Bigmouthmedia search engine news: fraud

Net criminals to target social networking sites in 2008

Thu, 03 Jan 2008 12:00:00 GMT

Cyber criminals are set to target social networking sites over the coming year, security firms have warned.

Professionals in the field suggest that the intimate nature of such sites makes users more willing to share personal information and, consequently, more vulnerable to attacks.

Senior security researcher at ScanSafe Mary Landesman stated that social networking sites are attractive to scammers because "the technologies that play there and the third party add-ons make it an environment that is susceptible to compromise", the BBC reports.

According to the corporation, there have already been a number of such attacks perpetrated on social networks.

For example, Brazilian users of Google's Orkut - a networking and discussion site - were recently subjected to a threat caused by a worm that tried to steal bank account details.

As well as the technical vulnerabilities that social networking sites are susceptible to, the amount of information that individuals willingly share with others is also described as problematic.

Commenting on the issue, David Porter, head of security and risk at business and technology consulting firm Detica, stated: "It is remarkable that people use social networking websites to publish details about their lives, loves, jobs and hobbies to the entire world ... Such data is invaluable to identity fraudsters."

In a BBC article yesterday, Paul Henry, vice president of technology evangelism at security solutions provider Secure Computing, stated that 2007 saw high-tech crime become firmly entrenched.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

2007 'saw high-tech crime become firmly entrenched'

Wed, 02 Jan 2008 12:00:00 GMT

Cyber criminals are becoming increasingly advanced and 2007 was the year that hi-tech crime became firmly established and entrenched, an expert has said.

According to Paul Henry, vice president of technology evangelism at security solutions provider Secure Computing, "the bad guys are becoming more sophisticated and that means it is becoming more difficult to stay safe", the BBC reports.

He added that he sees no end to the rise in online crime until "we effectively reduce the value of personal information to the point where for the hackers it is useless".

Joe Telafici, vice president of operations for McAfee's Avert Labs, went on to say that the majority of attacks perpetrated are now done for money.

The last year saw the effective extinction of young hackers who wrote malicious programmes and viruses for fun, he stated.

While some of the attacks, such as phishing runs, were obviously concerned with stealing money from internet users' credit cards or bank accounts, others that looked more innocuous were also done with cash in mind, according to Mr Telafici.

For example, Trojans placed in banner advertisements that attempt to hijack a home PC were designed to get hold of information that can be rented out for a fee to spammers and other internet criminals.

Recently, search engine provider Google was affected by a web hijacking campaign in which malicious websites used by hijackers would come up in search results when users looked up seemingly innocuous terms such as "charity".

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

Yahoo!, eBay and PayPal team up to reduce email fraud

Fri, 05 Oct 2007 12:00:00 GMT

Yahoo! has announced it is joining forces with eBay and PayPal to protect consumers against email fraud and phishing scams.

The collaborative effort will mean eBay and PayPal customers who use Yahoo! Mail will receive fewer fake emails claiming to be sent from the companies.

In a statement, the search engine declared: "Yahoo! Mail is the first web mail service to block these types of malicious messages for eBay and PayPal through the use of DomainKeys email authentication technology."

DomainKeys technology allows internet service providers to determine if messages are real and should be sent to a user's inbox.

The technology upgrade is due to be rolled out across the world over the next four weeks to all users of Yahoo! Mail.

Michael Barrett, chief information security officer at PayPal, stated: "While there is clearly no silver bullet for solving the problems of phishing and identity theft, today's announcement is great news for our customers who rely on Yahoo! Mail."

Chief information security officer at eBay Dave Cullinane added that, through industry cooperation, firms can collectively attempt to "stamp out" phishing and other kinds of email scams.

Yahoo!'s announcement comes in the wake of uSwitch research that suggested homes in the UK receive almost 82 million spam emails each day, equating to 947 every second.

