Monday, June 29, 2009

Phishing Attacks Up 240% on Social Networking Sites

Report: Social Networking Phishing Attacks Up More Than 240%
U.S. extends its lead as No. 1 country hosting phishing attacks, according to MarkMonitor's new brandjacking report

Jun 29, 2009 | 02:39 PM By Kelly Jackson Higgins | DarkReading

Social networks are increasingly becoming a favorite method of attack for phishers as they look for more efficient ways to reach potential victims, according to a newly released report.

Overall, phishing attacks rose 36 percent in the first quarter of this year compared to the same period in 2008, according to a sampling of banking brands used in MarkMonitor's Brandjacking Index report for January through April 2009. And more than 500 organizations worldwide were phished in the first quarter of this year, up 14 percent from the fourth quarter of last year, according to MarkMonitor.

Phishing attacks on social networking sites increased more than 240 percent compared to the same time last year, just behind attacks on payment services, which jumped a whopping 285 percent versus the first quarter of '08. "They exploit the trust one user has with another [on a social network]. There's a tendency to open up something from one of your 'friends' on these sites," says Frederick Felman, chief marketing officer at MarkMonitor. "This is the biggest innovation in phishing attacks since RockPHISH, and it's more social than technical exploitation. RockPHISH was an infrastructure play, but this is using someone else's infrastructure to spread the badness."

The good news, however, is that social networks are relatively quick to shut down phishing attacks on their sites, Felman says.

Continue Dark Reading

Commonwealth Bank's Online Web Bank Fails

Commonwealth Bank's web bank fails | ASX: CBA
Glitch snarls CBA's online bank | Chris Zappone
June 29, 2009 - 2:22PM

Commonwealth Bank's web banking service NetBank failed today, in what could be a hacker attack, leaving thousands of customers unable to access their accounts via the internet.

A recorded message on the bank's phone access line acknowledged the problem with NetBank, saying it was ''working to resolve this as a matter of emergency.'' The bank blamed "intermittent network issues" and gave no set time for the entire system to be restored.

"Service is currently beginning to resume and some customers are being serviced," a spokesman for the bank said, although NetBank did not appear to be functioning by mid-afternoon.

The bank apologized to customers for the inconvenience.

Customers who tried to access their accounts online received a message saying, ''NetBank is temporarily unavailable,'' and urging them to try to phone their customer account line.  Customers unable to access their accounts should ring 132 221, the bank said.

Hacker attack?

Commonwealth Bank has attracted a flurry of phishing attempts, fraudulent emails and online scams in recent months, since launching an upgraded online banking portal.

Phishing is the use of fraudulent emails to scam customers out of personal details like bank account passwords.  (Editor's Note:  Again, if consumers were not trained to "type" their log-in details, such as a username and password, and instead, swiped their bank issued debit card and entered their bank issued PIN code, the threat of phishing would be eliminated.  It is how you access the bank's ATM so why wouldn't and shouldn't it be the way you access your online banking account?  Swipe, don't Type).

Although the network issues experienced today are thought to be unrelated, Commonwealth has taken the service down temporarily to run tests on the system to check its integrity, said chief information officer Michael Harte.  "We haven't completely ruled out an attempt to do a denial of service attack,'' he said.

Continue Reading at BusinessDay

, , , , ,

Introducing Bank of America Merchant Services

Bank of America and First Data Form Next-Generation Payment Solutions Company

CHARLOTTE, N.C. and DENVER, June 29 /PRNewswire/ -- Bank of America N.A. and First Data Corp. announced today the formation of a new company that will deliver next-generation payments solutions to merchants ranging from small business to commercial and corporate clients worldwide.

Bank of America Merchant Services, LLC will provide clients with the most comprehensive suite of innovative payments solutions including credit, debit and prepaid cards to merchant loyalty, check and eCommerce payments, the companies said.

Thomas Bell, chief strategy officer and president of First Data's financial services business, was named chief executive officer of Banc of America Merchant Services.

"The combination of First Data's world-class technology and industry experience with the power of Bank of America's brand and branch referral channel will enhance Banc of America Merchant Services' position as an efficient and innovative player in the payments market," Bell said.

Merchant clients also will benefit from new service offerings including loyalty and prepaid programs, along with mobile commerce and check solutions that will drive return traffic to their stores and provide their consumers with the security, convenience and rewards they have come to expect.

