Bigmouthmedia search engine news: fraud

Digital prankster hacks celebrity Twitter accounts

Tue, 06 Jan 2009 12:00:00 GMT

Popular Micro-blogging site Twitter has had to temporarily suspend the accounts of several celebrities including Barack Obama, Britney Spears and CNN anchorman Rich Sanchez. The accounts were suspended due to a prank by an unknown hacker who hijacked the accounts with comical tweets.

CNN anchorman Rich Sanchez was among the targeted after sending out a feed which read "I am high on crack right now, might not be coming into work today." Fox News was also attacked after breaking the misspelled news; "Bill O'Riley is gay." Also making the hilarious headlines was Britney Spears who sent out a tweet saying "Hi Yall! Brit Brit here, just wanted to update you on the size of my..." - well, you get the picture.

Although Twitter admits that 33 accounts were hacked, we are still waiting in suspense to see who the other 29 'victims' were.

So how did it happen? According to a Twitter blog post, the entertaining tweets were orchestrated by someone who "hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can't remember or get stuck."

All of this is apparently unrelated to a separate security issue which is concerning Twitter users at the moment. Over the weekend, 'civilian' accounts were targeted messages offering free iPhones with the messages redirecting Twitter users to a fake login site. Twitter has since advised many users to change their passwords.

So who's the Twitter Trickster? Techcrunch who have put a lot of research into the story believe the trail leads back to the website digitalgangster.com, where a hacker known as 'gmz' is known to lurk. While tweets about Spear's anatomy are difficult to track, messages from the Facebook and Obama Twitter accounts redirected users to an affiliate site. In theory, Twitter only need to find out who owns the bank accounts in order to find the identity of the internet farceur.

In reality, very little real damage was done to those attacked. Rich Sanchez presumably made it into work and if Britney really wants to update us about her lower regions, she will do so when she next gets out of a taxi. The story is a nice diversion from the more worrying phishing attacks Twitter is failing to defend itself against.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

2009: The Year of the Intelligent Cyber Criminal

Tue, 30 Dec 2008 12:00:00 GMT

It may be the festive season, filled with kindness and good will - but the closing days of 2008 are also a time to reflect over the year past, its trends and the risks that come from the not-so kind and less good willed. While we bigmouths don't want to put a damper on the festivities, it's important to be aware of 2008's alter ego as 'the year of the intelligent cyber criminal'.

Every day, many internet users find their inboxes besieged with spam e-mails. Most of them are obviously junk. Won a million in the Swedish lottery? Ever heard of it? We're not really stupid enough to fall for that one, are we?

This candid, cyber-savvy arrogance has created a new arena for the professional cyber criminal - someone continually looking for new, smarter ways to penetrate your computer. One of the most well-known of these techniques is the 'Scareware Scam'.

According to digital security company Finjan, up to five million people have fallen victim to scareware scams. Sneaky criminal companies operate the scam by advertising so-called 'free virus checks' on popular websites. The unsuspecting user downloads the software which tells them that their computer is infected with spyware, viruses or pornography.

However, these results are false - but as many as five million people have purchased the 'remedy software' needed to fix the supposed problem.

Such cyber scams have made the headlines thanks to an investigation from the Federal Trade Commission. Focussing its enquiries on two major companies, the FTC has begun a crackdown on scareware scams. Between them, the two companies have made millions with genuine-sounding security products such as WinFixer, DriveCleaner and XP Antivirus. Until now, these companies have avoided courtroom proceedings..

Of course, in the cat and mouse game that is cyber-regulation, the good guys get their day too. Sadly though, it really wasn't much longer. For a brief period in November spam levels fell to 64.1 billion messages per day, before rising back up to record numbers close to 100 billion.

The prediction for 2009 is gloomy. Finjan believes that the IT job-layoffs - results of the economic crisis - could lead to a dramatic increase in digital crime. With thousands of unemployed programmers in need of an income, Finjan believes many will use their expertise to earn money through online crime tactics.

The main concern is not the number of potential hackers entering the playing field, but that we are all getting so tech-savvy and spam-shrewd that it will take even more cunning and manipulative tricks to really work on us. With the possibility of thousands of intelligent IT professionals entering the digital crime scene, scams are going to get more and more elaborate and we might once again be as spam- gullible as we were when spam e-mails first hit the scene.

