Blog Posts Tagged:MitB

ThreatMetrix Offers Best Practices for Consumers to Avoid Falling Victim to Fraud

San Jose, CA – May 9, 2013 – ThreatMetrix™, the fastest-growing provider of integrated Web fraud and cybersecurity solutions, today announced several cybercrime scenarios and preventative tips for consumers to stay protected while shopping for mom this Mother’s Day.

According to the National Retail Federation, Mother’s Day spending this year is expected to reach $168.94 on average, with total spending expected to reach a staggering $20.7 billion.

“The unfortunate reality is that today, any major spending holiday places consumers at high risk for fraud, malware and account takeover as cybercriminals capitalize on consumer spending for personal gain,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “Consumers must be vigilant of the risks associated with online shopping. The last thing you want to give dear old mom for Mother’s Day is a case of malware or identity theft.”

Mother’s Day ranks fourth in spending holidays, behind the winter holidays, back to school shopping and Valentine’s Day. To help consumers stay protected, ThreatMetrix has identified the following top account takeover threat scenarios for consumers to be aware of when shopping for Mother’s Day:

1. Phishing is a concern for consumers around major spending holidays, especially Mother’s Day. Here’s how it works: Cybercriminals will send out an email with a fake offer – “Click Here to Send Mom One Dozen Roses for $20.” You click on the link and are taken to a fake website where you enter your credit card details along with mom’s personal information for delivery. Once the “order” is submitted, the cybercriminal has stolen your credit card details and no roses ever arrive for mom.

2. Data Breaches and Password Reuse occurs when a customer’s account at an e-merchant, financial services organization or social media site has been hacked and personal information, including the account password, has been compromised. Reusing the same password across multiple sites puts all customers’ accounts at risk of being compromised. For example, if the website you purchased flowers from for your mom suffers a data breach, all of your accounts with the same password are now at stake.

3. Mobile devices offer consumers the convenience of shopping on the go. With this convenience comes security risks you need to be aware of when shopping for mom this Mother’s Day. If you lose your mobile device, whoever finds it may be able to access your phone and all the sites and applications containing your saved passwords. To help prevent this scenario as you’re purchasing a gift for mom, be sure to lock your screen when not in use.

According to ThreatMetrix, the most effective ways for consumers to stay protected when shopping for Mother’s Day online include:

• Only purchase from verified retailers

• Avoid using the same password across several online shopping and banking sites

• Avoid storing credit card information on retail sites and mobile phones

• Avoid clicking on suspicious links in unsolicited emails

“While consumers should be extra cautious to avoid cybercrime around major spending holidays, it is just as important for retailers to put preventative measures in place,” said Faulkner. “It is much easier and more effective to avoid cybercrime all together than have to pick up the pieces once customer accounts have been verified. Without preventative cybercrime solutions in place, retailers risk jeopardizing customer accounts and company revenue.”

About ThreatMetrix

ThreatMetrix is the fastest-growing provider of integrated web fraud and cybersecurity solutions. The TrustDefender™ Cybercrime Protection Platform helps companies prevent unauthorized access to web and mobile applications, protect sensitive data, and secure transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. ThreatMetrix protects more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.

© 2013 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts

Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Meghan Reilly
Walker Sands Communications
Tel: 312-445-9926
Email: meghan.reilly@walkersands.com

Fifty million of LivingSocial’s 70 million customers discovered their data may have been compromised when hackers attacked a company server. LivingSocial, a website that features discounted gift certificates, disclosed that hackers gained access to names, email addresses, encrypted passwords and the dates of birth for some users. However, the company maintained that credit card data was not affected.

Julianne Pepitone on money.cnn.com reported, “All LivingSocial users had some data stored on the hacked server…except for customers in Korea, Thailand, Indonesia and the Philippines. Those countries use TicketMonster and Ensogo, which are on different systems.”

LivingSocial said it was “actively working with law enforcement to investigate” and instructed users to reset their passwords.

LivingSocial’s hack comes on the heels of the Associated Press’s Twitter account hack, which sent a tweet claiming an attack on the White House had been attacked and the president injured. The news briefly sent the stock market into a precipitous dive until the tweet was debunked.

ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions.The TrustDefender™ Cybercrime Protection Platform helps companies protect customer data and secure transactions against payment fraud, malware, account takeover, fraudulent new registrations, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, malware protection with TrustDefender™ Cloud and TrustDefender™ Client, as well as TrustDefender™ Mobile for smartphone applications. ThreatMetrix cybersecurity solutions protect more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.

According to energyfiend.com, the most expensive Starbucks drink is the 3000mg caffeine-loaded Quadriginoctuple Frap at $47.30. If you think that’s an expensive cup of joe, try sharing your private personal financial information with cyberthieves.

Starbucks, Peets, et al. have become a kind of home away from home – well at least the living room part. People tend to feel comfortable and secure much as they would at home. Checking Facebook, emailing, downloading photos, online shopping, mobile banking and accessing all sorts of sensitive documents over public Wi-Fi networks has become standard operating procedure for a lot of people.

“Consumers can easily access public Wi-Fi networks from just about anywhere – and so can cybercriminals,” said Dean Weinert, product manager, ThreatMetrix. “Cyber threats are certainly a reality at local coffee shops and other wireless hotspots. If consumers don’t take extra precaution to protect their personal devices, they can unwittingly share sensitive information with cybercriminals interfering on the network.”

To help consumers avoid online fraud and malware traps, ThreatMetrix offers a number of scenarios that demonstrate how cybercriminals access sensitive transactions on public networks.

• Network Scanners – A network scanner detects open ports on a device that’s connected to a network. A cybercriminal can integrate a network scanner with hacking tools to automatically exploit system vulnerabilities, giving the criminal complete control of a customer’s device.

• Man-in-the-Middle – Hackers use off-the-shelf or other devices configured as “hotspot honeypots” to intercept a user’s Internet connection, granting the hacker full access to the user’s network connection. This allows hackers to launch man-in-the-middle attacks such as Website redirection, session hijacking and other network-based attacks.

• Social Hacking – Cybercriminals leave a malicious USB drive on a café table for an unsuspecting, curious customer to insert it into his or her device. The attacker then captures sensitive information, such as social network logins.

• Hi-Res Video Cameras on Mobile Phones – Cybercriminals use hi-resolution video cameras on a mobile device to capture a nearby user’s activity. For example, a consumer may enter credit card information or Gmail login into a device while waiting in line, without knowing the cybercriminal has videoed his/her credentials.

How should consumers avoid these traps? Conduct banking and other personal business in genuinely safe environments – not in a public place akin to counting out hundred dollar bills in a dark alley. Also consumers should take care to frequently update their operating systems and anti-virus software.

“The bottom line is – consumers are better off conducting mobile banking and other transactions at home on a secure, password-protected network,” said Weinert. “Even so, approximately one in five consumers don’t update fraud and malware protection software beyond the initial three-month trial period after purchasing a new device. Consumers must continuously update such software or risk losing their caffeine buzz once they realize their account has been compromised by a cybercriminal.”

For more information and a list of tips, visit http://threatmetrix.com/resource-center/infographics/.

ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions.The TrustDefender™ Cybercrime Protection Platform helps companies protect customer data and secure transactions against payment fraud, malware, account takeover, fraudulent new registrations, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, malware protection with TrustDefender™ Cloud and TrustDefender™ Client, as well as TrustDefender™ Mobile for smartphone applications. ThreatMetrix cybersecurity solutions protect more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.

Here’s the report everybody’s been waiting a full year for. Well, maybe not everybody. But if you’re charged with security for your company’s enterprise, Verizon’s latest 2013 Data Breach Investigations Report (DBIR) covering 2012 is must reading. It’s also easy reading.

“Motives for these attacks appear equally diverse. Money-minded miscreants continued to cash in on low-hanging fruit from any tree within reach. Bolder bandits took aim at better-defended targets in hopes of bigger hauls. Activist groups DoS’d and hacked under the very different—and sometimes blurred—banners of personal ideology and just-for-the-fun-of-it lulz. And, as a growing list of victims shared their stories, clandestine activity attributed to state-affiliated actors stirred international intrigue.” As we said, easy reading.