"For our clients, the most important transaction they have occurs the moment their customer pays them for what they do. This alliance provides stronger payments acceptance capabilities as well as enhanced business-reporting tools and a better experience for their customers," said Catherine P. Bessant, president of Bank of America's Global Product Solutions group. "The formation of this new company underscores our full commitment to the merchant services business."

For merchants seeking to expand their offerings in the fast-growing virtual marketplace, Banc of America Merchant Services will offer the scalability, integrated capabilities and deep understanding of the transactional process to deliver industry leading eCommerce solutions.

"The First Data, Bank of America alliance will create a payments company with more than 70 years of combined merchant experience," said Michael Capellas, chairman and CEO of First Data. "Together, we will help clients keep pace with the dynamic virtual marketplace by delivering secure, scalable and reliable payment processing and the broadest set of innovative payments solutions at highly competitive prices."

Bank of America will contribute approximately 240,000 merchant relationships and First Data will contribute approximately 140,000 merchant relationships to the new company. Following a transition period, First Data will provide the merchant processing and related services. The combined entity will process over one billion transactions per month.

Banc of America Merchant Services will be approximately 46.5 percent owned by Bank of America and 48.5 percent by First Data, with the remaining stake held by Rockmount Investments, LLC, an investment vehicle controlled by a third party investor.

Financial impacts from the transaction will be discussed when Bank of America releases second-quarter earnings on July 17. First Data will discuss financial impacts of the alliance on their next quarterly results call in August.

Bank of America Merrill Lynch acted as financial advisor and Wachtell, Lipton, Rosen & Katz acted as legal advisor to Bank of America. Sutherland Asbill & Brennan and Perkins Coie acted as legal advisors to First Data.

First Data powers the global economy by making it easy, fast and secure for people and businesses to buy goods and services using virtually any form of electronic payment. Whether the choice of payment is a gift card, a credit or debit card or a check, First Data securely processes the transaction and harnesses the power of the data to deliver intelligence and insight for 5.3 million merchant locations and thousands of card issuers in 37 countries. For more information, visit

Bank of America

Bank of America is one of the world's largest financial institutions, serving individual consumers, small- and middle-market businesses and large corporations with a full range of banking, investing, asset management and other financial and risk management products and services. The company provides unmatched convenience in the United States, serving approximately 55 million consumer and small business relationships with more than 6,100 retail banking offices, more than 18,500 ATMs and award-winning online banking with nearly 30 million active users. Bank of America is among the world's leading wealth management companies and is a global leader in corporate and investment banking and trading across a broad range of asset classes serving corporations, governments, institutions and individuals around the world. Bank of America offers industry-leading support to more than 4 million small business owners through a suite of innovative, easy-to-use online products and services. "Bank of America Merrill Lynch" describes the marketing name for the global banking and global markets businesses of Bank of America Corporation. The financial advisory services referred to above were performed by Merrill Lynch, Pierce, Fenner & Smith Incorporated, an investment banking affiliate of Bank of America Corporation and a registered broker-dealer and member of FINRA and SIPC. The company serves clients in more than 150 countries. Bank of America Corporation stock (NYSE: BAC) is a component of the Dow Jones Industrial Average and is listed on the New York Stock Exchange.

, , , , ,

Virtual Currency Virtually Banned in China

China Cracks Down on Virtual Currency, For Real - China Journal - WSJ

In the latest blow to online gamers in China, Beijing has prohibited the use of virtual money to buy real world goods.

‬‪‬‪Until now, online game players who win virtual currency have been able to use it to purchase all sorts of things, including real money, giving rise to a burgeoning trade in virtual currency, valued at 10 billion to 13 billion yuan in 2008, according to the China Internet Network Information Centre (CNNIC).

But no more. According to new regulations released jointly by the Ministry of Commerce and the Ministry of Culture last week, virtual currency should be exchanged only for virtual goods and services provided by the issuer of the currency.

Continue Reading at Wall Street Journal

Editor's Note: SecondLife is a prominent provider of Virtual Currency, to learn more about them, click here

Reblog this post [with Zemanta]

Wincor Nixdorf Partners with Sevenval for Mobile Banking Offers

Wincor Nixdorf partners with mobile specialist for new mobile banking offers

PADERBORN, Germany — Sevenval GmbH, a technology specialist in mobile Internet portals, and Wincor Nixdorf International have formed a strategic partnership, bundling their collective expertise to enable financial institutions to have access to mobile banking offerings.

