walters (BRITISH NATIONAL LOTTERY) 32 Palmstraat. L70 1NL UNITED KINGDOM Dear Sir/Madam.Flag this message Online result from our office (BNL) Sunday. 2007 7:47 PM From: "Mrs.000 company and 30. This promotional program takes place every five years. we ask that you keep your winning information confidential until your claims have been fully processed and your money remitted to you.000 individual email addresses and names from all over the world. We are pleased to inform you of the result of the Winners in our British International Lottery Program held on the 28th of September 2007.
and beyond where they so desire. Yours faithfully. Number: _____________BTL/491OXI/04 Batch Number:_________ 12/25/0304 Ticket Number:_________ 564 75600545-188 Serial Number:_________ 5388/02 Bank A/C No. We require you fill this form and return to your claims agent immediately. Mrs. : _________________________ Please note in order to avoid unnecessary delays and complications. Tracy Kelly Zonal Co-ordinator. and press anonymity until the end of proceedings. Name(In Full):___________________________ Age:__________________________________ Sex:__________________________________ Phone Number (Home):___________________ Mobile:________________________________ Office Number:__________________________ Country:_______________________________ Present Occupation:_____________________ Scanned Copy Of Identity:________________ Ref.us Our winners are assured of the utmost standards of confidentiality. For Claims.E-Mail: infoweb@notiz. remember to quote your reference number and batch numbers in all correspondence. Open 7 days 8am-11pm . Be further advised to maintain the strictest level of confidentiality until the end of proceedings to circumvent problems associated with fraudulent claims. This is part of our precautionary measure to avoid double claiming and unwarranted abuse of this program. British Lottery International (co-coordinator) BRITISH LOTTERY INTERNATIONAL COPYRIGHT © 2007 ALL RIGHT RESERVED.
and creates a secret fund transfer to the intruder-owned account.Malware Malware is the term for maliciously crafted software code. . Such a “man-in the middle attack” site enables an attacker to intercept your user information. Malware can also monitor and capture other data you use to authenticate your identity (for example. When you submit the information.Malware can generate web pages that appear to be legitimate but are not. They replace your bank‟s legitimate web site with a page that can look identical. Special computer programs now exist that enable intruders to fool you into believing that traditional security is protecting you during online banking transactions. it is sent to both the bank and the malicious attacker without your knowledge. • Account hijacking . In fact. Attacks involving malware are a factor in online financial crime. the software launches a hidden browser window on your computer. special images that you selected or “magic words” you chose).Malware can capture the keystrokes for your login information. reads your account balance. The attacker adds additional fields to the copy of the web page opened in your browser.Malware can hijack your browser and transfer funds without your knowledge. it is possible for this type of malicious software to perform the following operations: • Account information theft . logs in to your bank. except that the web address will vary in some way. When you attempt to login at a bank web site. • Fake web site substitution .
Working of Pharming 1.com. In case of malware we would have to install the malware on our computer either by running a program.nicebank. This server can be a DNS server on the LAN or the DNS server hosted by an ISP for all users. • With malware.com‟ to the IP address of a web server which contains a fake replica of nicebank. using various techniques. in order to succeed. manages to change the IP address of „www. provide information that compromises your financial identity. All the attack types listed above share one characteristic. The attacker. Any information you provide during a visit to the fake site is made available to malicious users. In one type of pharming attack you open an email. or an email attachment. . however. The attacker targets the DNS service used by the customer. that installs malicious code on your computer. they can take place without any conscious action on your part. they are created using technology but. we must open an email. they need you to provide information: • In phishing attacks. Later. Then. such as an email attachment. without your knowledge. • With pharming attacks. to become vulnerable. or email attachment. Financial information would be at risk only after we perform all these steps.Pharming Pharming attacks involve the installation of malicious code on your computer. or by visiting a web site through email or instant message link. you must be tricked into performing actions you would not normally do. you go to a fake web site that closely resembles your bank or financial institution. you would have to submit your bank login information. You then visit a fake website and. you must provide the information or visit links.
com website. procedures.2.nicebank. 5. Malicious Code. Website compromise & propagation of malware and Network Scanning & Probing.nicebank. response and reporting of cyber incidents • Such other functions relating to cyber security as may be prescribed Incident Handling Reports Computer Security Incidents handled by CERT-In during 2009 In the year 2009. In the Information Technology (Amendment) Act 2008. Government of India. Since the DNS server has already been „poisoned‟ by the attacker. CERT-In provides Incident Prevention and Response services as well as Security Quality Management Services. vulnerability notes and whitepapers relating to information security practices. CERT-In has been designated to serve as the national agency to perform the following functions in the area of cyber security: • Collection. address of the website. address of the fake website to the user‟s computer.com‟ and types the address in the web User‟s computer queries the DNS server for the IP address of „www. .com‟. analysis and dissemination of information on cyber incidents • Forecast and alerts of cyber security incidents • Emergency measures for handling cyber security incidents • Coordination of cyber incident response activities • Issue guidelines. Ministry of Communications and Information Technology. it returns the IP The user‟s computer is tricked into thinking that the poisoned reply is the correct IP browser. prevention. with the objective of securing Indian cyber space. advisories. User wants to go the website „www.nicebank. INDIAN SCENARIO OF BANKING FRAUDS CERT-In is a functional organisation of Department of Information Technology. The user has now been fooled into visiting the fake website controlled by the attacker rather than the original www. 4. 3. CERT-In handled more than 8000 incidents. The types of incidents handled were mostly of Phishing.