According to the figures, Britain now ranks fourth in the world for spam attacks.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

Yahoo! launches click fraud centre

Fri, 10 Aug 2007 12:00:00 GMT

Yahoo! has launched a new Traffic Quality Centre to help combat the issue of click fraud.

At the centre, users of the pay-per-click advertising service will be able to access a range of services in order to help them to protect themselves, the search engine has said.

They will be able to get the latest news on traffic quality, view tips and tools that will assist in fraud detection, learn how to submit a click investigation request and read articles on the best practices in helping to protect search marketing investments.

Users will also be able to locate articles that illuminate traffic quality issues from a range of perspectives.

Reggie Davies, vice president of network quality at Yahoo! Search Marketing commented: "Our commitment to traffic quality is not new.

"In fact, since 1998, our Click Protection System has been up and running 24/7 with the goal of filtering out bad clicks - helping to ensure that you're only billed for the clicks that count."

The system is continuing to evolve along with marketplace changes, he added.

There is disagreement concerning click fraud rates, with PR-GB.com reporting that the industry can only estimate the number as somewhere between 0.02 per cent and 30 per cent, or possibly even higher.

According to the site, the incidence of fraud is determined partially by the competitiveness of the industry and the level of the bid price.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

FBI steps in as cyber criminals infect 10,000 websites

Tue, 19 Jun 2007 12:00:00 GMT

Over 10,000 websites have been infected by a Trojan virus that tries to install malware onto visitor PCs. The malware includes malicious code such as key logging software, which attempts to steal users' personal usernames and passwords for various applications and sites, such as online banking.

What has surprised investigators most is the speed at which the infections have spread. The number of infected sites has grown quickly from around 2000 to 10,000 within a couple of days. Most of the sites infected are small and range from pop star appreciation sites to travel and charity organisations. The FBI is working to contain the damage and track down the cyber crooks.

It's not yet clear if the attackers are exploiting security holes on the servers themselves or hacking into service provided infrastructure, but reports conclude that an automated tool is searching for vulnerable sites. Once a server is infected, the cyber criminals install an invisible iframe into the web page that secretly redirects the visitor to other sites, which then install the Trojan code.

Most of the infected sites are hosted in Italy, but the redirects lead back to servers in San Francisco and Chicago, which are registered to owners in Hong Kong. The authorities in the US are trying to reduce the damage of the malicious code by shutting the San Francisco and Chicago sites down.

The attack marks the growing trend of propagating viruses, worms and other malicious software via websites, rather than email. With the improvement of email spam and virus filters, as well as the increased awareness by the general public of the risks of opening attachments from unknown senders, hackers are now targeting websites to spread their malware, which are harder for users to detect.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

Yahoo! leads the way in fight against email fraud

Thu, 24 May 2007 12:00:00 GMT

Yahoo! is leading the fight against fraudulent emails and online phishing scams, by teaming up with industry leaders to develop DomainKeys Identified Mail (DKIM) to give users extra protection.

In a combined effort to combat email forgery, phishing and online fraud, Yahoo!, Cisco, Sendmail and PGP Corporation revealed that the internet technical standards group, Internet Engineering Task Force (IETF), has approved DKIM.

Email authentication network DKIM uses cryptographic signature technology to identify the domain of an email sender.

It will provide businesses with heightened brand protection, as it can determine the legitimacy of a message and its origins.

The groups involved in DKIM will now be working closely with internet service providers, businesses, financial institutions and the open source community to adopt and incorporate it into future products and offerings.

Mark Delany, lead architect for Yahoo! Mail and author of DomainKeys, said: "As the largest Web mail provider in the world, we view protecting email users from scams as a top priority.

"We are gratified that the core DomainKeys technology, which Yahoo! first introduced in 2003, has evolved to reach this milestone through the IETF process, and that DomainKeys Identified Mail is positioned to become the pre-eminent standard for email authentication."