The report was put together by the Verizon RISK Team in cooperation with a host of companies and agencies from U.S. Homeland Security and the Danish Defence Intelligence Service to Carnegie Mellon’s Software Engineering Institute and Deloitte and literally covers the globe.

Two types of cyberrotters were responsible for the vast majority of breaches. Seventy-five percent were driven by greed or as the report put it “financially motivated cybercrime” while twenty percent were “state-affiliated espionage campaigns” defined as “cyberthreats aimed at stealing intellectual property-such as classified information, trade secrets and technical resources to further national and economic interests.”

Following are some of the report’s high points though low points might be a more apt description:

• Cybercrime victims in 2012 represented a wide range of industries from financial organizations (37 percent) to retailers and restaurants (24 percent).
• 20 percent of network intrusion cases covered in the report involved the manufacturing, transportation and utilities industries, with the same percentage affecting information and professional services firms.
• Hacking was the number one way breaches occurred-factoring in 52 percent of data breaches; while 76 percent of network intrusions exploited weak or stolen credentials such as usernames and passwords. 40 percent incorporated malware tactics and 35 percent involved physical attacks, such as ATM skimming.
  Additionally, phishing factored in 20 percent of cases in the report.
• Breaches continue to go undiscovered for months or even, years. And in 69 percent of cases, third parties are the ones who detect a data breach.

ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions.The TrustDefender™ Cybercrime Protection Platform helps companies protect customer data and secure transactions against payment fraud, malware, account takeover, fraudulent new registrations, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, malware protection with TrustDefender™ Cloud and TrustDefender™ Client, as well as TrustDefender™ Mobile for smartphone applications. ThreatMetrix cybersecurity solutions protect more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.

They happen to achieve political objectives. They happen to extort ransom. They happen as a decoy while cyberthieves steal money and personal information. And, they’re happening more and more — Distributed Denial of Service attacks (DDoS).

One security firm’s study cited by Dan Kaplan, Executive Editor of scmagazine.com states, “In the first quarter of 2013, DDoS attacks on average measured 1.77 gigabytes per second (GB/sec), a 19.5 percent climb over the first quarter of last year, while the portion of attacks ranging from 2 to 10 GB/sec grew from 15 percent to 21.5 percent.”

What’s worse is there’s been a sharp increase in the number of higher-than 10 GB/sec attacks; a 74 percent jump from all of 2012. This increase is attributed to hackers using compromised Web server botnets as opposed to individual PCs with their much lower bandwidth.

Kaplan notes that, “Aside from the volumetric-style attacks that use traditional means for attacking sites, application-layer attacks, which leverage encrypted traffic, are becoming more common because they are more difficult to deter.”

The outlook doesn’t look particularly bright for the foreseeable future because firewalls and other intrusion prevention systems are unable to stop DDoS attacks. In fact, Kaplan writes, “A recent study found that the market for DDoS mitigation solutions is projected to grow 18.2 percent between 2012 and 2017, hitting $870 million in spending.”

ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions.The TrustDefender™ Cybercrime Protection Platform helps companies protect customer data and secure transactions against payment fraud, malware, account takeover, fraudulent new registrations, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, malware protection with TrustDefender™ Cloud and TrustDefender™ Client, as well as TrustDefender™ Mobile for smartphone applications. ThreatMetrix cybersecurity solutions protect more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.

Have bloggers using WordPress become more surly lately? We can’t answer that. But, if they did, they’d have good reason. A study by one security company says in the last few months WordPress customer login pages have been having “issues” in the form of 30 to 40,000 attacks per day. “In April 2013, (the number of attacks) increased to 77,000 per day on average, reaching more than 100,000 attempts per day in the last few days,” says Web-hosting company, IXWebHosting.

Now it appears a botnet with more than 90,000 servers has been attempting to log in by cycling through different usernames and passwords. Mohit Kumar, Founder and Editor-in-Chief of thehackernews.com, observes that the attacks have had an impact on Linux servers. Addressing the issue, hosting administrators have blocked all connections to wp-login.php.

