How the bad guys can empty your bank account from right under your nose.

The next time you pick up the phone and all you hear is noise, or you find yourself inexplicably connected to a porn chat line, might be smart to hang up the phone, find another phone, and quickly call your bank.

In a startling example of how creative and brazen thieves have become, a new scam has emerged that has experts scratching their heads.

When a bank receives an unusual customer request to transfer money to another account, standard procedure is to call the customer at their listed number and have the customer verify over the phone that the transfer is legitimate.

But what would the bank do if your phone was constantly busy and they couldn’t get through? They would postpone the transfer or stop it altogether until they could get through, right? Maybe. Unless they got a call from someone claiming to be you, apologizing that there were problems with their phone line and authorizing the completion of the transaction.

That’s the scam. Crooks are targeting the accounts of high net worth individuals with requests to transfer large amounts of money to other accounts. Knowing that the victim’s bank will call looking for verification, the crooks quickly flood the victim’s phone with garbage messages like porn chat so that the bank simply can’t get through.

But that’s only part of the scam. The crooks then call the bank posing as the victim, complaining that a recently requested transfer is being blocked, and explaining that the reason they didn’t get the all-important verification call was because of “phone problems.”

It’s a clever mixture of two well-known types of attack; Denial of Service, where the thieves “attack” your phone number with traffic that ties up the line; and social engineering, where the thieves actually call your bank, speak to a live person, and put on a great act pretending to be an irritated you.

And apparently it works. Wired magazine tells the story of one victim who lost $400,000 in retirement savings to the scam.

Thieves Flood Victim’s Phone With Calls to Loot Bank Accounts

http://www.wired.com/threatlevel/2010/05/telephony-dos

Save face on FaceBook with SaveFace

In response to the endless battles between FaceBook and its detractors over FaceBook’s seeming determination to put an end to privacy, a Silicon Valley company has come up with an interesting and innovative peace maker.

It’s called SaveFace, a free utility that will quickly and automatically revert all your FaceBook privacy levels back to their original and much safer settings.

SaveFace is a simple-to-install app that will sit in your browser toolbar and with just a couple of clicks will change all your privacy settings – including your wall, profile, and all photo albums – to just Friends.

According to the company “recent actions and security breaches have turned user fear into resentment. Facebook remains a valuable service to most users, it’s time to empower users to take their private data back – and to allow everybody to SaveFace.”

In launching the product, the CEO of the company talked about how it took him more than 100 clicks to undo all the recent changes that FaceBook had forced on him through recent privacy updates. Maybe FaceBook is not quite ready to save face, but you can.

Untangle® launches SaveFace

http://www.streetinsider.com/Press+Releases/Untangle%C2%AE+launches+SaveFace%E2%84%A2/5647555.html

An Avalanche of phishing

I’m sure by now you’re aware of the threat of phishing and how widely it’s used to commit identity theft by sending emails that look like they’re from your bank or credit card company and requesting your confidential information. If you haven’t heard of phishing, put down the computer and step away from the internet.

Phishing scams are getting more sophisticated and effective, especially as organized crime gangs try to stay one step ahead of the security measures taken by the financial industry and others.

But a recent report found that just one crime gang, codenamed Avalanche, was responsible for the majority of recent phishing attacks around the world. Call it a phishing monopoly, according to the Anti Phishing Working Group (APWG) Avalanche was responsible for two-thirds (66%) of all phishing attacks launched in the second half of 2009, and was responsible for the overall increase in phishing attacks recorded across the Internet.

According to the APWG, there were at least 126,697 phishing attacks recorded in the second half of 2009 – more than double the number of attacks recorded in the first half of the year.

And what’s more disturbing, the criminal network created and managed by the Avalanche gang was also used  to distribute the notorious Zeus Trojan, a sophisticated banking Trojan that has been wreaking havoc on banks and consumers for nearly a year as it sneaks on to computers, disables anti-virus protection, bypasses bank security, and quickly empties victim bank accounts.

Lessons learned?

• Cybercrime, phishing, and identity theft are no longer the domains of amateurs, but sophisticated, well-funded, professional crime gangs who are very clever at tricking you into falling for their scams.
• Always be suspect of any email you receive that is not expected or recognized, and never ever respond to an email that asks you to provide or update a password or any financial information.
• Keep all your security software constantly updated as a defense against Trojans and other dangerous malware.
• Consider using a technology like ID Vault® to make sure that your passwords are protected and that the site you’re logging on to is legitimate.

McAfee offers a peak inside the world of global cybercrime

Every three months or so, security firm McAfee does a roundup of what’s going on in the world of cybercriminals, the latest scams and schemes being cooked up, and who’s being targeted.

We’ve highlighted just a selection of the cybercrime intelligence gathered by McAfee’s latest Global Threat Report.

For example:

• In 2009 McAfee identified more than 16 million different kinds of malware, up from 10 million in 2008. In just the first three months of 2010, the company had already identified more than 3 million pieces of malware. That averages 40,000 types of malware every single day.
• One of the most popular types of cybercrime is scareware, or fake security software. This scam tries to convince users that their computers are infected and they should immediately purchase software to remove it. According to McAfee and other security firms “scareware developers earn a phenomenal amount of money from their victims.”
• Manipulating search engine results can generate significant revenues for cybercriminals from fake security software, as well as advertising income from click fraud.
• The Zeus Trojan is used by cybercriminals to blend password stealers with other crimes like pornography and fake security software. And the main target for these attacks is Facebook and its users.
• Between January and March 2010, an average of 139 billion spam emails were detected every day, accounting for nearly 90% of all email traffic.
• Viagra and male-enhancement messages made up the majority of the spam so far this year, accounting for more than 71 percent of spam traffic.
• One of the most unexpected results, according to McAfee, is the significant amount of diploma spam coming from China, South Korea, and Vietnam. Diploma spam advertises forged documents to establish qualifications for jobs and other activities.

Lessons learned?

• As the criminals become more resourceful, creative, and talented, it will pay you as a consumer to become more aware, vigilant, and prepared.
• Don’t treat spam as just an irritation. Many spam emails hide dangerous payloads designed to infect your computer and steal your information.
• Keep your anti-virus software up-to-date, and always be suspicious of a pop-up warning you of an infection and requiring you to pay to resolve it.

Related posts:

1. Weekly News Wrap-Up for 19 April 2010
2. Weekly News Wrap-Up for May 10, 2010
3. Weekly News Roundup for May 6, 2010