Tuesday, August 27, 2013

Be Safe, It’s an Internet Frauds

We often receive emails from known and unknown sources asking for some favor or proposal. Internet fraud is a term used frequently to describe the fraudulent activities performed using the Internet as a medium. It is very easy to hide your identity and initiate the crime seating 1000 of miles away. This is generally propagated like the virus and takes a form of banking scam. The scam can be of many schemes as listed below 



























Estimates of the total losses due to the scam vary widely since many people may be too embarrassed to admit that they were gullible enough to be scammed to report the crime. In addition to the financial cost, many victims also suffer a severe emotional and psychological cost, such as losing their ability to trust people. One man from Cambridgeshire, UK, committed suicide by lighting himself on fire with petrol after realizing that the $1.2 million “internet lottery” that he won was actually a scam.

Before it’s too late let us understand how such scams are triggered. In this blog, I am going to discuss how Business proposal scam leads to financial loss and ways to identify and mitigates the same. 

I received the below email which has a very impressive offer.Let's analyze the mail.

Email Message 

Mail from Alice Farah farah_alice@voila.fr via yahoo.com 

---------------------------------------------------------------------------------------------
Dear Friend.

Greetings to you and your family, I am the manager of bill and exchange in THE BANK, I have a business of 5.5 Million United State Dollars to be transfer to your account for investment in your country, if you are ready to assist me get back to me, I will give you full details on how the fund will be transfer to you.

Be rest assured that everything will be handled confidentially because, this is a great opportunity we cannot afford to miss, as it will make our family profit a lot.

It has been 6 years go, that most of the greedy African Politicians used our bank to launder money overseas through the help of their Political advisers.

Most of the funds which they transferred out of the shores of Africa were gold and oil money that was supposed to have been used to develop the continent.

The Political advisers always inflated the amounts before transfer to foreign accounts so I also used the opportunity to divert part of the fund worth five million five hundred united state dollars I told you about and I am aware that there is no official trace of how much was transferred as all the accounts used for such transfers of fund at that particle time were closed after transfer.

I am the account officer to most of the politicians and when I discovered that they were using me to succeed in their greedy act, I also cleaned some of their banking records from the Bank files and no one cared to ask me for the money was too much for them to control, as I am sending this message to you, I was able to divert five point five Millions Dollars ($5.5M)which is in an escrow transit account belonging to no one in the bank, and now my bank is very anxious to know the real beneficiary of the funds is for they have made a lot of profits with the fund.

It has been more than five years ago and most of the politicians are no longer in power again and they don’t use our bank to transfer funds overseas anymore since their tenure had expired.

The $5.5 Million United State Dollars has been lying in the bank as unclaimed fund and I will soon retire from the bank immediately the fund is transfer into your account over there.

Immediately the fund has been successfully transfer into your account I will come to your country for the sharing of the fund, the fund will be shared 50% for me and 40% for you, and the other 10% for the orphanages home and poor with less-privilege people.

Please know that there is no one that is going to question you about the fund if you will comply with me and follow my instruction which will help us a lot to achieve this goal for everything is well secured.

Please indicate your interest in this transaction by replying back through my private email
and if you are not interested do not waste your time to reply kindly delete my message from your box ok.

Waiting to hear from you soon.

Yours Faithfully,
Mrs. Alice Farah.
------------------------------------------------------------------------------------------------------------


The best way to analyze the mail is to read the message header, which gives all the information i.e. when this mail was originated, source address, Number of hops or the device it has passed thru and so on. The below snippet shows a message header, which needs to be read from bottom in a chronological manner.

Message Header 

Please click on the below image for better resolution.




If you look at the full header information of the email you will most likely see a different reply to and/or return-path, which is the spammers email address. In our case Reply-To: alicefarah5@voila.fr is different then Return-Path: p.godpower@yahoo.com. So that means it’s a spam mail!!!The “From” address can be spoofed with your friend email address as well.

Now, let’s identify the origin of this mail. After analyzing the above message header you can get the below matrix showing how this message has transverse from different network and system. So that’s means the message you send over the internet can be tracked easily and necessary actions can be taken 

From
To
Time received
41.203.233.236
web161306.mail.bf1.yahoo.com [Web]
8/19/2013 7:06:33 PM
127.0.0.1
omp1005.mail.bf1.yahoo.com [Yahoo NNFMP]
8/19/2013 7:06:33 PM
98.139.212.196
tm12.bullet.mail.bf1.yahoo.com [Yahoo NNFMP]
8/19/2013 7:06:33 PM
98.139.215.141
nm47.bullet.mail.bf1.yahoo.com [Yahoo NNFMP]
8/19/2013 7:06:34 PM
nm47-vm1.bullet.mail.bf1.yahoo.com.
mx.google.com
[Google]
8/19/2013 7:06:34 PM
10.224.160.130
[SMTP]
[Google]
8/19/2013 7:06:34 PM
10.52.155.4
[SMTP]
[Google]
8/19/2013 7:06:34 PM

The origin of this message is from IP Address - 41.203.233.236.If you perform Whois IP Address lookup the below detail can be obtained. 

person:         Emmanuel GUIGMA
nic-hdl:        EG4-AFRINIC
address:        ONATEL, 01 P.O. BOX 10 000
address:        Ouagadougou 01
address:        Burkina Faso
address:        OUAGADOUGOU 01 BP 10000
address:        Burkina Faso
e-mail:         guigma@onatel.bf
phone:          +22650305847
fax-no:         +22650315386
source:    AFRINIC # Filtered 

It shows the origin of this message is from Africa.

