Category Archives: Web Fraud 2.0

Using Windows for a Day Cost Mac User $100,000

June 2, 2010

David Green normally only accessed his company’s online bank account from his trusty Mac laptop. Then one day this April while he was home sick, Green found himself needing to authorize a transfer of money out of his firm’s account. Trouble was, he’d left his Mac at work. So he decided to log in to the company’s bank account using his wife’s Windows PC.

Unfortunately for Green, that PC was the same computer his kids used to browse the Web, chat, and play games online. It was also the same computer that organized thieves had already compromised with a password-stealing Trojan horse program.

A few days later, the crooks used those same credentials to steal nearly $100,000 from the company’s online accounts, sending the money in sub- $10,000 and sub-$5,000 chunks to 14 individuals across the United States.

Revisiting the Eleonore Exploit Kit

May 24, 2010

29 Comments

Not long after I launched this blog, I wrote about the damage wrought by the Eleonore Exploit Kit, an increasingly prevalent commercial hacking tool that makes it easy for criminals to booby-trap Web sites with malicious software. That post generated tremendous public interest because it offered a peek at the statistics page that normally only the criminals operating these kits get to see.

I’m revisiting this topic again because I managed to have a look at another live Eleonore exploit pack panel, and the data seems to reinforce a previous hunch: Today’s attackers care less about the browser you use and more about whether your third-party browser add-ons and plugins are up-to-date.

Fraud Bazaar Carders.cc Hacked

May 18, 2010

44 Comments

Carders.cc, an German-language online forum dedicated to helping criminals trade and sell consumer data stolen through hacking, has itself been hacked. The once-guarded contents of its servers are now being traded on public file-sharing networks, leading to the exposure of identifying information on both the forum’s users and countless passwords, credit and debit cards swiped from unsuspecting victims.

Following the Money, Part II

May 18, 2010

18 Comments

A leading Russian politician has accused a prominent Moscow businessman of running an international spam and online pharmacy operation while serving as an anti-spam adviser to the Russian government. Russian investigators now say they plan to create a special task force to look into the allegations.

Teach a Man to Phish…

May 17, 2010

13 Comments

Phishing may not be the most sophisticated form of cyber crime, but it can be a lucrative trade for those who decide to make it their day jobs. Indeed, data secretly collected from an international phishing operation over the last 18 months suggests that criminals who pursue a career in phishing can steal millions of dollars a year, even if they only manage to snag just a few victims per scam.

A Stroll Down Victim Lane

May 10, 2010

33 Comments

Last week I traveled to Cooperstown, N.Y. to deliver a keynote address about the scourge of online banking fraud that I’ve written about so frequently this past year. I flew into Albany, and in the short, 60 minute drive west to Cooperstown, I passed through tiny Duanesburg, a town whose middle school district is still out a half million dollars from e-banking fraud. On my way to Cooperstown, I also passed within a few minutes of several other recent victims — including a wrecking firm based on Schenectady that lost $70,000 last month when organized thieves raided its online bank account.

Visa Warns of Fraud Attack from Criminal Group

May 8, 2010

17 Comments

Visa on Friday warned banks that it has received reliable intelligence that an organized criminal group plans to attempt to move large amounts of fraudulent payments through a merchant account in Eastern Europe over the weekend.

Accused Mariposa Botnet Operators Sought Jobs at Spanish Security Firm

May 3, 2010

20 Comments

Luis Coronns spent much of the last year helping Spanish police with an investigation that led to the arrest of three local men suspected of operating and renting access to a massive and global network of hacked computers. Then, roughly 60 days after their arrest, something strange happened: Two of them unexpectedly turned up at Coronns’ office and asked to be hired as security researchers.

A Closer Look at Rapport from Trusteer

April 29, 2010

121 Comments

A number of readers recently have written in to say their banks recently have urged customers to install a security program called Rapport as a way to protect their online bank accounts from fraud. The readers who pinged me all said they didn’t know much about this product, and did I recommend installing it? Since it has been almost two years since I last reviewed the software, I thought it might be useful to touch base with its creators to see how this program has kept pace with the latest threats.

Fake Anti-virus Peddlers Outmaneuvering Legitimate AV

April 27, 2010

39 Comments

Purveyors of fake anti-virus or “scareware” programs have aggressively stepped up their game to evade detection by legitimate anti-virus programs, according to new data from Google.