Saturday, October 4, 2008

How Online Fraudsters Are Using SaaS in Their Networks

The eweek published recently, an article about Online Fraudsters, written by Chris Preimesberger. Uri Rivner, RSA Security head of new technologies, told attendees, at an analysts' briefing Sept. 25 at EMC's Silicon Valley offices, that the Internet fraud business has grown so large and enmeshed in legitimate online activities that it is becoming increasingly difficult to tell who's good and who's bad.

According the article: "Rivner pointed out two recent trends: a) Fraudsters using SAAS (software as a service) models to sell their services to customers for a monthly fee, and b) the appearance of new super-Trojans that hijack legitimate bank Web sites and fool people into entering personal financial information--such as ATM account numbers and personal identification numbers--into the phony Web site.

In describing the hosted fraud model, Rivner said that if a willing participant knows where to go, he or she can simply order a phishing or other criminal business service online and pay a fee per month to participate as an investor in order to share in the "profits."

"This fee at one of these services is $299 per month," Rivner said. "This puts you into the food chain of [identity] harvesters, phony ATM card makers, delivery specialists--a whole infrastructure of criminals.

The second trend, involving the new Trojans--which can get installed on an unsuspecting computer owner's machine through either opening an executable file or by a browse-by Web site, which is fairly rare--is also a growing problem, Rivner said.

"In this scenario, with the Trojan on the client and working, the user goes to his or her bank's Web site to make a transaction. The Trojan is alerted to this when the site is brought up. When it does show up, it waits for the user to log on, then brings up the false site, which looks very similar to the legitimate one," Rivner said."

With the growing of the online services, consequently the online fraud business also growing, and the frauds are increasingly more sofisticated. The users must be very careful when are accessing sites, mainly bank's Web site and shopping sites.

No comments: