Blogs

RSS FeedBlogs

Cyber Threat

Arcsight

RSS FeedSubscribe to this blog
About Author
Arcsight

Cyber crime trends, data privacy, insider threats, and other information security issues, and what they mean for the enterprise, brought to you by ArcSight

Contact

Email

Combating socially engineered cyberfraud

Article comments

Card and banking fraud figures published by the UK by Financial Fraud Action UK and the UK Cards Association last month show that while fraud on debit and credit cards actually fell last year, on-line banking fraud rose by 14%.

As the financial services industry attempts to achieve new levels of protection through technologies such as chip and PIN and more sophisticated fraud detection software, fraudsters unleash new strategies for getting what they want, such as more sophisticated phishing schemes to con individuals into revealing personal and financial information, and social engineering schemes to get others to assist in the fraud process.

When it comes to social engineering, the call centre is particularly vulnerable as unsuspecting call centre representatives focused on delivering good customer service can be “socially engineered” for the purpose of fraud. It goes something like this: Through a phishing attack, the fraudster compromises a customer’s online banking account. He’s now able to view basic information such as account statements via the Web portal.

The fraudster can also access auto forms and harvest key personal data, including date of birth, address, etc. Additionally, fraudsters are gathering information via sources such as personal blogs and social media websites, where people talk about their pets, high school mascot and parents. Now, with a quick call into the bank’s call center, a fraudster can authenticate himself as the owner of the account and manipulate the conversation to get what he wants.

Essentially, he “socially engineers” the call center representative to complete his nefarious activities – to the detriment of the customer and the bank.

This kind of activity is difficult to detect using traditional intrusion detection approaches as the fraudulent transaction looks like a series of seemingly harmless activities.

It requires the collection and aggregation of event and log information from across all touch points that form part of the overall process; network devices, financial applications, call centre applications, databases, etc to bring together all the digital fingerprints that collectively may signal that something is suspicious.

The application of real-time data correlation and pattern detection completes the picture by highlighting the suspicious series of events that may signal fraudulent activity. This “second line of defence” is delivered not only through the implementation of appropriate Security Information and Event (SIEM) technology but through skilled security engineers often working as part of a Security Operations Centre (SOC). SOCs are increasingly seen as essential in helping financial organisations deal with cyber threats that are clearly increasing in sophistication and diversity.

If you are interested in learning more ArcSight has created a White Paper on the subject which can be found here.

Share:

Comments

Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open