According to a news release, the partnership allows Sevenval to expand its international activities by leveraging Wincor Nixdorf's PC/E Retail Banking Solution Suite with Sevenval’s multichannel output technology. In the future this will allow Wincor Nixdorf to map retail banks’ Internet portals and services on mobile terminals and home entertainment systems.

The new browser-based software PC/E Mobile Banking ensures that banks can offer financial services such as account information, funds transfers or sales of securities by mobile phone. The software makes use of the bank’s existing IT infrastructures and optimizes customer access to the mobile banking channel.

Wincor says the benefit for banks is that their mobile channels can be expanded without the need to develop additional, redundant infrastructures, and customers enjoy an optimal mobile banking experience. In addition, services familiar from Internet banking and high standards of security can be ensured on mobile terminal devices just as on stationary ones.

"The customization of the output format to the different mobile terminal devices guarantees that the complete solution is easy for bank customers to use and that the technical work, time involved and costs to banks remain modest," said Thomas Certa, head of solution marketing at Wincor Nixdorf. "Our cooperation with Sevenval means that we will be able to rely on technology components that have proven themselves on the market. This will help us in our ongoing, long-term objective of strengthening our solution portfolio for mobile banking and mobile payment."

Sevenval’s FIT technology is already in use at numerous banks in Europe. It automatically adapts online services for use on Internet-capable mobile telephones. Depending on the device features, Sevenval FIT Multi Channel Server optimizes the navigation, display and content of Internet banking portals on any mobile telephone with the support of a continually-updated profile database. Whether a customer has a classic mobile phone, PDA, BlackBerry or iPhone — for every product on the market, customers receive an optimized and easy-to-use version of the bank’s Internet services.

Newer mobile phones are often supported even before they are officially released for sale. Other Internet-capable devices such as games consoles, navigation systems or multimedia television set-top boxes are also added to the profile database.

"The solution’s flexible architecture also allows product information and other services such as financial information and ATM finders to be added," said Sascha Langfus, of Sevenval. "Owing to its multichannel product portfolio and international presence, Wincor Nixdorf is an ideal partner for us in our continued expansion of our leading market position in mobile banking."

Reblog this post [with Zemanta]

Michael Jackson Malware Campaigns Exploit Death

Michael Jackson's death themed malware campaigns spreading

The sudden death of Michael Jackson quickly opened a window of opportunity for cybercriminals to capitalize on.

With a malicious spam campaign, blackhat SEO search results poisoning which is serving scareware within the first 100 search results for Michael Jackson’s death, and an opportunistic participant in Zango adware’s network using typosquatting, malicious activity is prone to increase during the next couple of days.

Here are more details on the campaigns currently in circulation:

The malicious spam campaign is enticing users to visit a compromised web site (Beatz radio where the bogus Michael.Jackson.videos.scr screensaver is served.

A second, non-malicious spam campaign using a Michael Jackson theme is being spammed from legitimate emails in a desperate and amateur-ish attempt to harvest the emails of those who reply back - a practice which became obsolete with the time due to the much more sophisticated email harvesting techniques spammers have in a Web 2.0 world for instance.

Continue Reading at ZDNet

Michael Jackson   Malware  Jacko

Reblog this post [with Zemanta]

Online Banking at High Risk - Kapersky

Online banking at high risk from attack that knows your bank

by Daniel Long on Jun 29, 2009

There is a risk of banking websites falling prey to a new form of malicious keyboard logger, but there is a way to reduce your risk.

(Yeah, Swipe, Don't Type.  Pretty much eliminates keylogging doesn't it?  In fact it's key to logging-in securely)

Away from the physical world of ATM skimming practices, it's the online domain where criminals are continuing to refine the way they steal your personal banking data.

According to a current banking threat detailed by one of Kaspersky's leading chief security experts, banking websites are at significant risk of being attacked by ingenious malware scripts that can remember passwords entered by customers, using a clever screenshot tactic which reports details of the victim's passwords back to the attacker.

Special types of malware are being developed just for breaking the passwords found on different internet banking sites.