Figures released by the Anti-Phishing Working Group revealed that almost 24,000 scams were reported in the US in February this year.

"DKIM can improve users' trust in email and, in doing so, make the internet a safer and more useful tool," said DKIM author Jim Fenton from Cisco.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

Data theft scam targets Google ads

Mon, 30 Apr 2007 12:00:00 GMT

Last week, online criminals hijacked twenty online search terms with the intention of stealing bank and credit card details from surfers looking for the Better Business Bureau website, amongst many others. This type of online fraud, known as "phishing", has been around for some time, but the ways in which phishing sites are made available to possible victims continues to diversify and increase in sophistication with every month that passes.

On this particular occasion, the attackers used Google AdWords as the platform for online promotion by bidding on popular search terms associated with the Better Business Bureau site. The landing pages from these ads lead to sites which are, in fact, identical copies of the sites targeted in terms of layout and appearance. When a user enters a phishing site, any details they enter - such as username, password and credit card number - are given to the online criminals who set up that site.

Frequently, emails asking users to reset login details or passwords are a way of getting victims to these sites. And as more people become aware of such phishing techniques, online criminals have to adapt to the current situation and look for new ways to pursue their fraudulent activities.

The number of people affected by last week's phishing attack is unknown, and Google said the sponsored results associated were totally removed on Tuesday 24th April - although the actual scam site is still available.

The Exploit Prevention Labs detected this attack and reported the findings after two weeks of research. On Google, search terms such as "modern cars airbags required" gave sponsored search results that saw some phishing sites occupy top ranking positions for those terms. When a visitor is about to enter on a sponsored search result site, the URL associated with the advert is displayed at the left hand side corner. However, fraudulent adverts usually hide the URL. therefore visitors don't know what site they are about to enter.

Once a click is made on this fraudulent advert, which pretends to come from a reputable brand, a piece of software is installed on the victim's computer, which will record private data. Last week's attack targeted more than 100 banks around the world by adding extra HTML on the banks response pages. This is usually the last stage on any SSL transaction coded in plain HTML, rather than encrypted, which makes it more vulnerable and the perfect target for scammers.

Popular internet brands, like eBay and Paypal, have been a usual target of phishing attacks in the past and it seems like the general public is still defenceless against this type of fraud. In the near future, search engines will really need to concentrate on technologies for malware detection, which will stop these sites from getting indexed or approved as legitimate paid campaigns.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

Britain developing e-crime reporting portal

Thu, 19 Apr 2007 12:00:00 GMT

British computer security experts have announced their intention to create a portal that would help report and pool information on internet crime.

The announcement was made on Wednesday by the non-profit organization Voice (Victims of Internet Crime Europe) at the Third Annual International Conference on Global E-security at the University of East London.

Hamid Jahankhani, who lectures on computing and business information systems at UEL, said the venture would also help raise awareness of the problem of internet crime.

It is hoped the simple nature of the portal will increase reporting of this type of crime and put the issue of e-crime on the agenda.

Internet users currently do not know where to turn to, and many cases of internet fraud and related crimes go unreported.

David Lilburn Watson, a computer forensic expert and head of forensic computing at UEL, further argued that there was a sense that e-crime was on the rise, but gathering statistics and getting a sense of trends is difficult with current systems.

Europe currently has no system in place to track internet crime victims; the US does have portals such as the Internet Crime Complaint Center, run by the FBI.

But Jahankhani and Watson envision a more ambitious portal that will have statistical tracking systems already in place.

It is hoped the portal will attract some EU funding, and the idea has been informally floated to industry groups and companies.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

Yahoo! appoints click fraud chief

Thu, 22 Mar 2007 12:00:00 GMT

Yahoo!, the world's second favourite search engine, has made an important internal promotion. Mr Reggie Davis has moved from a position as a Yahoo! staff lawyer to an executive position as the Vice President of Marketplace Quality - or alternatively, Yahoo!'s "Click Fraud Tsar".

