Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

RSA Monthly Online Fraud Report - September 2013


Published on

The RSA Monthly Online Fraud Report examines the latest trends in global phishing and cybercrime.
The month of August marks a much anticipated return to school for both parents and students, but it appears that the subject of education is just as popular in the cybercrime underground this time of year. RSA has observed an increased supply of cybercrime courses, lessons, counseling and tutoring offered to fraudsters in rather official-looking models, mimicking the activity of legitimate schooling

Published in: Technology, Business
  • Be the first to comment

RSA Monthly Online Fraud Report - September 2013

  1. 1. page 1 F R A U D R E P O R T NOW REGISTERING FOR CLASSES AT CYBERCRIME U September 2013 The month of August marks a much anticipated return to school for both parents and students, but it appears that the subject of education is just as popular in the cybercrime underground this time of year. RSA has observed an increased supply of cybercrime courses, lessons, counseling and tutoring offered to fraudsters in rather official-looking models, mimicking the activity of legitimate schooling. SENIOR FRAUDSTERS OFFER SCHOOLING FOR NEWCOMERS It has never been uncommon in the underground to see senior actors offer up advice to newbies on how to commit fraud. More recently, seasoned criminals are even willing to share more of their time and expertise to teach willing would-be criminals the ins and outs of cybercrime – for a fee. RSA has been seeing an increase in ads by established criminals advertising courses they commonly carry out via Skype videoconferencing. To add value, “teachers” are offering interesting fraud courses, following those up with individual tutorials (Q&A sessions) after students join their so-called schools. Since Fraud-as-a-Service (FaaS) strives to resemble legitimate business models, fraudster trade schools further offer ‘job placement’ for graduates through their many underground connections with other experienced criminals. Interestingly, some of the “teachers” go the extra mile and vouch for students who show “talent” so that they can join the underground communities they would otherwise not be able to access.
  2. 2. page 2 Some cybercrime professors even enforce a rigid absentee policy: –– Students must give a 2 hour advanced notice if they cannot attend. –– Students who fail to notify ahead of time are fined 50% of the fee, and rescheduled for the next class. –– Students who fail to pay absentee fees will forfeit the entire deposited fee. The following section presents some examples of cybercrime schooling curriculums exposed by RSA fraud analysts. BEGINNERS’ CYBERCRIME CLASSES The first level of course is designed for beginners, teaching the basics of online financial fraud. Cybercrime Course Curriculum: The Business of Fraud Credit cards, debit cards, drop accounts, how all it works, who are the clients, prices, risks. Legal Aspects How to avoid being caught by the authorities. What can be used against you in a court of law? Building Your Business Where to find clients? How to build a top-notch fraud service. Transaction Security How to avoid getting scammed and shady escrow services. Price per lecture 2,500 Rubles (about $75 USD) COURSES IN CARD FRAUD Criminals further offer the much in demand payment card fraud classes - one course per payment card type. Card Fraud Course Curriculum The Business Drops, advertising, accomplices, chat rules and conventions. Legal Security Dealing with law enforcement: who is accountable for the crime in organized groups, what can be collected as evidence. Building Your Business Invaluable tips that will help develop your service to top level, and help acquire customers. Security of Transactions Common patterns of rippers/ripping, how to identify scams, how to use escrow services. Price per lecture Price per course Both courses 2,500 Rubles (about $75 USD) 2,500 Rubles (about $75 USD) 4,000 Rubles (about $120 USD)
  3. 3. page 3 ANONYMITY AND SECURITY COURSE Stressing the importance of avoiding detection and maintaining anonymity, this course teaches a fraudster the art of avoiding detection, and how to erase digital “fingerprints”. The tutoring vendor offers practical lessons in configuring a computer for complex security and anonymity features. This course includes a theoretical and a practical section, with a duration estimated at four hours. Anonymity Course Curriculum: Configuring and using Anonymity tools Antivirus and firewall, Windows security(ports and ‘holes’), virtual keyboards, shutting off browser logging, eliminat- ing history/traces on the PC, applications for permanent data removal, data encryption on the hard drive, Anony- mizer applications, VPN – installation/configuration, using SOCKS – where to buy them, hiding one’s DNS server, dedicated servers, TOR browsers, safe email mailboxes, using disposable email, using a cryptic self-destruct flash drive, creating cryptic self-destruct notes, extra advanced topic – tools for remotely liquidating a hard drive. Botnets Independent study (online document/site link provided) Using Chat Channels Using ICQ, Skype, Jabber, registering Jabber on a safe server, OTR/GPG encryption in a Jabber chat, passing a key and chatting on a secure channel via Jabber Legal Electronic evidence one might be leaving behind, and that can be used against fraudsters