PPC fraud
Fraud has been a growing problem in society generally and online fraud is a particularly big and growing problem which manifests in many ways. Most people not directly involved in online marketing do not realize that fraud is also a big problem in pay per click. This type of fraud can manifest itself in many ways, but perhaps the most common is where pay per click advertisers find that their accounts are accessed by a virus and their account manipulated with their advertising budget diverted.
Recently, the FBI uncovered a very big instance of this kind of fraud which the FBI believed had accounted for nearly $15 million dollars over a period of over a year and which involved a virus on an estimated 4 million computers in over 100 countries. This shows that this fraud is done in a quite subtle way, at a level where, unless the advertisers are very carefully checking their accounts and expenditures, they may not notice any changes.
The overall level of fraud in pay per click advertising has been estimated at $1 billion a year.
Worried about viruses – you don’t know the half of it
For the average individual or business, we worry about a virus on our pc, but know that generally speaking, it can be resolved by a reasonably competent IT security person and it’s usually quite evident when it’s there.
However, things have moved on a lot further in terms of capability to monitor anything and everything digital without you knowing, even if you are competent in IT security.
The press have reported this week on a software product known as RCS – Remote Control System, created by former computer hackers. The product can bypass the most sophisticated electronic defences and potentially can disrupt entire systems as big as utilities and defence systems.
RCS can be utilized on smartphones and computers enabling covert listening to phonecalls and ability to access encrypted communications. The extent of it’s applicability and it’s stealth are really incredible, and here’s the rub, it si apparently being used by Governments. It is not available for business or individuals or for risky countries. The licences cost some £171,000.00 a year.
Flaws in mobile phone security flagged up many years ago
Some 12 years a member of the public, shocked at how easy it was to blag a pin number top access his voicemail, began campaigning to make others aware of the security risk. Unfortunately, he was ignored.
Steven Nott, a salesman who discovered the issue, complained to his mobile operator, Vodafone but no changes were made. He then tried to get the local newspaper, to publicise the issue and advised the police of his concerns also. The local paper did run the story but no-one on a national level was even prepared to raise the issue. In a highly ironic twist, Mr Nott took up the issue also with some of the tabloids, but yes, you guessed it, they didn’t thin k it was a significant or newsworthy issue.
Mr Nott says he now feels bad that he may have alerted the tabloid press to the ease in which a mobile phone could be hacked !
Increasing concerns about hacking
British police and online security specialists are both agreeing that the recent steam of high profile hacking activity, on a major scale and targeting major companies who on the face of it will have very strong security, is extremely worrying.
Hacking seems to be major news and this week is no exception. This week, a teenager from Essex in the UK has been charged as being involved in some of the major hacking recently, but clearly there are many other individuals involved due to the scale of attacks and the resources needed for some techniques to succeed. So called “denial of service” attacks tend to require a concerted and perhaps co-ordinated bombardment of a site to overload it, which can involve many thousands if not millions of computers at the same time. This does not mean thousands of hackers are necessarily involved, but a number will be needed to recruit the computing power needed by spreading viruses or such like to involve many other computers.
The experts also advise that the hackers tactics are changing and evolving. They are developing new techniques and in the case of organised criminal hacking for profit, are adopting a much more planned approach, testing organisations weaknesses before launching a final attack to obtain what they want, such as bank details. Hackers are apparently also now using tactics involving social networks, which of course have become the pre-eminent way for people to communicate on the net, save for by email.
One aspect providing some encouragement/comfort for law enforcement agencies and large companies is the fact that the hackers group often destroy themselves from within due to some members often getting “spooked” eventually and turning informant or due to arrogance or competitiveness. There are some signs that this is happening with the hackers thought to be behind at least some of the major attacks recently.
Last week this week
Last week Sony admitted that the credit card details of 77million PlayStation users may have been taken by hackers and this week they suggest the figure could be even higher, and which could end up costing Sony billions. If it can happen to Sony, this should be a cause for concern for anyone doing business online, storing sensitive data and certainly any organisation with an e-commerce operation
It remains unclear whether the data stolen includes financial details but Sony has already admitted that user names, passwords, logins and security questions have been compromised on a massive scale.