Click fraud is a major issue for search engines. It happens when either a person or an automated machine repeatedly clicks on an advertiser's paid search advert, with no interest in what lies at the other end of it. This is a problem for advertisers, as they pay for the click but will never get a return on the cost incurred.

Mr Davis has much experience in the field of click fraud; he was the associate general counsel for Yahoo! in the class action suit filed against Yahoo! by the Checkmate Strategic Group in June 2006, which led to Yahoo! having to make significant changes in its click fraud prevention methods.

In a statement, Mr Davis said that he had received a mandate to increase advertiser confidence when advertising on Yahoo!, stating that "the goal is to develop the highest quality network in reality and in perception".

Mr Davis' appointment is a good way for Yahoo! to show how critically they are taking this issue of click fraud, and to show that they are tackling the problem effectively. Last year, Google were the first search engine to address advertisers' issues with click fraud. Measures included providing new reports that show how many invalid clicks have been rejected by the engine, increasing transparency in the methods that they use to combat click fraud.

Search engines look at the patterns of clicks received on adverts, taking into account issues like suspicious patterns in the timings of the clicks or multiple clicks from the same IP address, to find possible click fraudsters. Search engines then proactively seek out instances of click fraud, and remove the clicks from the advertisers' invoice.

In his statement, Davis said that the number of clicks that Yahoo proactively removes from billing is around 12-15 per cent of the total number of clicks, while the actual number of fraudulent clicks is lower than this. This means that advertisers should not be experiencing loss due to click fraud, as the engines are overcompensating for the number of fraudulent clicks.

The measures that the world's leading search engines are taking to combat click fraud show how seriously they are taking the issue. Even if the actual numbers of fraudulent clicks are fairly small, click fraud remains a worry for advertisers and undermines confidence in the use of paid search advertising - good luck to Mr Davis in tackling this tricky problem!

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia

Read no evil: new British law prohibits phony blogs

Wed, 14 Feb 2007 12:00:00 GMT

So, you're thinking about buying a product, but haven't yet heard any reviews on it. Should you take the plunge and test the product out for yourself, or should you wait for someone else to make the purchase first? Well, chances are someone already has. Moreover, their comments are likely waiting in clear view online.

Where better to turn than an online blog or forum where consumers have posted their experiences with products or services? It's a quick, simple, and accurate way of assessing a potential purchase, right? Well, all except for the last bit. In fact, what many of today's online users don't realise is that a good number of those raving reviews on stereo systems and cars are posted by none other than the makers of those stereo systems and cars.

However, thanks to a new law passed by the British Parliament, companies advertising in the UK will soon have to steer clear of shill reviews and "flogs", or phony blogs. The new British law, which will take effect on December 31, 2007, prohibits people from posting reviews of their own products under false names. The law applies to all types of product postings, ranging from those of authors who review their own books on Amazon.com to marketers who create phony blogs to promote their products.

But can we expect to see similar legislation in the US? After all, in the last few months, several US companies - including Wal-Mart and Sony - have landed in hot water for creating "flogs". Many lawyers doubt such a move, based on allowances of the First Amendment which generally enable people to write under pseudonyms. And while commercial speech holds a lower bar of protection than non-commercial speech, distinguishing between the two isn't always so simple.

Eric Goldman, director of the High Tech Law Institute at the Santa Clara University of Law said:

"What we're going to see is one-off regulatory solutions. We could have a very carefully crafted point solution to deal with faux blogging. However, marketers would probably find ways around such narrow rules. It will be a very easy thing to game," he predicted.

So, while UK consumers can soon expect genuine feedback on consumer blogs and forums, their US counterparts are seemingly better off sticking to good old, literal word-of-mouth.

Digg This! | Save to del.icio.us | Reddit | Submit to Netscape | Google Bookmark This | Furl This | Add to Yahoo MyWeb 2 | Contact bigmouthmedia