by law enforcement. Price per course 3,300 Rubles (about $99 USD) $35 – additional charge for installing VPN BECOME A MULE HERDER Nowadays, money mules and item drop mules are the most crucial parts of the fraud supply chain, for nearly all fraud scenarios in which criminals need to move money or goods. Mules are becoming increasingly scarce in the underground and mule herders stand to increase their business profits if they can deliver active mules. In an interesting cybercrime schooling offer, a vendor is offering to instruct newcomers on how to recruit mules and open their own “business” as a mule herder. Mule Herding Course Curriculum: Theory section (2-3 hrs) Fundamentals – opening a mule-recruitment service, legal and practical security measures, finding accomplices and partners. Practical section (3-5 hrs) Receive a prepared transaction to handle, and earn 10% on this initial transaction (if one succeeds). If the student fails, a second transaction will be offered, at a cost of 1,500 Rubles ($45 USD) and no percentage earned. Upon successful completion of the test, fraudsters receive official confirmation by public notice from the lecturer in the community. This part is only open to students who have completed the theory section, and have set up the anonymity and security tools, and have the additional tools required for the transaction
  4. 4. page 4 ONE-ON-ONE TUTORIALS AND CONSULTATIONS With a money-back guarantee promised to students, one crime school offers personal one-on-one tutorials and problem solving sessions via Skype. Special tutorial topics: Banking and Credit Cards “Black and white” credit, fake documents, banking algorithms and security measures (Russian Federation only) Debit Cards The finer details of working with debit cards and setting up a service (Russian Federation only) Registering and Using Shell Corporations Legal issues and practical problems in using shell corporations for fraud (Russian Federation only) Legal Liability Issues Your legal rights, practical advice on interaction with law enforcement agencies, counseling services even while under investigation (Russian Federation only) Setting up Anonymity Practical help in setting up anonymity, and answers to questions from the course (any country) Price 2,000 Rubles (about $60) per hour THE SCHOOL OF CARDING Approaching the subject that is highest in demand in the underground, vendors have opened schools for carding – teaching the different ways to use payment cards in fraud scenarios. One vendor offers classes on a daily basis, at two levels of expertise, and indicates that he gives his personal attention to each student. The vendor also assures his students that his resources (compromised data) are fresh, personally tested by him, and never before made available on any ‘public’ lists. School of Carding - Basic Curriculum Current Working BINs Credit card BIN numbers that have been verified as successful in carding scenarios. Websites for Clothing, Electronics, etc. Which merchants make the best targets for carding? Tips and Tricks Extra insights from personal experience. Price $25 USD School of Carding - Advanced Curriculum BINs and Banks Recommended BIN numbers that give best results in carding. Tested sites A list of tested ecommerce sites recommended for carding clothing, electronic goods, and more.
  5. 5. page 5 Phishing Attacks per Month RSA identified 33,861 phishing attacks launched worldwide in August, marking a 25% decrease in attack volume from July. Based on this figure, it is estimated phishing resulted in an estimated $266 million in losses to global organizations in August. 0 10000 20000 30000 40000 50000 Source:RSAAnti-FraudCommandCenter 49488 35440 33768 41834 29581 30151 27463 24347 26902 36966 35831 45232 33861 Aug12 Sep12 Oct12 Nov12 Dec12 Jan13 Feb13 Mar13 Apr13 May13 Jun13 Jul13 Aug13 US Bank Types Attacked U.S. nationwide banks remained the most targeted with two out of three phishing attacks targeted at that sector in August while U.S. regional banks saw an 8% increase in phishing attacks. 0 20 40 60 80 100 Source:RSAAnti-FraudCommandCenter 11% 9% 9% 12% 6% 15% 8% 17% 15% 8% 11% 11% 11% 15% 14% 14% 9% 15% 15% 23% 23% 12% 19% 13% 15% 23% 74% 77% 77% 79% 79% 70% 69% 60% 73% 73% 76% 74% 66% Aug12 Sep12 Oct12 Nov12 Dec12 Jan13 Feb13 Mar13 Apr13 May13 Jun13 Jul13 Aug13
  6. 6. page 6 Top Countries by Attack Volume The U.S. remained the most targeted country in August with 50% of the total phishing volume, followed by the UK, Germany and India which collectively accounted for approximately 30% of phishing volume. UKGermanyChinaCanadaSouth KoreaAustraliaa United Kingdom 12% U.S. 50% Netherlands 3% South Africa 3% India 5% Germany 11% 43 Other Countries 16% BrasilIndiaNetherlandsCanadaItalyChinaS AfricaUS Top Countries by Attacked Brands In August, 26% of phishing attacks were targeted at brands in the U.S., followed by the UK, Australia and India. Top Hosting Countries Four out of every ten phishing attacks were hosted in the U.S. in August. Canada, the Netherlands and the UK collectively hosted 25% of phishing attacks. U.S. 40% 61 Other Countries 29% Canada 14% Germany 4% Colombia 3% United Kingdom 5% Netherlands 5% BrasilIndiaNetherlandsCanadaItalyChinaS AfricaUSa United Kingdom 11% 44 Other Countries 47% U.S. 26% Canada 4% Australia 5% India 7%
  7. 7. CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at ©2013 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. SEP RPT 0813