March is Fraud Prevention Month. Experts warn how your seemingly benign postings on social networking sites could be giving away your passwords to online accounts. Traditional fraud scams re-packaged for the digital world
While the fraud prevention educational campaign may assume a consumer perspective on the inherent risks, enterprise workers are still consumers working inside a business, exposed to the same risks and prone to the same behaviour, said Bill Harmon, associate general counsel with Microsoft Corp.’s digital crimes unit.
“You still have individuals working inside these businesses and they are still subject to receiving these advanced fee fraud scams or people asking for money,” said Harmon.
In particular, with cloud computing, cyber criminals can take advantage of the advertising channel to ship malicious code that can affect the PC of an unsuspecting end user, said Harmon. Fraudsters can also run scareware to trick end users into believing their machines are infected and convince them to pay fees for fake security software.
Click fraud is also a problem for subscribers of a fraudulent content service that auto generates fake clicks to draw more money from advertisers, said Harmon. “Those kinds of scams are taking advantage of the cloud infrastructure,” said Harmon. “And those are the kinds of things we’d want to be wary of and police against.”
Harmon said the information end users reveal on public social networking accounts, although seemingly benign, can be just enough for fraudsters to figure out the password to that person’s account with other cloud services.
Brian O’Higgins, an Ottawa-based security consultant, thinks that raising education and awareness about fraud is the most important thing government agencies and security experts can do. But he said he hasn’t exactly noticed any particular initiative being very effective.
“Of course, a spectacular breach or fraud gets attention, and for the next three weeks or so people are more cautious,” said O’Higgins. “But the memory quickly fades.”
O’Higgins doesn’t expect many businesses and individuals will even realize March is Fraud Prevention Month. And if they do, they probably won’t even bother changing their behaviour to lessen the risks.
The goal of the strategy is to improve protection from cyber threats against individuals and businesses. ITAC (Information Technology Association of Canada) took part in the strategy’s unveiling last year.
ITAC’s president and CEO, Bernard Courtois, said at the time that the strategy would up the ante on defending against cyber attacks, especially since more complex attack vectors are detected each year. “They are investing in their capabilities. We must respond by investing more in ours,” said Courtois. October is Cyber Security Awareness Month.
Harmon pointed out that the advent of information technology has provided a vehicle for fraudsters to deploy their scams that, today, have only been re-packaged to fit the digital world.
“They’re able to do it at scale. Think of the cybercriminal as an entrepreneur without any idea of social norms. And they’re just trying to exploit all this information,” said Harmon.
Follow Kathleen Lau on Twitter: @KathleenLau