Hostgator tells its customers, “At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website. These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including ‘special’ characters (^%$#&@*).”

Spiral Hosting issued this notice, “A large botnet has been attempting to break into WordPress websites by continually trying to guess the username and password to get into the WordPress admin dashboard. This is affecting almost every major web hosting company around the world. Our Network Operations Centre (NOC) has detected a significant increase in botnet activity in the last 24 hours.”

Kumar’s article contains two pieces of advice. One is that users should utilize .htaccess to protect their admin area and rename login pages. The second is to stay tuned to Twitter and Facebook WordPress pages for more information.

ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions.The TrustDefender™ Cybercrime Protection Platform helps companies protect customer data and secure transactions against payment fraud, malware, account takeover, fraudulent new registrations, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, malware protection with TrustDefender™ Cloud and TrustDefender™ Client, as well as TrustDefender™ Mobile for smartphone applications. ThreatMetrix cybersecurity solutions protect more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.

Burger King’s Twitter account was hacked and renamed McDonalds. Jeep’s Twitter account was hacked and Jeep was made part of the Cadillac line.

Devin Coldewey on nbcnews.com wrote, “The account was briefly rebadged, so to speak, to feature a brand new Cadillac ATS, and tweets are pouring out praising Cadillac in the same coarse and thuggish vernacular seen on Burger King’s account. The Jeep account also called out several users of Twitter as ‘da bad guys,’ one of which tweeted that it was the user @GUHTI_, or ITHUG, who had actually perpetrated the hack.”

Call it irony or plain old bad luck, but Coldewey noted that prior to the hack, Jeep “had only a few minutes earlier tweeted about online security, specifically in response to the Burger King hack.” What’s that old cliché about timing being everything? Anyway, Coldewey added, “The nature of the hack is unknown as yet — it could be a serious security hole on Twitter’s end, or the hacker could have compromised a computer with access to the Jeep account. Cadillac denied any involvement, much as McDonalds did yesterday.”

Fresh on the heels of the Jeep and Burger King hacks, MTV’s twitter account looked like it’d been hijacked changing MTV to BET.

No. It was just a publicity stunt by Viacom, which owns both properties. Great publicity – if your aim is for some reason to look like you just got hacked.

In any case, Michael Lee on zdnet.com wrote that Twitter appears to be looking into a way to implement two-factor authentication to shore up its security and prevent breaches that, in addition to Jeep’s and Burger King’s, recently put 250,000 other Twitter users’ information and reputations at risk.

However, OneID founder Steve Kirsch, among other security pros, is sure two-factor authentication is not the right solution for Twitter. And in Lee’s zdnet.com piece Kirsch explains why:

Two-factor authentication provides an additional effective step to thwart would-be attackers from taking over users’ accounts, but it is currently not an option for Twitter users. On the back of recent attacks on the site, many have been calling for Twitter to implement it, but, according to Kirsch, even if Twitter does roll out the security measure, it won’t prevent the attack from occurring.

While not dismissing two-factor authentication systems’ effectiveness at preventing existing phishing attacks from being successful, Kirsch said that the number of people signing up for it in existing services is abysmal, and doesn’t do much for improving overall security.

“From a practical point of view, it would be like offering a feature that no one used,” he said.

Given that many attacks are opportunistic, focusing on the number of accounts that attackers and scammers can hack, Kirsch said that it would barely make a difference. In fact, he said that introducing two-factor authentication would hurt the user experience.

“Even adding a single character to a password in Twitter — if you require nine characters versus eight characters — even just doing that requirement measurably affects sign-up rates and so forth. Twitter wants to do whatever it can to make it easier for customers, and adding two-factor authentication is moving in exactly the wrong direction,” he said.

“Even if they move to two-factor, and even if everyone adopted it, which they wouldn’t … it’ll make no difference.”

