Posts Tagged With ‘social engineering’


Bank online with confidence

Authored by  – Anand Naik, Managing Director-Sales, India & SAARC, Symantec

Gone are the days of standing in a queue at the bank, with a token in hand waiting to make a transaction! Today, the internet allows us to perform so many banking transactions online – from checking account balances and transferring funds, to reviewing our credit reports and making bill payments. We no longer have to get in the car, drive to the bank, or communicate with a bank teller in person. For most of us, online banking offers tremendous time savings and the option to bank at our convenience. With the rapid advancement of technology, we’re now able to use our mobile devices to help take care of our banking needs, regardless of whether we are at home, at work or even on holiday!

However, there’s always a flip side to such major changes. Banking has evolved to be literally at our fingertips, but this convenience comes at a risk as the cybercriminals are continuously on the lookout to steal our money, our information and identities. The Norton Cybercrime Report 2012 found that globally, 18 adults become a victim of cybercrime every second, resulting in more than one and a half million cybercrime victims each day. The direct cost of cybercrime was an average of US$197 per victim across the world and in India, that amount was only slightly lower at US$192 or INR 10,585. Symantec’s Internet Security Threat Report XVIII reports that in 2012 mobile malware increased by 58 percent. With a 30 percent increase in the number of mobile OS vulnerabilities, consumers using banking services via their mobile devices are at a higher risk of data theft.

The Norton Cybercrime Report 2012 also revealed that 42 million Indians have been victims of cybercrime in the past 12 months, which is a 75 percent increase from the number of cybercrime victims the previous year. Some of the more common techniques cybercriminals use to steal our information are phishing and pharming. Phishing is a method by which fake emails – for example, messages that look like they are coming from our banks – are sent to users asking for their account numbers and passwords. Pharming techniques are used by cybercriminals who create legitimate-looking web pages to trick visitors into divulging these details. Both of these methods are examples of social engineering – where the users themselves are tricked, duped or lured into parting with private information.

Just last year, Symantec observed attacks where phishers spoofed the Reserve Bank of India’s Web site as a ploy for a tax refund scam. The phishing site attempted to lure users by stating that the bank would take full responsibility for depositing the tax refund to the user’s personal bank account. The user was prompted to select the name of the bank from a list of eight banks and enter their customer ID and password. Through this, phishers intended to steal the confidential information of customers of several banks from a single phishing site. The following page asked for credit/debit card number and PIN number. After these details were entered, the phishing site displayed a message acknowledging that the request for the tax refund has been submitted successfully. The user was then redirected to the legitimate Reserve Bank of India site, little knowing that they had just become a cybercrime victim.

While these clever ploys by cybercriminals may lead many of us to hesitate from banking online, there are precautions we can take to ensure that our information and hard-earned money are safe regardless of the channel we use for transactions.

If we are aware, vigilant and follow some basic guidelines, we can enjoy the convenience of banking online with confidence.

Quote from Anand Naik, “Today, cybercrime is much more prevalent than people realize. Cybercriminals have moved from more traditional forms of attack such as mass distributed malware, to more targeted attacks that include social engineering to gain access to sensitive and personal information. With an increasing number of Indians banking online, the need to remain alert has never been greater. With some common rules and a comprehensive security solution in place, we can all safely enjoy the benefits of online banking.”


Hack the Hackers 2012

Hack the Hackers 2012
Sofia, Bulgaria

On June 7th, 2012 New Horizons Bulgaria hold Hack the Hackers 2012 – a free seminar with live hacking demos, organized exclusively to promote EC-Council and CEH in Bulgaria.

The event was led by EC-Council top trainer Sean Hanna, who was in Bulgaria to deliver the third CEH training for New Horizons’ clients.

We managed to get Sofia University – the largest and most prestigious university in Bulgaria – to partner and sponsor the event. They provided us with a 300 seat auditorium, situated in the center of Sofia.

Official media partner of the event was Kaldata.com – the leading Bulgarian site for software, hardware and IT news, with over 1,500,000 unique monthly visitors.

Hack the Hackers was once again greatly supported by EC-Council, which was announced as the exclusive certification partner of the event. Hanan Wagie, Senior Director – EMEA, provided us with free 3 CEHv7 digital courseware and 3 iLabs, and arranged an exclusive interview with EC-Council President Jay Bavisi.

The campaign started on May 4th with the launch of Hack the Hackers website and two days later we got 300 registrations! Not a single euro was spent on advertising – an email invitation to our newsletter subscribers and a press release were just enough to spread the word.

Hack the Hackers event was attended by more than 250 onsite and 60 online participants. Many of them work for high-profile companies from the following sectors: Finance, Telecommunications, Information Technologies, Public Administration, Energy, and Manufacturing.

Sean presented the topic Client Side Hacking – Targeting the User, and demonstrated Cracking wireless WPS with Reaver, Remote Code Execution Buffer Overflow, Social engineering with SET and DNS Spoofing). At the end of the seminar two CEH vouchers were awarded to: Lazar Sestrimski, developer at Haemimont LTD, and Vlado Treneski, CISO at Interakcija.

The event got media coverage by Bulgaria’s most popular TV channel (bTV), and a number of online media (Kaldata, Saga Technology, itForum, Info Week, etc.).

Difficulties: Despite the venue was glorious and in a perfect location, we experienced difficulties with the university administration, such as organizational problems, voice echo and lack of technical support.

Next steps:

1. Promotion of EC-Council Secure Computer User Specialist program, in response to growing interest in security issues among non-IT people.

2. Promotion of EC-Council Certified Hacking Forensic Investigator program to raise awareness about collecting digital evidences.

 

To read more please click HERE