Nearly a quarter of all identity fraud victims are tech savvy users – industry comments 

?A new report by Experian has revealed that nearly a quarter of all identity fraud victims in the UK last year were tech savvy mobile and social media users. The group, which represented 8% of the population, also experienced a 17% rise in victims when compared to 2014. Commenting on this news below is Robert Capps, VP of Business Development at NuData Security.

“This is yet another reminder for those of us who spend a significant amount of time online, that we can’t become complacent when it comes to our online habits. We all need to practice good password management, and be extra rigorous with our social media information. The little bits of data, effectively electronic cookie crumbs, that we leave around in our day to day interactions online, are very useful to those with ill intent. When combined together, it’s quite simple for the bad guys to connect the dots between these data points, and the credentials that protect our banking, brokerage, and retail accounts, giving them easy access to more sensitive information and financial assets. When we’re making this info freely available in social media and then using it as keys in our online environments, we have to realise that thieves are using more and more sophisticated tools to search and find these common linkages.

When it comes to breaches we don’t really think about what happens to the data after the initial theft, but this data doesn’t just disappear. It’s collected and combined by the bad guys into a vast data set of consumer data, which is extremely useful to today’s fraudsters to thwart existing online security and identify verification systems.  Data thieves sell this information, including social security numbers, addresses, dates of birth etc., to aggregators, who cross-reference and compile full identities to be traded and sold on the data black market. This increases the value and usefulness of the data, which may have been gathered from multiple data breaches, malware, phishing attacks, or social media scrapping.

Eventually, there will be widespread adoption of better authentication tools that companies can use to determine if it’s really you logging in. Meanwhile, make sure you have adjusted your social media privacy settings and only accept connections from those you personally know. A good password manager can help store and encrypt your passwords, and make sure you rotate your passwords frequently. If you have a choice, choose the least obvious two-factor authentication answers, for example: “What’s your paternal Grandmother’s name?”, the answer could be the “Philadelphia Eagles” (which only you would know was her favourite football team). Check your bank statements and credit report frequently to ensure there is no unusual activity.”



Hackers accessed Telegram messaging accounts in Iran

Responding to reports that hackers accessed Telegram messaging accounts in Iran, and the suggestion that Telegram’s vulnerability lies in its use of SMS text messages to activate new devices, Alex Mathews – Technical Manager EMEA at Positive Technologies, says:
“SMS is not a secure transmission channel as these Iranian users can attest. Any service that uses SMS for authentication or password resets – be it WhatsApp, Telegram or another app – is potentially vulnerable to such attacks.

“The reason is that SMS messages are relayed via the SS7 network – a protocol designed to carry telephony communications in the 1970’s when security wasn’t a high priority. Attempts to highlight the issues, including Positive Technologies’ own research, have seen the insecurities of SS7 discussed more recently. However, there is the misperception that the SS7 network is a secure system that only authorised users can access. That simply isn’t true.

“The reality is that everything has a price, and access to the SS7 network is no different.

“With smartphones forming an integral part of daily life, awareness of this vulnerability will continue to cause public outcry – and rightly so. Rather than an attempt to harm the telecom industry, this is the result of shock and concern of ordinary people who count on these systems on a daily basis.

“In addition, those whose businesses are built on the protocol – Mobile Network Operators (MNOs), Mobile Virtual Network Operators (MVNOs) and IPBX service providers (MVNEs) will continue to have their services abused, and revenues eroded. It’s estimated that multi-millions of dollars is lost annually to fraudulent use of the network and the operators either don’t realise, or don’t care because they’re at a loss to know how to prevent it.

“With so much at stake, the mobile operators and regulators must come together to tackle the insecurities of the network or risk losing control of this critically important international infrastructure.”

Researchers at Positive Technologies have been advising of vulnerabilities in the SS7 network since 2014. Earlier this year, it published a report into this work confirming that all SS7 networks examined could be exploited from the outside; subscriber data is at risk; EMEA networks are less secure; and large operators cannot guarantee security.



UK Card Fraud Losses Climbed 18 Percent in 2015 

?It has been reported that UK card fraud rose a staggering 18 percent in 2015, the sharpest rise across the whole of Europe. The UK, Denmark and France stand to benefit the most from additional security measures for card payments, and additional investments from merchants and issuers. Further, 10 of the 19 European countries monitored suffered more card fraud in 2015 than in 2014.

Robert Capps, VP at NuData Security, a behavioural biometrics company and fraud mitigation specialists had the following comment;

“I’m saddened but not shocked to see these findings. Coupled with the data that cardholders have very high expectations, that they aren’t willing to change their habits when it comes to password security, and tech savvy users are the most likely targets, FI’s and e-retailers are being increasingly pressured to step-up their game in when it comes to online authentication. In fact, the pressure seems to be all on them.

In this study, the fact that fraud losses climbed 18% in one year in the UK is a sad state of affairs for consumers who can often bear the brunt of the costs (especially with regard to account takeover and new account fraud). It’s absolutely no wonder that consumers are pushing back on companies to improve security, holding them accountable for it, yet still want to have a good experience going through the gates.

With the incorporation of the EMV chip into cards, there is now no doubt that fraudsters have migrated online where the field is greener, especially since so many merchant and financial institutions are still using end-point authentication methods that just don’t provide a confident verification of the genuine user.

We can move beyond single-point solutions that are so obviously failing. The end game has to be customer satisfaction, as it should be. Companies should never have to put process and security above customers, and there are now tools on the market that can verify users by their own natural behaviour. That should be where we start and finish.”