Yep -- it's true. I took the summer off from blogging but now I'm baaaack! And what a time to come back. Dow down 777 points today. Banks and other financial institutions going under right and left. And the one area where there is huge growth turns out to be in the online fraud business. And sadly, these online fraud perpetrators are turning to software as a service (SaaS) to commit their fraud. What is the world coming to?
Read on to see how SaaS is being used to commit acts of fraud.
Internet fraud has finally reached the big time -- that is, it is now such a large business and is so embedded in legitimate online activities, it is getting harder and harder to tell the good guys from the bad ones. Or so says Uri Rivner, RSA Security head of new technologies in a September 25 briefing. There are two trends in fraudulent activities. Here's how the one that uses SaaS works:
Fraudsters are now using a hosted fraud model (perhaps we need a new acronym -- FaaS = fraud as a Service...). He or she can simply order phishing or other criminal business services online and pay a paultry $299 a month to participate "as an investor in order to share in the profits". Rivner says that the $299 a month fee "puts you in the food chain of [identity] harvesters, phony ATM card makers, delivery specialists - a whole infrastructure of criminals". It opens up a whole new career path for criminals. As if we didn't have enough to worry about... The bottom line lesson -- don't trust any of these anonymous people online.
Gee, I hate to see the SaaS model get a black eye from such criminal activities. I suppose it was inevitable that someone would figure out how to use this new technological offering for nefarious purposes.
In case you are interested, the second trend is a variation on an old trick:
It involves new super-Trojans that hijack legitimate bank web sites and fool people into entering personal information into the phony web site. You get the Trojan through the normal means -- download a questionable file and open it. Then when you go to your bank's web site to make a transaction, the Trojan is alerted and waits... for you to log in. As soon as you do, it brings up a false site that looks alarmingly just like your real bank's web site -- except for one difference (spoiler alert to fraudsters). It has two more lines of information it asks for: an ATM account number and your PIN. Once you enter it, you can bet your account will be drained within minutes... Sigh.
Sorry to start off my new season of blogging with such a negative one. But I guess it is better to be forewarned -- and forearmed -- in this season of financial upheaval. It is my fervent hope that you weather the economic storm safely and that we all learn from the disasters occurring on Wall Street. I promise to have happier blogs in the future.
As always, I welcome your comments on this and any other topics. Send me your thoughts on blog material as well. I am always looking for new ideas!
Yours in BI Success,
Posted September 29, 2008 2:56 PM
Permalink | No Comments |