Social Network For Analytic Professionals
New Trends in Phishing and other Cyber-Fraud
If you are an online merchant processing credit cards, you probably cancel sales if the IP address used during the transaction is in Nigeria, and the phone number in Texas. This is certainly the case for B2B transactions.
However, fraudsters are increasingly improving their schemes. Instead of using IP addresses in Nigeria, they now hijack computers in US, or pay people (usually unemployed) to obtain remote access to their computer. Once a computer in US is infected by a virus or controlled by the Nigerian mob (in exchange for a small fee offered to the "victim"), credit card purchases (from stolen credit cards) can be tested and generated by the criminals, using US compromised computers to avoid detection.
So the question is: how can we stop this type of fraud?
As these fraudsters like to use Verizon, Road Runner and Comcast IP addresses, large ISP's should routinely check outgoing HTTP requests from all their customers. Customers that have a high proportion of HTTP requests to blacklisted or bad domains, in particular during unusual hours, should be red-flagged, and suspected of having a compromised Internet connection. The compromised connection is used to actively or passively (as a victim, not knowing your computer is infected) participate in Internet fraud schemes. Examples of active participation include include
Another solution might be for the ISP's to control the computers of all its customers, perform routine checks and clean infected machines. Actually, Microsoft and Firefox can help too, and to some extent they already do: for instance, IE regularly installs patches on your computer. In some sense, Microsoft operates one of the largest Botnets on earth (all the IE users are part of the Botnet). It is an open Botnet as well (since everybody agrees to receive these patches), but most people would say that that it is a good Botnet (the purpose being to improve security and catch criminals).
However, fraudsters are increasingly improving their schemes. Instead of using IP addresses in Nigeria, they now hijack computers in US, or pay people (usually unemployed) to obtain remote access to their computer. Once a computer in US is infected by a virus or controlled by the Nigerian mob (in exchange for a small fee offered to the "victim"), credit card purchases (from stolen credit cards) can be tested and generated by the criminals, using US compromised computers to avoid detection.
So the question is: how can we stop this type of fraud?
As these fraudsters like to use Verizon, Road Runner and Comcast IP addresses, large ISP's should routinely check outgoing HTTP requests from all their customers. Customers that have a high proportion of HTTP requests to blacklisted or bad domains, in particular during unusual hours, should be red-flagged, and suspected of having a compromised Internet connection. The compromised connection is used to actively or passively (as a victim, not knowing your computer is infected) participate in Internet fraud schemes. Examples of active participation include include
- offering remote access to your computer in exchange for money (e.g. after posting your resume, looking for legitimate jobs, you fall victim of criminals involved in phishing and money laundering - you sign up with them to process bogus checks, not knowing that you are becoming a criminal yourself, and subject to prosecution)
- or be involved in an open Botnet: in a nutshell, your computer is part of a Botnet (you have been infected), but unlike traditional Botnets, the "infection" is voluntary, and you might be compensated for allowing your machine to be controlled by the Botnet operator.
Another solution might be for the ISP's to control the computers of all its customers, perform routine checks and clean infected machines. Actually, Microsoft and Firefox can help too, and to some extent they already do: for instance, IE regularly installs patches on your computer. In some sense, Microsoft operates one of the largest Botnets on earth (all the IE users are part of the Botnet). It is an open Botnet as well (since everybody agrees to receive these patches), but most people would say that that it is a good Botnet (the purpose being to improve security and catch criminals).
Featured
Advertisement
Analytic Jobs
Most Visited
© 2010 Created by Vincent Granville
