Fighting the Enemy: Making Sense of the Growing Crimeware Threat  
  SEARCH: Sign In | Register | Contact Us | Site Map | Home  

White Papers for Federal Financial Institutions Examination Council (FFIEC)

Fighting the Enemy: Making Sense of the Growing Crimeware Threat

RSA

Identity takeover in the online world has traditionally been performed through “social engineering” tactics, usually a scam that unwittingly dupes consumers into revealing their personal credentials (such as username or password).Phishing, the act of posing as a legitimate organization or entity, usually via email, and directing consumers to a fraudulent website with the intent of acquiring their personal information, is the best example of this approach and most commonly used by fraudsters.
Hacking, the act of “breaking in” or using vulnerabilities on an Internet site in order to gain unauthorized access, has been romanticized in popular culture but has rarely been used as a technique to commit financial fraud. Hacking is used more often as a tool to set up infrastructure for other types of scams (such as hosting for phishing attacks or as a method for malicious software to be spread) or to penetrate relatively small and unprotected websites in an attempt to re-use the credentials in their databases on larger financial sites.
As organizations have learned to effectively manage the known risks and fraudsters seek to increase their yield, a new method of identity and account takeover has emerged—crimeware or financial Trojans.
Crimeware: The Next Generation Threat Crimeware is a malicious program that is downloaded unknowingly onto a user’s PC either by deceiving the victim into running it or by exploiting a vulnerability in the user’s operating system, browser or other software installed on the PC. While there are many different types
of malicious software in the online world, crimeware, for the purpose of this paper, can be defined as any malicious piece of software that satisfies at least one of the following criteria:
1. Stealing online credentials, personal data, or any other piece of information necessary for identity takeover, with the intent of using the stolen identity to steal funds
2. Performing unauthorized online transactions in order to steal funds; this includes Trojans that “hijack” online banking or other secure sessions of infected users and carry out fraudulent transactions after the user has logged out The most popular method used to commit financial fraud in the online channel is by identity takeover.This occurs when a fraudster takes over an existing identity or account in order to steal funds from the account. Committing fraud through traditional identity theft tactics, such as creating a new identity and
defaulting on a loan, still exist but are not as prevalent as the online channel offers several advantages for
fraudsters.

View the White Paper



Share or bookmarklet this web page at:



Google
Privacy Policy | Terms & Conditions | Support | Directory Links | Contact Us | Site Map | Home
Copyright © 2007-2008 ComplianceHome.com. A SUPREMUS GROUP venture. All rights reserved.