Tuesday, October 14, 2014

 

Social media: More hindrance than help in banks' cyber crime fight

Banks are fighting an uphill battle to protect themselves and their client accounts from cyber attacks, and the sometimes careless use of social media by customers and staff isn't making the fight any easier.

British police and banks this week warned customers about the rise in criminals using social media to strike up a relationship and then try to get money from them.

Personal details from sites such as Facebook, Twitter and LinkedIn are also being used by fraudsters to scam customers, including to help in the increasingly common practice of "vishing", or voice phishing, industry sources said.

"Vishing" involves fraudsters calling and saying they are from the bank. They say there is a security problem, and ask the customer to call the emergency number on their bank card. But the fraudsters never hang up from the call -- in Britain they are able to stay on the line for 2 minutes -- and create a fake dial tone to convince the customer to provide account details or even transfer money to another account.

Britain's BBA banking lobby group estimates one in six customers could fall for this type of fraud, or 8 million people in the United Kingdom alone.

"The classic cyber crime doesn't involve extremely sophisticated technology, it involves finding a date of birth on social media," said Paul Clandillon, European practice leader for fraud and financial crime at IBM, at a recent conference on financial crime.

Revelations this month that hackers had obtained details of 83 million customers of JP Morgan -- one of the biggest data breaches in corporate history -- have shown how vulnerable banks remain, despite spending hundreds of millions of dollars a year on cyber defenses.

That was a complex attack, but far simpler and more frequent frauds involve scammers using social media profiles to obtain a fuller picture of potential victims, bank industry sources and fraud investigators said.

Fraudsters can map out a bank's organizational chart via information on social media, or dig out customer information online. Often they don't need to look far -- when Barclays introduced debit cards with photos on them, for example, some customers posted photos of their new cards, including account details printed on them, on social sites.

THE WEAKEST LINK

"They (fraudsters) view the customer as the weakest link and they are convincing customers they are the bank. They have access to data in ways they never had before," Bruce Forbes, head of security investigations and digital forensics at Royal Bank of Scotland, said at last month's BBA conference.

Banks have long been the favorite target of cyber criminals -- although retailers, healthcare firms and others have also been hit -- with attacks including attempts to steal money, client data or confidential information about sensitive financial deals, or just trying to disrupt systems.

So-called hacktivists can break into financial systems to score political points while state-sponsored hackers can look to conduct industrial espionage or disrupt economic activity using banks as intermediate targets.

Cyber crime costs the global economy $445 billion a year and continues to grow, according to the Center for Strategic and International Studies (CSIS). These losses come from fraud, intellectual property theft and the mushrooming spending on cybersecurity itself.

Often hackers will not use data themselves, but parcel them up and sell them to other people to use, notably specialists who convert stolen passwords and identities into financial gains. Criminals can keep data for months or years before using it.

DEFENSE TOOL

Social media provides a double-edged sword for banks, however, and the industry is also using it to fight back.

"Social media helps the criminals pursue their trade, but it also leaves a digital footprint in evidence that provides opportunities for us," said Mark Rowley, assistant commissioner for specialist operations for London's Metropolitan Police.

Technology developed more than a decade ago to help casinos in Nevada detect collusion between players and dealers is among the tools being used by banks to hunt for networks of organized fraudsters, by hunting out associations between people on social media that were otherwise nearly impossible to find.

Facebook, LinkedIn and Google Earth are also being used by banks alongside more complex searches, involving trawling for data that does not show on regular search engines.

Such "unstructured data" includes not just social media but pictures and videos and other information, and accounts for more than 80 percent of all data available.

"Focusing on unstructured data is what will give us the edge (over criminals) to be able to identify the very complex and organized collusive rings," said IBM's Clandillon.


Tags : , ,

Share

Social

The idea behind the text.
Respect for the truth is almost the basis of all morality.
Nothing can come from nothing.



Popular Topics

Read

Well, the way they make shows is, they make one show. That show's called a pilot. Then they show that show to the people who make shows, and on the strength of that one show they decide if they're going to make more shows.

Like you, I used to think the world was this great place where everybody lived by the same standards I did, then some kid with a nail showed me I was living in his world, a world where chaos rules not order, a world where righteousness is not rewarded. That's Cesar's world, and if you're not willing to play by his rules, then you're gonna have to pay the price.

You think water moves fast? You should see ice. It moves like it has a mind. Like it knows it killed the world once and got a taste for murder. After the avalanche, it took us a week to climb out. Now, I don't know exactly when we turned on each other, but I know that seven of us survived the slide... and only five made it out. Now we took an oath, that I'm breaking now. We said we'd say it was the snow that killed the other two, but it wasn't. Nature is lethal but it doesn't hold a candle to man.

You see? It's curious. Ted did figure it out - time travel. And when we get back, we gonna tell everyone. How it's possible, how it's done, what the dangers are. But then why fifty years in the future when the spacecraft encounters a black hole does the computer call it an 'unknown entry event'? Why don't they know? If they don't know, that means we never told anyone. And if we never told anyone it means we never made it back. Hence we die down here. Just as a matter of deductive logic.