How to verify whether a website is legitimate or not?:

lunes, 19 de agosto de 2019

How to prevent Business Email Compromise (BEC) fraud ?

O en español; como prevenir el fraude del CEO.

The past year the FBI published an alert pointing out that the BEC fraud exceed $12 billion globally.
The report was based on data collected by the FBI´s Internet Crime Complaint Center (IC3), international law enforcement and financial institutions between October 2013 and May 2018. The amounts represent both money that was actually lost by victims and money they could have lost had they taken the bait.

Many of these attacks are skillfully crafted. Criminals lurking on websites and social media con uncover plenty of information for fine-tuned spear phishing emails: who suppliers are, what the management structure is, who is receiving new business pitches or expansion plans, etc. Executive travel plans are particularly useful for scenarios like this since the urgency of a task can be inflated from abroad: "I'm in Singapur and we need to make a payment ASAP to this supplier or we risk losing it. Don't delay - please wire these funds immediately."

How this fraud could be prevented?:

  1. To train your leadership, specially in finance about the risks associated with these kind of attacks, methods of detection and manual authentication.
  2. Methods of detection will include to be vigilant to:
    • Pressure and a sense of urgency
    • Unusual request in contradiction with internal procedures
    • Typosquatted domains similar to your company (@R0CHE.COM instead of @ROCHE.COM)
  3. To use DMARC. Domain-based Message Authentication, Reporting & Conformance, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author ("From:") domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

You can check wether you organization has DMARC in place or not just by typing the domain part of your mail address into this resource.

DMARC check compliance for the domain

Basically, DMARC is a technology that allows you to confirm whether an email is from the organization it claims to be from. This technology will not help you in cases where the corporate email has been compromised, and the attacker has full access to the mail account of the person in finance. Obviously this approach would require much more effort.

Since June 2016, the Global Cyber Alliance (GCA) has been working to accelerate adoption of DMARC through advocacy, by providing a set of easy-to-use tools and campaigns to drive deployement. GCA also measured the economic impact on this report. The benefits to deploy DMARC in your company are clear. What are you waiting for?

miércoles, 7 de agosto de 2019

Criminal activity involving counterfeiting and the professionalised organized crime networks

Recently, the first EU-wide intellectual property crime threat assessment from Europol and the European Union Intellectual Property Office (EUIPO) was published. Press release by Europol.

The report contains 40 pages of insights about criminal activity involving counterfeiting and the professionalised organized crime networks, which can reap large profits while running relatively few risks. It was created with EU-wide data and strategic intelligence analysis. 

Below are the main points I would highlight on this report:

Metrics related:
  • Counterfeit and pirated goods could make up as much as 6.8 % of EU imports, amounting to EUR 121 billion 
  • In 2016, up to 6.8 % of EU imports constituted counterfeit and pirated goods, amounting to as much as EUR 121 billion. Compared to 5 % in 2013, this is a sharp increase in three years1. 
  • The economic impact of counterfeit clothing and personal accessories is particularly high. It is estimated that counterfeiting causes losses of around EUR 26 billion per year to the clothing, footwear and accessories sector13 and around EUR 2 billion a year to the jewellery and watches sector in the EU14. 

Facts related:
  • Although shipment of counterfeit goods to the EU still occurs largely in bulk by freight transport, in recent years there has been a strong increase in express transport. This sharp growth in trade via small parcels is related to the growth in online marketplaces selling counterfeit goods 

  • Besides the traditional luxury items, a wide range of everyday goods are targeted by counterfeiters. This includes cosmetics, electronic components, food and drinks, pesticides, pharmaceuticals, tobacco products, toys and vehicle parts. 
  • A growing number of counterfeit pharmaceuticals are detected in small parcels, facilitated by a continuous expansion of unauthorised and unregulated online pharmacies. 

  • The market for counterfeit goods remains highly profitable, providing criminals with opportunities to generate huge profits while running few risks. Most criminal activity involving counterfeiting is undoubtedly performed by organised crime groups and there appears to be an overall professionalisation of these groups. 

  • Counterfeiting and piracy are lucrative criminal activities, while at the same time generating relatively low detection risks. 
  • several EU Member States have in recent years decreased their focus on fighting IP crime, in favour of other criminal activities that are deemed more serious and harmful, such as drugs trafficking, migrant smuggling, trafficking in human beings, and terrorism 
  • Online marketplaces are increasingly becoming an important source of income for criminal groups engaged in the sale of counterfeit and pirated goods. 
  • In a series of studies conducted by the EUIPO over the last few years, the direct annual losses of 13 market sectors that are particularly vulnerable to counterfeiting have been estimated. Collectively, these sectors lose EUR 60 billion a year, or 7.5 % of their total sales. 
  • However, despite the large number of counterfeit clothes and shoes that are sold online, they are also still commonly sold on the streets of certain cities and in popular tourist areas. 
  • A particularly worrisome development is that some of the jihadist terrorist attacks in the EU in recent years were partially financed by selling counterfeit clothing and shoes, although the most prominent example of this already stems from 2015. The Kouachi brothers, responsible for the terrorist attack on the Charlie Hebdo office, had been involved in selling counterfeit sports shoes. They had paid for the shoes via international payment services and imported them via parcel service from China. 
  • Other criminal acts that are commonly committed by counterfeiting organised crime groups are excise fraud and VAT fraud. 
  • Criminals are increasingly offering counterfeit goods through social media networks using specific URLs that can be hard to identify by law enforcement authorities. 
  • A common modus operandi for online counterfeiters is to re-register previously used legitimate domain names, also referred to as cybersquatting. Domain names that have previously been used for a wide variety of purposes, including those used by commercial businesses, embassies or politicians, are systematically re-registered to operate as e-shops selling counterfeit goods. This reuse of legitimate websites ensures consistent internet traffic towards these e-shops41. 

Security related:

  • While consumers are attracted to these kind of websites by the free content they can find there, in many cases these same websites are used to target exactly those types of consumers with phishing attempts or the dissemination of malware. It is estimated that one in four persons who stream illegally through a box or stick are affected by a virus or malware. Different kinds of malware and potentially unwanted programmes (PUPs) have been found on suspected websites sharing copyright-infringing content for free, which use deceptive techniques and social engineering to trick consumers into sharing sensitive personal information or even payment card details. This includes many PUPs for the Android OS, reflecting the growing popularity of mobile devices.