"Most of the banking fraud happening at the moment online is with Trojan horses. There's quite a lot of it that will hijack your online banking connection with different types of banks", says Costin Raiu, who forms part of the Global research and analytics team at Kaspersky Lab.

Continue Reading at PC Authority

Reblog this post [with Zemanta]

E-Banking Wire Transfers Risky

Hackers were not so clever

As technology soars, so too does cyber crime
By: Wassayos Ngamkham
Published: 29/06/2009 at 12:00 AM

Aspate of electronic money transfer scams has raised doubts about the security of state-of-the-art technology banking systems known as E-banking.

Despite the technological advances, bank-to-bank wire transfers are still considered risky because they are vulnerable to increasingly sophisticated hackers, Crime Suppression Division investigator Akkaradet Pimolsri said.

The arrest of two Russian hackers and a Thai man in a bank fraud gang is a case in point.

On June 15, Anton Soldatenkov, 26, Vnuchenko Oleksandr, 32, and Prakiat Bunmo!, 34, were arrested after withdrawing 6.5 million baht in cash from a Krung Thai Bank branch at Siam Eastern Industrial Park, in Rayong's Pluak Daeng district.

Five days earlier, two banks - Krung Thai Bank and Siam Commercial Bank - were allegedly tricked into transferring almost 10 million baht combined into the three men's account through the online banking system.

Continue Reading

Reblog this post [with Zemanta]

British Museum Company Says YESpay

Press Release

British Museum Company guarantees payments with high speed secure payment service from YESpay

June , 2009, London – The British Museum Company has selected YESpay’s EMBOSS Payment Processing Service to provide a high speed payment service that is fully accredited by its card acquirer and compliant with the Payment Card Industry Data Security Standard (PCI DSS) across seven locations and 34 tills.

The company, the commercial force behind the British Museum, needed an approved acquirer of EFT transactions and payments to run its settlement service.

Muna Khan, IT Manager, The British Museum Company, said, “We were concerned with the security of handling of our own payments and we had no way of tracking payments with our existing technology. We would occasionally receive phone calls from customers to advise that their monthly bill hadn’t been taken, which raised concerns of the level of service we were providing.”

The pre-accredited YESpay EMBOSS bureau service means all transactions are logged centrally in real time during online authorisation. Also, by running batched overnight settlements it means no further store intervention is required. The company’s end-to-end EMBOSS service and data centres are already fully PCI DSS compliant to Level 1.

Khan added, “We can log onto a secure site and instantly access a record of payments made. If there are any discrepancies between sales and payments not matching we can download statistics and check records.”

Rohit Patni, EVP Sales and Marketing, YESpay, said, “By outsourcing its card payments processing to YESpay, The British Museum has a high speed payment service to meet the demands of its business. The overhead of maintaining payments itself has been removed and it has freed up staff to concentrate on other issues. The company has considerably cut the costs of bank accreditation and complying with PCI requirements and only pays a low
monthly fee.”

The technology supports all major credit and debit card brands mail order and is ready to support other technology, such as kiosks.

PR Contact:Tanya Pring
Fieldworks (YESpay PR)
Tel: + 44 (0) 1435 873080

Clear Unclear About What Happens to Customers Data After Abruptly Closing Doors

Out of business, Clear may sell customer data - It would go to a similar provider authorized by the TSA

By Robert McMillan

IDG News Service - Three days after ceasing operations, owners of the Clear airport security screening service acknowledged that their database of sensitive customer information may end up in someone else's hands, but only if it goes to a similar provider, authorized by the U.S. Transportation Security Administration.

Until this week, the Clear service had given customers a way to skip long security lines in certain airports. For a $199 annual fee, air travelers could be pre-screened for flight and then use Clear's security checkpoints instead of the TSA's. Clear was run by New York's Verified Identity Pass, which also shut down on Monday.

Customers had to provide personal information, including credit card numbers, fingerprints and iris scans in order to participate in the program. After Clear abruptly shut its doors -- it has not yet declared bankruptcy -- some worried that this data could fall into the wrong hands.

"They had your social security information, credit information, where you lived, employment history, fingerprint information," said Clear customer David Maynor, who is chief technical officer with Errata Security in Atlanta. "They should be the only ones who have access to that information."

Maynor wants Clear to delete his information, but that isn't happening, the company said in a note posted to its Web site Thursday.

Continue Reading

Disqus for ePayment News