The reason for this is that the most recent attack on Twitter wasn’t conducted on users’ accounts; it was on Twitter’s own infrastructure. By directly attacking the servers containing the password hashes of Twitter users, two-factor authentication would make little difference.

Kirsch admitted that although user passwords might be salted and hashed, if attackers have compromised a server to the point where they can retrieve that information, it would be likely that they could do worse. This includes sniffing users’ passwords as they enter the server, and converting them into hashes to be compared. Such examples have been documented for some time, where sensitive information that’s sent to a web server is intercepted as it appears in plain text in the machine’s RAM prior to processing.

Kirsch said that at the centre of the attack is the fact that Twitter, along with many other organizations that already use two-factor authentication, relies on a “shared secret” — a user password, whether it is eventually converted into a hash, a keyfile, or similar.

He argued for a better system, where even if the server is completely compromised, it would still be impossible to gain access to users’ information. And he says that such a system has existed for years.

Kirsch is pushing for companies like Twitter and Google to use public key cryptography. In this case, if attackers wanted to retrieve passwords for accounts, they wouldn’t have a single point that they could break into, because the only thing they would obtain from centralized servers are public keys, which are useless by themselves. The private keys — the other part of the “secret” needed to secure communications — would be located on users’ machines, jointly opening the possibility to remove passwords altogether.

“We basically said, let’s take a clean sheet approach to the problem and design a solution that eliminated the use of shared secrets, used modern-day cryptography, and that made it user friendly. The result is a system that has the security that is far better than even using those hardware tokens and so forth, but yet has the ease of use of Facebook Connect.”

As for why it hasn’t been adopted in greater numbers yet, Kirsch said that the relative complexity of public key cryptography schemes has been user unfriendly, but that those days are numbered.

“It’s the advances in browser technology; things like having HTML5 local storage, things like JavaScript, which is powerful enough to run these cryptographic algorithms; things like the invention of elliptic curve cryptography, which makes the computation very fast.

“All of these factors have come together (and) we can finally make this public key-digital signature world a reality. (Users will) essentially have one username (and) one password, that they can use everywhere. (Even) if there’s a breach of any site, or multiple sites, (it won’t) matter. That will truly change usability for everyone.”

ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions.The TrustDefender™ Cybercrime Protection Platform helps companies protect customer data and secure transactions against payment fraud, malware, account takeover, fraudulent new registrations, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, malware protection with TrustDefender™ Cloud and TrustDefender™ Client, as well as TrustDefender™ Mobile for smartphone applications. ThreatMetrix cybersecurity solutions protect more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.

When Facebook launched its platform for developers in 2007, it also launched the careers of a whole raft of scammers and cyberthieves. So, if you’re on Facebook and there’s something fishy about an app, there’s a good possibility the app could be phishing for your private information or a way to steal money.

According to thehackernews.com, Sophos reports nearly 60,000 people have clicked on an app that promises to allow a user to see who’s viewed his/her profile. ”The app automatically posts a comment to the user’s timeline, and sometimes posts as a photo with the message ‘OMG OMG OMG… I cant believe this actually works! Now you really can see who viewed your profile ! on (link here). ‘

“The app does not actually allow users to see profile views but instead leads them, and anyone who clicks on the link posted to their wall, to a phishing scam designed to steal personal information.”

Another app that’s had some success at the “ole phishing hole” is the “Facebook Color” app, which lets the user change the color of his/her page from Facebook’s standard blue. Though it’s advertised as a Facebook application, in reality this is a Web browser app.

First the app asks to be allowed on Facebook, then on the user’s browser. After clicking “add,” the user would be expected to be taken to the app color of his/her choice. However, when Brandy Cross, a tech blogger for The High Tech Society tried it, she ended up at a site which gave her three “You’ve Won” options.

Cross says, “I tested all three and while two led to phishing Websites, one was actually broken, which is more than a little hilarious.” Hey just being a cybercriminal doesn’t make you a smart cybercriminal.

There are a wide variety of scam and phishing apps, Cross says are hard to resist. “Options such as profile personalization, viewing people who spend time on your profile, and even some games can instead steal your information or spam your friends with malware and viruses, and post items on your wall without your permission. Most of these apps are designed to make money for the maker in some way or another, and usually that money is made off of you.”