Alleged conman “takes in” former England Manager, spy chief and North Korean Government !
Even by the “normal” standards of fraud, this case is quite extraordinary and shows that when a person gains the confidence of perhaps a few successful people, others often follow, assuming that if “x” is willing to do do business with the fraudster, then they can also have confidence in his or her credentials and bona fides. Do so at your peril … !
In this case, the alleged fraudster, Russell King managed to convince former England manager Sven-Goran Eriksson, former spy chief Sir John Walker and, believe it or not, the North Korean government that he was managing billions of dollars for the Bahraini royal family.
The above occurred despite the fact that King had “previous”, having previously gone to prison for insurance fraud in 1991. It seems that little or no checks or due diligence took place and King got as far as allegedly inducing Eriksson to become involved in Notts County football club and in visiting North Korea as a kind of ambassador for a legitimate company which King appears to have been in control of, although he claims he was only ever a consultant to that company, which has now gone bust.
The case has been referred to the Serious Fraud Office and clearly demonstrates the value of a modicum of due diligence !
DHL Notification (You have received a Package)
Have you ever received emails seeking to induce you to open an email about a courier package ? Have you ever thought to yourself “I don’t remember ordering anything, but I have a nagging doubt it may be something important” ? If you have opened that email, it may well look something like this :-.
Subject: DHL notification 12982138 Reference Number
Dear customer.
The parcel was sent to your home address.
And it will arrive within 7 business days.
More information and the tracking number are attached in document below.
Thank you.
2011 DHL International GmbH. All rights reserved.
Please do not open this type of email as typically they contain malware attachments which will infect your PC. This malware attachment appears to come from a reliable source like DHL but of course it is not from DHL and the attachment is not carrying any tracking number or parcel details instead its carrying a malware or Trojan.
For further advice on computer security or computer forensics, please contact Blackhawk Investigations.
Dangers of outsourcing marketing and data theft
Thousands of businesses, large and small, now outsource their email marketing campaigns on the grounds of costs and expertise and for understandable reasons. However, as this week’s news confirms, in so doing a business risks not only potential legal liability but significant reputational damage if things go wrong.
No less a powerhouse than the British institution that is Marks & Spencers has faced the embarrassment and potential loss of trust in thousands of it’s customers details being stolen by hackers. The company had outsourced various email marketing campaigns to Epsilon, a well known and trusted data and marketing services company.
Along with approximately 50 other businesses also using Epsilon for email marketing, Marks & Spencer customer details, including names and email addresses (but not financial information apparently) were accessed by unknown hackers
Data security and data loss is becoming an ever increasing security issue for all businesses, large or small in a world where personal data collected is burgeoning at an incredible rate.
Phone hacking – Prevalent but difficult to prove criminally
Acting Deputy Commissioner John Yates, Senior Scotland Yard Officer, has advised the home affairs select committee that the CPS usually advises the police that phone hacking prosecutions will only succeed if the police can prove that the voicemails of victims had been intercepted before celebrities or other public figures had heard them. The apparent affect of this is that only a very small proportion of potential cases are suitable for criminal charges. This answer was given in the context that it was suggested to Mr Yates that the Met know of a “vast number” of people whose voicemails had been “accessed without authority”.
On being asked by Keith Vaz, the chairman of the Home Affairs committee, whether the law should be clarified Mr Yates replied: “I couldn’t agree with you more.”
Any proper and full assessment of security for a business would wisely take into account the full gammut of security risks facing that business. Physical security is just one aspect, and there are many others, such as general business risks, employment law possible risks through to the possibility of claims for accidents at work and the issue of whether legal documents are in place which protect against risk and liability. It is worth assembling a team of trusted suppliers and to ensure that a fully integrated approach, carefully and fully considered, couple with a risk assessment or audit, updated on a regular basis.
