Tackling deep-rooted problem of online fraud

It’s an unfor­tu­nate side effect of the dig­i­tal world that by search­ing through the junk mail­box or inbox of any cur­rent e‑mail account, we would inevitably see evi­dence of attempts at online fraud. Cas­es of phish­ing, the fraud­u­lent prac­tice where e‑mails are sent pur­port­ing to be from rep­utable com­pa­nies to glean per­son­al infor­ma­tion from the recip­i­ent, have actu­al­ly risen by 400 per cent in the last cou­ple of years. In the UK alone, such attacks increased by 21 per cent in 2015, cost­ing con­sumers an esti­mat­ed £174.4 mil­lion.

Phish­ing is by no means a new scam – the method has been in use for more than 15 years – and fraud­sters are chang­ing tac­tics, look­ing at new ways to catch out con­sumers. Tar­get­ed fraud that hijacks trust­ed brands and unsus­pect­ing con­sumers has been a long-time chal­lenge for com­pa­nies such as banks or oth­er finan­cial ser­vices organ­i­sa­tions. How­ev­er, fraud­sters are now focus­ing their efforts on a range of oth­er sec­tors. These include indus­tries such as soft­ware as a ser­vice ven­dors or com­pa­nies with cloud-based offer­ings, telecom­mu­ni­ca­tions, retail and inter­net brands, and many are falling prey to these evolv­ing meth­ods.

The lat­est Office for Nation­al Sta­tis­tics fig­ures sug­gest that one in ten of us fall vic­tim to online scams, virus attacks and thefts of bank details every year. The sums stolen are tru­ly spec­tac­u­lar, an eye-open­ing £193 bil­lion a year – that’s 50 per cent more than the annu­al bud­get for the entire NHS. The online fraud land­scape today has become a tan­gled web of poten­tial threats and, as well as phish­ing, busi­ness e‑mail spoof­ing scams and mal­ware are also on the rise.

The threats have become more com­plex to nav­i­gate and the risks hard­er to mit­i­gate with attack­ers mak­ing use of the deep web. The indexed sites on the inter­net, or sur­face web, only account for 4 per cent of the data that can be found online. The rest is com­prised of the deep web, unin­dexed con­tent such as web­mail pages, com­pa­ny intranets, user data­bas­es and pages behind pay­walls. The deep web also includes the dark web, which is a series of sites that are vis­i­ble, but with hid­den IP address­es enabling crim­i­nals and legit­i­mate users alike to enjoy com­plete anonymi­ty.

Giv­en the rapid­ly chang­ing nature of cyber crime, pro­tect­ing and proac­tive­ly defend­ing an organ­i­sa­tion has nev­er been more impor­tant. The first cru­cial step for busi­ness­es is to be ful­ly pre­pared and adopt a “when” rather than an “if” approach, with the aim of pre­vent­ing the attacks in advance. Organ­i­sa­tions can set up ear­ly-warn­ing sys­tems alert­ing them of new domain reg­is­tra­tions, which may mis­lead­ing­ly read like their brand name and may tar­get the brand to host mali­cious con­tent, before it impacts their cus­tomers.

Fraud­u­lent activ­i­ty can also be detect­ed by using the right intel­li­gence, and proac­tive­ly mon­i­tor­ing and analysing key intel­li­gence sources to detect phish­ing and mal­ware activ­i­ty across e‑mail and oth­er dig­i­tal chan­nels. Busi­ness­es need to shut down or restrict access to phish­ing sites and can part­ner with an anti-fraud ven­dor to share their phish­ing alerts with inter­net ser­vice providers, browsers, e‑mail providers and secu­ri­ty ven­dors, help­ing them block mali­cious sites at the inter­net gate­way.

Mea­sur­ing and mit­i­gat­ing cyber crime has to involve under­stand­ing the lev­el of activ­i­ty in these hid­den areas of the inter­net. There are solu­tions on the mar­ket that use lead­ing-edge tech­nol­o­gy to detect, analyse, mit­i­gate and also pro­vide near real-time alerts for a more com­pre­hen­sive approach to anti-fraud. Con­ven­tion­al threat analy­sis requires secu­ri­ty experts to search mul­ti­ple plat­forms and man­u­al­ly iden­ti­fy threats. Mark­Mon­i­tor® solu­tions use auto­mat­ed process­es to mon­i­tor and iden­ti­fy threats, and deliv­er insight into spe­cif­ic threat activ­i­ty. Lever­ag­ing smart robot tech­nol­o­gy, the solu­tion mim­ics human behav­iour to inter­act with cyber crim­i­nals and infil­trate their net­works.

The risk of cyber attacks is real. From a con­sumer per­spec­tive, there are many instances of indi­vid­u­als being tar­get­ed and poten­tial­ly becom­ing a vic­tim of online fraud. For busi­ness­es, pro­pri­etary cor­po­rate infor­ma­tion, trade secrets and employ­ee access cre­den­tials are all at risk. Busi­ness­es need to be aware of every poten­tial threat to their IP and lever­age the tech­nol­o­gy to mon­i­tor, detect and pro­tect their organ­i­sa­tion, and unsus­pect­ing con­sumers, in the deep­est, dark­est lay­ers of the inter­net.

For more infor­ma­tion please vis­it:

www.techweekeurope.co.uk/security/cyberwar/uk-phishing-attacks-rise-2015
www.information-age.com/technology/security/123461668/just-tip-iceberg-why-you-should-be-monitoring-deep-web
www.pcadvisor.co.uk/how-to/internet/what-is-dark-web-how-access-dark-web-deep-joc-beautfiulpeople-3593569/

© 2016 Mark­Mon­i­tor Inc. All rights reserved. Mark­Mon­i­tor® is a reg­is­tered trade­mark of Mark­Mon­i­tor Inc., part of the Intel­lec­tu­al Prop­er­ty & Sci­ence busi­ness of Thom­son Reuters. All oth­er trade­marks includ­ed here­in are the prop­er­ty of their respec­tive own­ers.