Here are some app warning signs users should look out for:

• Automatic tagging or commenting and sharing links

• Automatic invitations

• Promised features that the user hasn’t already seen

• Apps that vanish with no results after being installed.

Cross advises that if an app has any of the above warning signs it should be removed as fast as possible. “The current version of Facebook allows you to completely control which apps have access to your profile by clicking the small gear in the upper lefthand corner. From there, you can click ‘settings’ and then ‘apps’ from the app page. You can remove anything in the apps that you are not familiar with or did not install.

“If the app has in fact installed to your browser, you can likely uninstall it by going into tools and then extensions or add-ons depending on which browser you are using.”

The goal of many phishing email and apps stealing personal information and people’s identities. Two-thousand-nine was a record-breaking year for identity theft with 13.9 million Americans becoming victims. Last year, the number had fallen, but not by much – 12.6 million. What happens in 2013 may have more to do with user awareness than cybercriminal cunning.

ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions. The ThreatMetrix™ Cybercrime Defender Platform helps companies protect customer data and secure transactions against payment fraud, malware, account takeover, fraudulent new registrations, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, malware protection with TrustDefender™ Cloud and TrustDefender™ Client, as well as TrustDefender™ Mobile for smartphone applications. ThreatMetrix cybersecurity solutions protect more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.

Remember the good old days…like 36 or 48 months ago…when the tax man was the most despised person in America? Now cyberthieves are giving him a run for his money in the bad news department.

ThreatMetrix™ has identified account takeover, when a cyberthief uses stolen user credentials to login to a website, as the leading cause of tax-related identity theft. Last year, according to the U.S. Treasury Department, identity theft cases detected by authorities ran to more than 1.2 million cases. And the best estimates are that over the next five years, this crime will cost the nation an estimated $21 billion.

These cybercriminals are as cunning as they are unscrupulous, using a wide variety of ways to trap their victims. Often they get taxpayer information through authentic-looking IRS popups, phishing emails and spam messages. When a taxpayer clicks on one of these, he/she receives an email “from the IRS” indicating there’s been underreported income or additional personal information is required. Once the taxpayer clicks on the new link, he/she is either prompted to enter personal information or download a tax statement. Either way, the taxpayer becomes an account takeover victim.

“The reason so many people fall victim to this trick is that fraudulent emails and websites often look very similar to those from the IRS or tax preparation sites,” said Bert Rankin, chief marketing officer, ThreatMetrix. “Today’s sophisticated cybercriminals cash in on a refund when e-filers basically hand them their sensitive data and credentials online. An easy-to-miss indication of a malicious message is the physical address of the link the user clicks.”

Other methods cybercrooks use to steal include:

• A data breach at a payroll processing company where a cybercrook uses a legitimate taxpayer’s credentials to file on his/her behalf.

• Taking over an existing account from a prior e-filing with tax preparer software (e.g. Intuit, TurboTax). This is done by ascertaining the taxpayer’s email address and then either “brute forcing” a user password or getting it from a site the taxpayer logged into, LinkedIn for example.

• Using malware to steal login credentials to access a partially saved tax return on a preparer site.

Once a cybercriminal gets a taxpayer’s personal information, the criminal then uses it to login into the IRS Website or a tax preparation site and falsely files tax forms. Exploiting the slow moving tax refund process, cybercriminals often collect money before victims or the IRS even discovers the fraud occurred. In many cases, even if there isn’t a refund coming to the taxpayer, the hacker can engineer it to get one. Maybe that’s where all those stories come from of people claiming pet turtles as dependent children.

“Account takeover is not a new phenomenon – many of our e-commerce and online banking clients work with us to avoid this kind of identity theft, which can cause significant damage to all involved. We work with our clients to, for example, detect when someone is using the same laptop to file multiple statements. This raises a red flag that the user may actually be a fraudster,” Rankin said. “Although no individual or organization is completely safe from identity theft, taxpayers can do their part by being aware of where they enter sensitive tax-related information.”

