The fuel that drives global cybercrime

Karine de Ponteves is a FortiGuard AV analyst with Fortinet. In this interview she discusses how cybercriminals exploit major events to deliver malware, the oversharing of personal information and how that leads to targeted attacks, and more.

Every major event is exploited by cybercriminals to deliver malware. Based on your research, what events are targeted the most? What are the biggest threats to those searching for information about these events?
The more people feel concerned with the event, the bigger the game and the easier the hoax.

You can group these past years’ major events into 3 categories:

1. Disaster relief (earthquakes in New Zealand and Japan, nuclear disaster in Fukushima, famine in Somalia…) Cybercriminals will prey on the sympathy for the victims, using legitimate charity credentials to collect donations into accounts they control. These guys are looking for money, credit card numbers and personal details. So, if you want to donate, use the official Website, or send your donation to the official offices, heck, you can even go to the offices. Just don’t reply to unsolicited emails.

2. Sporting events (FIFA EuroCup, 2012 Olympics) – Before, during and after the event come a flurry of scams ranging from fake game tickets, fake hotel rooms, betting scams, fake lotteries… cybercriminals are hunting for money and personal details. So, if you want the real deal, buy the real tickets, from the real official seller.

3. Celebrities (especially death) – Cybercriminals try to arouse base instincts by luring people in with gory and shocking video footage or pictures. The idea behind the scam is to steal credentials (especially on social networking sites such as Facebook), and/or install malware on your computer, thereby giving cybercriminals access to sensitive data and computer resources. So, if you want shocking images, rent a horror movie or just watch the news.

This year’s novelty is actually scammers using their own fake shortened URL services. Shortened URLs are increasing in popularity with micro-blogging and social networks. Unfortunately, they also turn out to be a very convenient tool for abuse. These URL shortening services don’t work like legitimate ones.

The spam emails contain a shortened URL created with a legitimate URL-shortening service. The link actually points to another shortened URL, but this time created using the spammer’s fake shortening service, which, in turn, redirects to the malicious website.

Spammers use it to better disguise their spam by giving them the appearance and functionality of a legitimate URL-shortening service: to better evade anti-spam filters and to better avoid disruption.

A great deal of global Internet users share a wealth of information on social networking sites, which greatly helps cybercriminals craft specific attacks. What type of information is especially valuable and should not be divulged publicly?
Definitely name, surname, birth date and address. This easily found information enables a potential attacker to easily impersonate you. Other information that could be used against you is your favorite hobby, the school you went to, your dog’s name, your mother’s maiden name… the typical information asked by Web services to recover your password. This information is easily found nowadays and could give a potential attacker access to your existing accounts or even establish a loan in your name.

Then there’s everything else, pictures of your car and its plate number, pictures of where you spent your last holidays, your hobbies, your favorite books, movies, music…. any of this can be easily used to craft a specific attack, with false information especially crafted for you.

During the Olympics in London, a great number of people will use public hotspots and terminals to connect to their Facebook accounts and check e-mail. What steps should they take to make sure their confidential information is not stolen?
Be very wary of any emails or private messages with attachments or links, especially if they talk about topical events or celebrities. Keep your laptop fully patched and updated (operating system, Adobe Reader, Flash, Java, Web browser, etc.)

Make sure the web browser isn’t saving your credentials if you’re in a cybercafe. In Chrome: wrench -> Settings -> Show advanced settings -> Manage saved passwords. Make sure you properly log out from all the services you used (Gmail, Facebook, etc). And perhaps most importantly, change your passwords often.

There’s a huge number of virtual scams out there, what are the most dangerous? What countries do they originate from?
According to IC3 2011 numbers, the top 5 reported crimes are:

  • FBI-related scams (35,764 complaints): scams in which criminals pose as the FBI
  • Identity theft (28,915 complaints): unauthorized use of a victim’s details to commit fraud or other crimes
  • Advance-fee-fraud (27,892 complaints): victims are convinced to pay a fee to receive larger sums of money, but never receive anything in the end
  • Non-auction/non-delivery of merchandise (22,404 complaints): buyer does not receive bought item
  • Overpayment fraud (18,511 complaints): victim receives an invalid monetary instrument with instruction to deposit it in a bank account and send excess funds or percentage of deposited money back to sender.

As for countries of origin, according to Wymoo, the top 5 fraud zones are the following:

Nigeria – Nigeria remains one of the largest fraud and scam operations in the world. New tactics by criminals in Nigeria are increasingly sophisticated, and victims range from individuals, to investors, to multi-national corporations. New system technology allows Nigerian criminals to hide their true location, masking their IP address and using non-Nigeria phone numbers and addresses.

Common fraud: Advance fee fraud, dating scams, dating fraud, inheritance scams, online dating scams, business fraud, investment scams, charity and employment fraud.

Ghana – Ghana is rapidly becoming a world leader for fraud and online scams. The criminals here have quickly modelled their approach after scams in Nigeria. Many criminals operating in Ghana are from Nigeria, and most West Africa nations are high risk countries.

Common fraud: Advance fee fraud, dating scams, dating fraud, inheritance scams, online dating scams, business fraud, investment scams, charity and non-profit fraud.

Russia – Russia is a high risk nation for fraud and scams. Business fraud is a problem here, as well as the high risk for bride scams and online dating fraud. All relationships should be verified by an investigator.

Common fraud: Advance fee fraud, dating fraud, business fraud, online dating and bride scams.

Ukraine – The Ukraine is a high risk nation for fraud and scams, many of which are modeled after romance fraud operations in Russia.

Common fraud: Advance fee fraud, dating fraud, business fraud, online dating and bride scams.

The Philippines – The Philippines remains one of the highest risk countries in the world for relationship fraud and romance scams. Online dating scams, infidelity, and marriage fraud in this nation remain at very high levels.

Common fraud: Advance fee fraud, dating fraud, online dating, marriage fraud, and bride scams.

Don't miss