Be safe and Please don't provide your personal details to such mail

Friday, August 23, 2013

Cyber Warfare a Global Digital Weapon

Not every battle starts from ground, air or water…These days, you'll find some of the fiercest fighting going on between computer networks. The Digital Age has transformed the way weapon are been used. Digital Weapon is the new terms referred across the organization & continents.  Rather than using bullets and bombs, the warriors in these confrontations use bits and bytes flowing over the public and protected network.

Cyberwar can be defined as Leveraging the Internet for political, military, and economic espionage activities. Cyber warfare is Politically motivated hacking to conduct sabotage and espionage.


Cyber warfare is a serious concern and only limited specialized skill resources are required, unlike traditional warfare where massive resources, weapon, and equipment are required. The cyber defense should be considered as the fourth arm after the army, navy and air force. Nations are spending huge investment in building young talent for establishing R&D center to defuse/activate attack. The objective is to steal sensitive information about the weapon, strategic and other information which may act as a major decision factor during the war. The reach of such attacks are more since all developed or developing countries are heavily depended on internet and attack can be initiated across the globe.

In today's scenario, many of the Government Sites are running with obsolete solution stack, Vulnerable deployment & coding practice, reactive threat management system making them prone for Cyber Attack.

Multiple cases that have been noticed for Cyber warfare between countries like US, South Korea, Pakistan, China, Israel &  India etc.

On  April 2013, Anonymous launched a cyber war against Israel. It was touted as  “the largest internet battle in history,” hitting 100,000 websites, 30,000 bank accounts, 40,000  Facebook pages and 5,000 Twitter accounts.

Indian Government Departments that have come under Repeated attacks Prime Minister's Office, Ministry of External Affairs, Indo-Tibetan Border Police and DRDO.According to official data, a total of 78 Indian government websites were hacked and 16,035 incidents related to spam, malware infection and system break-in were reported this year so far.

In India, their many agencies focused on Cyber defense are NTRO(National Technical Research Organization), National Critical Information Infrastructure Protection Center and CERT.

Thursday, August 22, 2013

It’s a Game of Power

Not always hacking is associated with stealing information, it sometimes a way to show power, demonstrate protest or a way to communicate thoughts publicly.

Recently, MTNL Mumbai website is hacked by Pakistan Hacker from Australia.




All the legitimate users redirected to a landing page showing message ‘Mr. Creepy was here. Happy Independence Day Pakistan’.

In this case, the 80 lakh customer data was not breached and site is up and running.

Similar, incident happened to other Indian sites like Pune Traffic Police and  Janwani, a social initiative of Maharashtra Chamber of Commerce and Industries & Agriculture, on the eve of India’s 67th Independence Day. The Image shows a guy colored in Green(Symbol of Pakistan) along with a group of people carrying Indian flag.  

Wednesday, August 14, 2013

Card skimming an epidemic!!!

A complex urban lifestyle has made technology advancement to ease the effort and time for carrying day-to-day activities in a busy schedule. Days have gone, when users use to carry a physical form of money for daily needs. Now, users are spending more time online for transactions and other payment related activities. This has lead to another form of fraud associated with cards i.e. skimming which may be described as creating an illegal replica copy of legitimate cards (Credit/ATM).

The scammers try to steal your identity details from the magnetic strip of card, so they can access your accounts and later propagate identity fraud. This may affect mass user community if planned and execute in public places like ATM booths. Fraud transactions are launched outside the boundaries which make even more difficult to enforce stringent laws.

Let’s understand how this is achieved by hiding fraud setup in the actual device of ATM -


Indian Banks are facing a tough situation as Card Skimming has led into a Massive scam and transactions occurring outside Indian Borders (like Mexico, Spain, and United States etc.) have led these financial institutions to face a loss up to Rs 30 Crore in the last one month. ICI Bank, Citibank, SBI Cards and Axis Bank. In fact, Union Bank has also requested some account holder to re-issue the card to mitigate risk raised by Visa.

RBI has already enforced some strict guidelines for the banks to established OTP as a second form of authentication which only users know.
Now, how did this Fraud happen? Fraud is executed by masking or copy the Victim card from the Transaction machine (Petrol Pumps, POS usage), ATMS, other Credit card agencies. Later it’s very easy to use for shopping and other transactions within and across the world.
How to Overcome
RBI made it mandatory to install EMV / Chips on the Cards and upgrade all Merchant Card Processing units to accept Chip-based cards only starting from July-2013.

Some alternative solution can also be implemented to minimize the fraud by enabling transaction approval over the registered number thru SMS. The owner of the card needs to approve the transaction by trying Yes/No. The user can immediately notify the branch if he received any approval notification for the transaction he has not performed.

Till the upgrade, users’ needs to be more careful while using cards and follow some standard checks during transactions 

Warning signs
  • A shop assistant takes your card out of your sight in order to process your transaction.
  • You are asked to swipe your card through more than one machine.
  • You see a shop assistant swipe the card through a different machine to the one you used.
  • You notice something suspicious about the card slot on an ATM (e.g. an attached device).
  • You notice unusual or unauthorized transactions on your account or credit card statement.

Protect yourself from card skimming


  • Keep your credit card and ATM cards safe. Do not share your personal identity number (PIN) with anyone. Do not keep any written copy of your PIN with the card.
  • Check your bank account and credit card statements when you get them. If you see a transaction you cannot explain, report it to your credit union or bank.
  • Choose passwords that would be difficult for anyone else to guess.