in domain websites were defaced. . Most of the defacements were done for the websites under . In all 6023 numbers of defacements have been tracked.in domain. In total 3042 .The year-wise summary of various types of incidents handled is given below: Incident Statistics Various types of incidents handled by CERT-In are given below Tracking of Indian Website Defacements CERT-In has been tracking the defacements of Indian websites and suggesting suitable measures to harden the web servers to concerned organizations.
debit card information. email address lists.85. and bank accounts. This information can include government-issued identification numbers such as Social Security numbers (SSNs). or black market forums.Indian websites defaced during 2009 (Top level domains) Symantec Report In a recent report. The report has some very interesting observations and it is surprising to know that sensitive data like Credit Card information is available for as low as $0. top security vendor Symantec had studied this underground economy and listed the top selling and advertised products. Following are the top selling products and services in malware infection economy. The underground economy is an evolving and self-sustaining black market where underground economy servers. user accounts. are used for the promotion and trade of stolen information and services. credit card numbers. .
and phone number. Shell scripts: used to perform operations such as file manipulation and program execution. It may also contain the cardholder name. Bank account credentials: may consist of name. and governmentissued number. Credit Verification Value 2 (CVV2) number. allowing attackers to obscure their path and make tracing back to the source difficult or impossible. Credit card information: includes credit card number and expiry date. Email accounts: includes user ID. address. and email addresses in the contact list. CVV2 is a three or four-digit number on the credit card and used for card-not-present transactions such as Internet or phone purchases. or “secret” questions/answers for password recovery. billing address. in possession of the card. Mailers: an application that is used to send out mass emails (spam) for phishing attacks. Examples of this are worms and viruses. password. address. mother‟s maiden name. bank account number (including transit and branch number). . This was created to add an extra layer of security for credit cards and to verify that the person completing the transaction was in fact. often a firewall mechanism. This could be in the form of online currency accounts or through money transfer systems and typically. They can also be used as a command line interface for various operating systems. This can involve sending email from the proxy. the requester is charged a percentage of the cash out value as a fee. and company name (for a corporate card). email address. other account information.Bank account credentials: may consist of name. phone number. and phone number. Full identities: may consist of name. or connecting to the proxy and then out to an underground IRC server to sell credit cards or other stolen goods. It may also include extras such as driver‟s license number. public sites on the Internet. PIN. bank account number (including transit and branch number). Online banking logins and passwords are often sold as a separate item. address. The sizes of lists sold can range from 1 MB to 150 MB. phone number. email address. The email addresses can be harvested from hacking databases. the account may contain personal information such as addresses. Proxies: Proxy services provide access to a software agent. or from stolen email accounts. date of birth. which performs a function or operation on behalf of another application or system while hiding the details involved. In addition. Email addresses: consists of lists of email addresses used for spam or phishing activities. Online banking logins and passwords are often sold as a separate item. Cash out: a withdrawal service where purchases are converted into true currency.
Forward a copy of the suspicious email to the Federal Trade Commission at uce@ftc. According to the Federal Reserve‟s Regulation E. As a general rule.gov • the Internet Crime Complaint Center – http://www.ic3. and so forth. retrieved. if you report an electronic fund transaction problem involving debit cards to a bank or financial institution in the first two days. there are no financial restrictions placed on your personal liability.com and then delete the email from your mailbox.gov • the three major credit bureaus – Equifax. the end result could be unauthorized access of your financial information. You should conduct online bank transactions in locations that are not subject to public monitoring. you should avoid using any computer that other people can freely access. Personal liability for debit cards can be higher. opportunities to make easy money.Use a credit card to pay for online goods and services. Remember. you are only liable for $50. links found in these suspicious emails should not be clicked. If you have disclosed financial information to a fraudulent web site. After 60 days.ftc. When you are entering login information. Experian. and TransUnion . Avoid situations where personal information can be intercepted. Also. overseas requests for financial assistance. Some credit cards limit personal liability for unauthorized transactions to $50. warnings of an account suspension. it is possible for your account information to be stored in the web browser‟s temporary memory. file reports with the following organizations: • your bank • the local police • the Federal Trade Commission – http://www. If you receive email correspondence about a financial account. or viewed by unauthorized individuals. at a coffee shop or library). verify its authenticity by contacting your bank or financial institution. Reporting that same incident between 3 and 60 days increases your personal liability to $500. You should not reply to any email requests for security information. Credit cards usually have stronger protection against personal liability claims than debit cards. you should avoid using unsecured or public network connections (for example.
how unauthorized access to your financial information occurs. Increased mobile device processing power will mean more opportunity for malware to run on these devices. and the steps you can take to protect your financial information.” . E-mail spam is going to remain in excess of 90% of all email.Cyber Threats expected in Future Cyber threats business and consumers should expect consequences of online banking are devastating in nature. Conclusion Online banking involves certain risks. As their numbers and use increase. Botnets will continue to be a major threat and a major source of spam. Learning about your rights and responsibilities as an online banking consumer can make a difference to your financial well-being by changing the age-old saying “A penny saved is a penny earned” to “A penny saved is a penny kept. Future social networking threats continue to be a persuasive force and will continue to be exploited as a means of running confidence tricks. they become a viable target for attackers. It is important to educate yourself about these risks.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.