Combating socially engineered cyberfraud
Published 10:12, 26 April 10
Card and banking fraud figures published by the UK by Financial Fraud Action UK and the UK Cards Association last month show that while fraud on debit and credit cards actually fell last year, on-line banking fraud rose by 14%.
As the financial services industry attempts to achieve new levels of protection through technologies such as chip and PIN and more sophisticated fraud detection software, fraudsters unleash new strategies for getting what they want, such as more sophisticated phishing schemes to con individuals into revealing personal and financial information, and social engineering schemes to get others to assist in the fraud process.
When it comes to social engineering, the call centre is particularly vulnerable as unsuspecting call centre representatives focused on delivering good customer service can be “socially engineered” for the purpose of fraud. It goes something like this: Through a phishing attack, the fraudster compromises a customer’s online banking account. He’s now able to view basic information such as account statements via the Web portal.
The fraudster can also access auto forms and harvest key personal data, including date of birth, address, etc. Additionally, fraudsters are gathering information via sources such as personal blogs and social media websites, where people talk about their pets, high school mascot and parents. Now, with a quick call into the bank’s call center, a fraudster can authenticate himself as the owner of the account and manipulate the conversation to get what he wants.
Essentially, he “socially engineers” the call center representative to complete his nefarious activities – to the detriment of the customer and the bank.
This kind of activity is difficult to detect using traditional intrusion detection approaches as the fraudulent transaction looks like a series of seemingly harmless activities.
It requires the collection and aggregation of event and log information from across all touch points that form part of the overall process; network devices, financial applications, call centre applications, databases, etc to bring together all the digital fingerprints that collectively may signal that something is suspicious.
The application of real-time data correlation and pattern detection completes the picture by highlighting the suspicious series of events that may signal fraudulent activity. This “second line of defence” is delivered not only through the implementation of appropriate Security Information and Event (SIEM) technology but through skilled security engineers often working as part of a Security Operations Centre (SOC). SOCs are increasingly seen as essential in helping financial organisations deal with cyber threats that are clearly increasing in sophistication and diversity.
If you are interested in learning more ArcSight has created a White Paper on the subject which can be found here.