Happy holidays - be vigilant!

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

Bank turmoil fuels phishing boom

Mon, 13 Oct 2008 12:00:00 GMT

The US Federal Trade Commission (FTC) issued a warning saying phishing gangs were using the current global financial crisis to extract valuable information from consumers.

The news comes as a UK banking group reveals that phishing attacks were up more 180% in a year.

The FTC said that the current rapid changes in the banking world, where many institutions suddenly had new owners, could only help fraudsters keen to steal login and other personal details.

The FTC said in statement, "Scammers are taking advantage of upheavals in the financial marketplace to confuse customers into parting with valuable personal information."

It said it expected fraudsters to pose as the new owners of banks or the federal agencies charged with oversight of struggling institutions.

The FTC urged customers to be wary and not to reply to e-mail messages or pop ups that ask for personal or financial information even if they appeared to come from a bank. Customers should also scrutinise bank and credit card statements for unauthorised withdrawals or transfers.

Secure Computing the leading enterprise security software provider, said its October spam report showed that many of the banks and other financial institutions caught up in the turmoil were topping its list of phishing targets.

Chase, Wachovia and Bank of America were among the most popular targets for scammers. Secure Computing said that it expected British banks to also prove popular in the coming weeks as changes and mergers are completed.

In its second annual report, the All Parliamentary Group on ID Fraud said tighter credit lending rules would lead to more attempts to get at existing bank accounts.

"There is no longer a guarantee that they will get credit by applying assuming another person's identity, so they are instead tapping into accounts that already exist," read the report.

Fraud figures released in early October by the Association of Payment Clearing Services (Apacs), which represents UK banks, showed a steep rise in the number of phishing attacks even before the turmoil in the banking world began.

From January to June 2008 phishing attacks rose by 186% on the same period in 2007, it said. In total it saw more than 20,682 phishing incidents during that six month period.

With the global financial crisis looking to get worse before it gets better, banking customers in the US and UK are being encouraged to be extra vigilant when using online financial services.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

Apple fights with review quality

Fri, 03 Oct 2008 12:00:00 GMT

Apple has changed its policy to ensure that reviews of iPhone Applications can only be written by users who have purchased the application in question. The change should make it harder for developers to negatively rate rival applications and manipulate star ratings.

User submitted reviews have become a cornerstone of the evolution of the internet. Increasingly, users expect to be able to comment on, compliment or criticise the services or products they've received. And it's a feature that has the ability to impact positively on a site's popularity. For example, in the travel market, sites like TripAdvisor have risen to prominence through their vast collection of reviews.

The early success of sites capitalising on user submitted reviews has been tempered with concerns over the integrity of the reviews themselves. In 2006 USA Today journalist Gene Sloan wrote of suspicions that hotel staff were reviewing their own hotels on TripAdivsor and highlighted the concern that hotels were offering cash in return for positive commentary.

The United Kingdom's Consumer Protection from Unfair Trading Regulations Act was updated in May 2008 to specifically make it illegal for companies to falsely represent themselves as a consumer. The law, however, places little emphasis on sites that allow reviews and the way that these reviews are policed to prevent infringement.

iPhone Application developer and news editor for Search Engine Land and Search Engine Roundtable, Barry Schwartz welcomed the new policy update from Apple on his blog. Mr Schwartz had experienced anti-Semitic comments on his popular Siddur & Zmanin iPhone application.

"I think this is a good first step in making the iTunes App Store review system more fair for both developers and users," Barry Schwartz told bigmouthmedia.

"To have people review an app without first trying it, well - that is like asking your brother for a letter of recommendation - it just is a skewed review. Outside of that, it adds a barrier to those who have anger towards an individual or group of people. It makes it one step harder for those types of people to leave racist or anti-semitic remarks."

"The best scenario would be to have Apple review reported reviews in a timely fashion, with this policy of having to buy or download the app, before reviewing. What is sad, is that anti-Semitic review is still in the App Store, after I know at least ten different people reported it to Apple over 15 days ago!"

