As always, Scott Adams gets it right

And this is why we can not kill spam, phishing, and fraud

For every 99 people with a clue there is one that falls for it.

Pulp Phishing

Found a neat new web tool to create retro looking Pulp Fiction covers.

So here is one to remind everyone that telecom fraud is not just taking your money, but is being used to fund terror.

Past posts about Al Qaeda Phishing attacks

• Fraud – From Fun Phreak to Terrorism (Posted: Sunday, January 27, 2013)
• Shssshhhhhh!!!! Al-Qaeda Phreaking!  (Posted: Thursday, December 1, 2011)
• Al Qaeda-linked phone hackers are back (Posted: Sunday, January 27, 2013)

 
Pulp cover made with: http://thrilling-tales.webomator.com/derange-o-lab/pulp-o-mizer/pulp-o-mizer.html
 

Holiday Hacks are upon us again

Today I found a very nice article on the CSO Security News site called The 12 Cons of Christmas by Joan Goodchild (CSO (US)).

In this article she points out that this is the time of the year when the fraudsters and phishers are out in force.  Or as Joan put it:

While the risk of being hacked, conned or having sensitive information stolen is possible all through the year, most security experts agree that the holiday season brings a spike in fraudulent activity, both online and off.

Hot Holiday items are lures

With the increased use of Facebook and Twitter they can get more information about what you want and can use that to better target you. To make it worse, the scammers have learned not to be so obvious, and "the signs that made scams so obvious before are no longer always present as more sophisticated techniques employed by criminals on Twitter and Facebook make it harder than ever to know what's legit."

Take a look at the article for some good hints on how to detect these scams and protect yourself.  
Full article: http://www.cso.com.au/article/440664/12_cons_christmas/

Does IT make it too easy for fraudsters?

I was just reading an interesting article by Steven Cotton of the TM Forum entitled Fraudsters Will Be Fraudsters, But How Does Provider Indifference Help? In it he explains about a recent phishing attempt that came to his in-box and how the service provider’s support group did not know if they had a security or fraud department and could not be bothered to care.

Now if you look at most of the recent stories labeled as telecom fraud they are frequently about people being defrauded using the phone rather than fraud hitting the PBX. In these cases it us usually someone tricked by phone or email into going down to Western Union an sending money to someone that they know who is in some sort of “trouble.”  Now the cases and cause of the trouble is varied (bail, hospital charges, fees to get car fixed, etc.) but the common item is that they always want the money sent via Western Union – who has no verification, tracking or roll-back options once the cash is taken.

Now Steve ended his blog entry with this line

I'd suggest that the industry should at least set a basic goal of making the fraudsters at least break a sweat as they perpetrate their nasty business.

I suspect that this is exactly the case, and if there was a way to force Western Union to verify the identity of the person claiming the money, say the way that a person-to-person call works, would cut down more than half of this kind of fraud.

The same is true in PBX related fraud, keeping default passwords, leaving the system ports open, not watching your phone bill, and not proactively protecting your system makes it just as easy to defraud you as those who are praying on phone scam victims.

Lighter side- Phishing

This is as straightforward an example of Phishing that I have ever seen

Any questions?