As the world’s largest social network and the second most visited website it should come as no surprise that Facebook sees a lot of phishing and account takeover attempts. Facebook’s Director of Policy Communications, Barry Schnitt, shared some insight on just how large of an issue account takeover attempts are, saying that Facebook stops 600,000 unauthorized account login attempts a day where the fraudster has phished or guessed the account’s password.
A two year operation by the FBI called Operation Ghost Click has led to the arrest of six hackers who had built a botnet of over four million computers contributing to $14 million in click fraud. The federal indictment names seven suspects who were able to generate a lot of traffic by redirecting their malware victims to the ads or sites that earned the fraudsters revenue.
For several years now fraudsters have been obtaining credit card numbers by hiding skimmers in gas pumps, but a fraud ring from Central Florida took this a step further. Not only did they counterfeit cards skimmed from consumers paying-at-the-pump, but they then used the counterfeit cards to steal large amounts of fuel which they later resold.
The high profile data breaches continue in 2011 as Anonymous posted 1,000 user names and passwords taken from the United Nations. A hacker was able to access the server containing information for the United Nations Development Programme, the attack may have been just to demonstrate ability or to embarrass the UN as many of the posted passwords were weak. Anonymous is also threatening attacks against major financial institutions with their new ally, TeamPoison, in a hactivism effort they are calling Operation Robin Hood.
On November 28th the credit reporting bureau and global information services company Experian agreed to acquire the identity verification and fraud screening company 192business for an undisclosed price. The acquisition is still subject to approval by the UK’s Office of Fair Trading.
192business is the leading identity verification provider in the UK with more 1,000 organizations using their ID verification services. Experian offers identity authentication, knowledge bases assessments and other identity and fraud prevention services. Experian stated that this acquisition will form part of their Decision Analytics business line and they will expand their range of identity verification and fraud prevention services.
Welcome to The Fraud Practice’s FraudBlog; your source for updates on current events, commentary and best practices related to the eCommerce CNP payments and fraud industry.
Be sure to signup to see all of our content to include our free monthly FraudBlog Newsletter.
After breaching the systems of a digital certificate authority a fraudster made their phishing and pharming web pages suddenly seem legitimate. Consumers rely on trust marks and digital security certificates to let them know a website is secure enough to handle their payment card account numbers and other sensitive information. But when fraudsters can make their fake sites seem legitimate by forging these digital certificates it reduces the trust and confidence consumers have in digital security certificates and the internet commerce overall.
According to an estimate by Javelin Strategy & Research the Durbin Amendment will eliminate $6.6 billion in annual revenue for affected financial institutions. But banks don’t plan on just letting this money go, instead they are finding ways to regain these revenues and steer consumers to more profitable payment forms. Consumers are already starting to see fees for debit card use, increased costs for checking accounts, debit card transaction limits and increased ATM fees while debit card reward programs quickly disappear.
The Fraud Practice’s David Montague is a featured speaker at the upcoming MRC Europe held in Berlin, Germany from October 17-19, 2011 where he will be providing a session title “Moving Beyond the Device,” a strategy for making best use of device identification.