Prolific tech blogger Christina Warren also welcomed the policy update on The Unofficial Apple Weblog noting that many people simply complained about the pricing of applications in the review section. "That isn't fair to developers, and it isn't fair to potential buyers", Warren wrote.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

Phishers jump on the 2008 Olympic Games

Mon, 11 Aug 2008 12:00:00 GMT

The Beijing 2008 Olympic Games in China are finally underway and, unfortunately, the sporting events that have everyone's attention at the moment have also encouraged the circulation of a new eddy of cyber crime.

This year sees the first time that the Olympics will have complete online global coverage - something that has been happily greeted by internet fans worldwide. However, it has been reported that people are finding Olympic-themed related junk email messages popping up in their inboxes. These phishing scams attempt to trick individuals into opening malicious email attachments and visit fraudulent sites. Furthermore, there are emails notifying people that they have won an Olympic lottery, which they will only be able to claim by entering their personal and financial details.

There is no doubt that spammers and hackers have seen this year's Olympic Games as an opportunity to take advantage of the uneducated and naive users of the Internet, with many individuals still largely unaware of the danger giving your details away can pose.

These malicious messages are largely being spammed using the Rustock botnet, which is a large spam campaign involving users clicking on a headline in an email which then opens a fake online video prompting the user to install a specific codec file in order to watch it. However, the user is unaware that they are actually downloading malware that installs the Rustock botnet software which, as a result, leads to their personal information being collected.

According to recent reports (and the inbox of a bigmouth's personal email account), the latest headlines that are attempting to dupe the public are related to online U.S. news channel CNN and the Beijing Olympics. These new campaigns appear more sophisticated and convincing to the recipient than many earlier generation scams.

While it's mainly users of Windows PCs that are being targeted, it is not only members of the public who are being damaged by these Olympic email threats. Fake messages are also being sent to trainers of athletes and national sporting organisations - and in these cases the sender appears to be the International Olympic Committee. The messages have an infected Adobe PDF file attached that poses a threat when downloaded.

The more aware people are of potential scams, the less likely they will be to fall for them - so spread the information to all of your less tech-minded friends and family and tell them that the 2008 Olympic Games may not be the only online activity worth watching out for this summer.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

Google Phishing: the fastest-growing con on the Internet

Fri, 23 May 2008 12:00:00 GMT

Online fraudsters are targeting Google AdWords users in an attempt to steal internet traffic and gain access to the banking details of businesses and individuals.

According to the latest research from bigmouthmedia, the volume of 'phishing' emails designed to trick customers into handing over their AdWords account login details has increased rapidly within the last six months. Analysis of traffic statistics for April reveals a rise of 240% on the monthly average for 2007.

Although web users are familiar with fraudulent emails seeking usernames and passwords for online banking facilities, Google Phishing is a relatively new phenomenon. Victims are targeted not only for the details that would leave them open to identity theft, but will also find their AdWords traffic redirected to the perpetrators' site.

Many commentators see the sudden spike as a reflection of Google's rising significance, with organised online crime now targeting the search giant in much the same manner as it would attack a major bank.

Bigmouthmedia conducted the research by analysing the company's email traffic over an 18 month period. After measuring the flood of automatic phishing attempts sent to email aliases across the organization in 2007, calculating the monthly average and comparing those results to statistics from 2008, the almost three-fold leap in attacks was identified.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

Net criminals to target social networking sites in 2008

Thu, 03 Jan 2008 12:00:00 GMT

Cyber criminals are set to target social networking sites over the coming year, security firms have warned.

Professionals in the field suggest that the intimate nature of such sites makes users more willing to share personal information and, consequently, more vulnerable to attacks.

Senior security researcher at ScanSafe Mary Landesman stated that social networking sites are attractive to scammers because "the technologies that play there and the third party add-ons make it an environment that is susceptible to compromise", the BBC reports.

According to the corporation, there have already been a number of such attacks perpetrated on social networks.

For example, Brazilian users of Google's Orkut - a networking and discussion site - were recently subjected to a threat caused by a worm that tried to steal bank account details.

As well as the technical vulnerabilities that social networking sites are susceptible to, the amount of information that individuals willingly share with others is also described as problematic.

Commenting on the issue, David Porter, head of security and risk at business and technology consulting firm Detica, stated: "It is remarkable that people use social networking websites to publish details about their lives, loves, jobs and hobbies to the entire world ... Such data is invaluable to identity fraudsters."

In a BBC article yesterday, Paul Henry, vice president of technology evangelism at security solutions provider Secure Computing, stated that 2007 saw high-tech crime become firmly entrenched.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

2007 'saw high-tech crime become firmly entrenched'

Wed, 02 Jan 2008 12:00:00 GMT

Cyber criminals are becoming increasingly advanced and 2007 was the year that hi-tech crime became firmly established and entrenched, an expert has said.

According to Paul Henry, vice president of technology evangelism at security solutions provider Secure Computing, "the bad guys are becoming more sophisticated and that means it is becoming more difficult to stay safe", the BBC reports.

He added that he sees no end to the rise in online crime until "we effectively reduce the value of personal information to the point where for the hackers it is useless".

Joe Telafici, vice president of operations for McAfee's Avert Labs, went on to say that the majority of attacks perpetrated are now done for money.

The last year saw the effective extinction of young hackers who wrote malicious programmes and viruses for fun, he stated.

While some of the attacks, such as phishing runs, were obviously concerned with stealing money from internet users' credit cards or bank accounts, others that looked more innocuous were also done with cash in mind, according to Mr Telafici.

For example, Trojans placed in banner advertisements that attempt to hijack a home PC were designed to get hold of information that can be rented out for a fee to spammers and other internet criminals.

Recently, search engine provider Google was affected by a web hijacking campaign in which malicious websites used by hijackers would come up in search results when users looked up seemingly innocuous terms such as "charity".

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

Yahoo!, eBay and PayPal team up to reduce email fraud

Fri, 05 Oct 2007 12:00:00 GMT

Yahoo! has announced it is joining forces with eBay and PayPal to protect consumers against email fraud and phishing scams.

The collaborative effort will mean eBay and PayPal customers who use Yahoo! Mail will receive fewer fake emails claiming to be sent from the companies.

In a statement, the search engine declared: "Yahoo! Mail is the first web mail service to block these types of malicious messages for eBay and PayPal through the use of DomainKeys email authentication technology."

DomainKeys technology allows internet service providers to determine if messages are real and should be sent to a user's inbox.

The technology upgrade is due to be rolled out across the world over the next four weeks to all users of Yahoo! Mail.

Michael Barrett, chief information security officer at PayPal, stated: "While there is clearly no silver bullet for solving the problems of phishing and identity theft, today's announcement is great news for our customers who rely on Yahoo! Mail."

Chief information security officer at eBay Dave Cullinane added that, through industry cooperation, firms can collectively attempt to "stamp out" phishing and other kinds of email scams.

Yahoo!'s announcement comes in the wake of uSwitch research that suggested homes in the UK receive almost 82 million spam emails each day, equating to 947 every second.

According to the figures, Britain now ranks fourth in the world for spam attacks.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

Yahoo! launches click fraud centre

Fri, 10 Aug 2007 12:00:00 GMT

Yahoo! has launched a new Traffic Quality Centre to help combat the issue of click fraud.

At the centre, users of the pay-per-click advertising service will be able to access a range of services in order to help them to protect themselves, the search engine has said.

They will be able to get the latest news on traffic quality, view tips and tools that will assist in fraud detection, learn how to submit a click investigation request and read articles on the best practices in helping to protect search marketing investments.

Users will also be able to locate articles that illuminate traffic quality issues from a range of perspectives.

Reggie Davies, vice president of network quality at Yahoo! Search Marketing commented: "Our commitment to traffic quality is not new.

"In fact, since 1998, our Click Protection System has been up and running 24/7 with the goal of filtering out bad clicks - helping to ensure that you're only billed for the clicks that count."

The system is continuing to evolve along with marketplace changes, he added.

There is disagreement concerning click fraud rates, with PR-GB.com reporting that the industry can only estimate the number as somewhere between 0.02 per cent and 30 per cent, or possibly even higher.

According to the site, the incidence of fraud is determined partially by the competitiveness of the industry and the level of the bid price.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia