UK a key target for financial cybercrime

The UK is a key target for identity theft, phishing and Trojan attacks because it pioneered fast online payments that are now very familiar to consumers, security experts have warned.

Share

The UK is a key target for identity theft, phishing and Trojan attacks because it pioneered fast online payments that are now very familiar to consumers, security experts have warned.

Uriel Maimon, senior research scientist at RSA consumer solutions, said financial firms continued to encounter new threats, and faced a challenge to increase confidence in the online medium, mitigate risk and keep fraud losses low.

Maimon said online crime had become a mass market, and phishing attacks were increasing because it was a "statistics game". Attacks were cheap to execute, sometimes for as little as 50p or £1, and each attack could run for around 100 hours.

"It's a funnel effect. In a phishing attack you can send out more than 500,000 emails. Of those, maybe only 300,000 are real email addresses, and then another 100,000 get past the anti-spam software, and maybe about 1,000 users click through the link, and perhaps the attack leads to only 50 compromised identities trickling through, garnering about £500 on average per identity," he said.

Malicious Trojans distributed through compromised websites were still a common method of attack. Maimon said the technique was growing in both popularity and sophistication.

Although Trojans have been around for more than 20 years, this type of attack has mushroomed in popularity over the last three years as it no longer requires users to open an attachment. Instead, a user's PC can be compromised if they visit a site that has been hacked.

Maimon cited the example of the Russian Trojan called Gozi, used in what is considered to be the biggest ever online heist, which hit banks around the world.

While phishing attacks can be countered through anti-spam software and educating users, malware has grown so sophisticated that the desktop is too difficult to protect, Maimon said, adding: "The desktop is a lost cause,”

Maimon said Trojan attacks were far more scalable, and were often run by criminal gangs and the mafia, as they required high amounts of infrastructure, broadband and hosting.

One of the most prevalent scams in the UK is the "wire scam", where for example a fraudster offers to give the victim an advance on a lottery prize they have won if the victim wires money to a foreign bank account.

The victims, dubbed "mules" by online crime watchers, were unaware they were committing a crime, said Maimon. He added the irony of this scam is that, under UK law, the "mule" could face a harsher penalty than the fraudster, because the person wiring the money is committing money laundering.

New scams were also emerging in virtual worlds, such as Second Life, according to Maimon. There were two common ways that attackers were targeting virtual worlds, he said. First, people tended to use the same password for their virtual world as they did for their online bank account, so attackers were trying to uncover passwords through phishing attacks.

Second, cybercrimnals were trying to convert virtual money into real money. One elaborate method of doing this involves establishing an online power game with virtual money, then cashing up their gains in real money.

Find your next job with computerworld UK jobs