We touched on some, but according to the Internal Revenue Service, major tax scams to be aware of when e-filing include:

• Identity Theft – An identity thief uses a legitimate taxpayer’s identity to fraudulently file a return and claim a refund.

• Return Preparer Fraud – Fraudulent preparers solicit unsuspecting taxpayers to file with them, which results in refund fraud or identity theft.
•  “Free Money” Tax Scams – Advertisements or flyers promise refunds to individuals who have little or no income and normally don’t have a tax filing requirement.

For more information and tips on how to safely e-file, visit www.threatmetrix.com/resource-center/infographics/dont-let-cybercriminals-claim-your-refund/.

ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions. The ThreatMetrix™ Cybercrime Defender Platform helps companies protect customer data and secure transactions against payment fraud, malware, account takeover, fraudulent new registrations, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, malware protection with TrustDefender™ Cloud and TrustDefender™ Client, as well as TrustDefender™ Mobile for smartphone applications. ThreatMetrix cybersecurity solutions protect more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.

They may have phrased it slightly differently, but Sun Tzu, Vince Lombardi, George Washington, Mao Zedong, Bobby Knight, Niccolo Machiavelli, and Karl von Clausewitz shared the concept that the best defense was a good offense. Following that dictum, General Keith Alexander, director of the National Security Agency who heads up Cyber Command, testified before Congress that the Cyber Command is scheduled to have thirteen offensive cyberteams by the fall of 2015.

General Alexander urged Congress to pass legislation that would enable the private sector to share threat data with the government without the possibility of being sued. Additionally, he warned budget cuts could damage cyberdefense at a time when the strategic threat was growing. Observing that there were more than 160 attacks on banks in the last six months, the General noted, “We’ve seen the attacks on Wall Street … grow significantly.” And, describing an attack on Saudi Arabia’s national oil company, he said: “Last summer, in August, we saw a destructive attack on Saudi Aramco, where the data on over 30,000 systems were destroyed. And if you look at industry, especially the anti-virus community and others, they believe it’s going to grow more in 2013. And there’s a lot that we need to do to prepare for this.”

In a Washington Post story, Ellen Nakashima reported that U.S. Intelligence said the assaults on the banks and Saudi Aramco were the work of Iran in retaliation for U.S. sanctions aimed at deterring Iran from pursuing its nuclear weapons program.

In his remarks before Congress, Alexander made it clear that though the thirteen new cyberteams would defend against attacks, each team would be “an offensive team.”

Nakashima wrote “Twenty-seven other teams would support commands such as the Pacific Command and the Central Command as they plan offensive cyber capabilities. Separate teams would ¬ focus on protecting the Defense Department’s computer networks. He said the first third of the forces, which officials have said will total several thousand civilians and uniformed personnel, will be in place by September and the second third a year later.”

The general noted that some teams are already in place and focused on the most serious threats.

Approximately 25 percent of Cyber Command’s funds being held up by Congress’ inability to agree on a budget and sequestration has possible across-the-boards cuts taking effect that could force civilian furloughs. “By singling out the civilian workforce, we’ve done a great disservice,” said Alexander, noting that one-third of the command workforce is made up of Air Force civilians. He added that some cybersecurity recruits had taken a salary cut to work for Cyber Command. “That’s the wrong message to send people we want to stay in the military acting in these career fields.”

The General said DDoS (distributed denial of service attacks) could be handled by Internet Service Providers (ISPs). However, to detect and deflect major attacks on industry, the Cyber Command had to see them coming in real time. ISPs were best positioned to do that. However, they currently lacked the authority to share attack data with the government and were not insulated from lawsuits for sharing that data.

ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions. The ThreatMetrix™ Cybercrime Defender Platform helps companies protect customer data and secure transactions against payment fraud, malware, account takeover, fraudulent new registrations, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, malware protection with TrustDefender™ Cloud and TrustDefender™ Client, as well as TrustDefender™ Mobile for smartphone applications. ThreatMetrix cybersecurity solutions protect more than 1,500 customers and 8,500 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.