Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking
    • Storage

    How Online Fraudsters Are Using SAAS in Their Networks

    By
    Chris Preimesberger
    -
    September 26, 2008
    Share
    Facebook
    Twitter
    Linkedin

      SANTA CLARA, Calif. — Apparently, there are some real career paths available in the online fraud business. One can become an identity harvester, a software developer who builds botnets, a delivery middleman, a salesperson–the list is long and resembles legitimate businesses in many ways.
      At an analysts’ briefing Sept. 25 at EMC’s Silicon Valley offices, RSA Security head of new technologies Uri Rivner told attendees that the Internet fraud business has grown so large and enmeshed in legitimate online activities that it is becoming increasingly difficult to tell who’s good and who’s bad.
      Rivner pointed out two recent trends: a) Fraudsters using SAAS (software as a service) models to sell their services to customers for a monthly fee, and b) the appearance of new super-Trojans that hijack legitimate bank Web sites and fool people into entering personal financial information–such as ATM account numbers and personal identification numbers–into the phony Web site.
      In describing the hosted fraud model, Rivner said that if a willing participant knows where to go, he or she can simply order a phishing or other criminal business service online and pay a fee per month to participate as an investor in order to share in the “profits.”
      “This fee at one of these services is $299 per month,” Rivner said. “This puts you into the food chain of [identity] harvesters, phony ATM card makers, delivery specialists–a whole infrastructure of criminals.
      “There looks to be quite a career path in there for some people. Everybody’s a specialist in this realm, and reputation is paramount.”
      Of course, trusting any of these anonymous folks online is another issue that an “investor” or “customer” has to solve.
      The second trend, involving the new Trojans–which can get installed on an unsuspecting computer owner’s machine through either opening an executable file or by a browse-by Web site, which is fairly rare–is also a growing problem, Rivner said.
      “In this scenario, with the Trojan on the client and working, the user goes to his or her bank’s Web site to make a transaction. The Trojan is alerted to this when the site is brought up. When it does show up, it waits for the user to log on, then brings up the false site, which looks very similar to the legitimate one,” Rivner said.
      “Except there’s one difference: The false site has two more lines of information it asks for: an ATM account number and the user’s PIN. Once the fraudster gets that info, the account is soon drained,” Rivner said.
      Rivner advised online bank users never to take the sites they use for granted.
      “Keep a close eye out for changes in the site. Make sure that your connection is a secure one,” he said. “If anything looks a bit different than usual, that should be a red flag. It’s probably a ruse.”
      Most banks do not ask for account numbers and PINs, he said. That would be the first clue that something’s amiss.
      Most of these online crooks use IRC (Internet relay chat) to communicate–most often in code–and, naturally, aliases. They build their reputations within the network by getting credit for helping facilitate large fraud deals involving banks, savings and loans, hedge funds and other financial institutions.
      More news in the online security sector surfaced Sept. 25, when reports revealed that Neosploit, a black-market hacker exploit kit that many security experts believed had been shut down months ago, has reappeared on the scene and is responsible for an increase in attacks.
      Ian Amit, director of security research at Aladdin Knowledge Systems, said that rumors of the kit’s “retirement” last summer were off base.
      RSA, one of the most well-established software security companies in the world, has shut down about 100,000 online fraud schemes in the last several years, Rivner said.
      “But there are still plenty more to get, and there are new ones popping up every day,” he said.

      Avatar
      Chris Preimesberger
      https://www.eweek.com/author/cpreimesberger/
      Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 16 years and more than 5,000 articles at eWEEK, he has distinguished himself in reporting and analysis of the business use of new-gen IT in a variety of sectors, including cloud computing, data center systems, storage, edge systems, security and others. In February 2017 and September 2018, Chris was named among the 250 most influential business journalists in the world (https://richtopia.com/inspirational-people/top-250-business-journalists/) by Richtopia, a UK research firm that used analytics to compile the ranking. He has won several national and regional awards for his work, including a 2011 Folio Award for a profile (https://www.eweek.com/cloud/marc-benioff-trend-seer-and-business-socialist/) of Salesforce founder/CEO Marc Benioff--the only time he has entered the competition. Previously, Chris was a founding editor of both IT Manager's Journal and DevX.com and was managing editor of Software Development magazine. He has been a stringer for the Associated Press since 1983 and resides in Silicon Valley.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×