March is
Fraud Prevention Month. The
Competition Bureau of Canada has been running a campaign every March since 2004 to raise awareness of the risks of fraud, especially now that information technology, such as cloud computing and social networking sites, has given traditional scams all-too-effective digital vector attacks, warns one expert.
While the fraud prevention educational campaign may assume a consumer perspective on the inherent risks, enterprise workers are still consumers working inside a business, exposed to the same risks and prone to the same behaviour, said Bill Harmon, associate general counsel with Microsoft Corp.’s digital crimes unit.
“You still have individuals working inside these businesses and they are still subject to receiving these advanced fee fraud scams or people asking for money,” said Harmon.
In particular, with cloud computing, cyber criminals can take advantage of the advertising channel to ship malicious code that can affect the PC of an unsuspecting end user, said Harmon. Fraudsters can also run scareware to trick end users into believing their machines are infected and convince them to pay fees for fake security software.
Click fraud is also a problem for subscribers of a fraudulent content service that auto generates fake clicks to draw more money from advertisers, said Harmon. “Those kinds of scams are taking advantage of the cloud infrastructure,” said Harmon. “And those are the kinds of things we’d want to be wary of and police against.”
Earlier this week in Ottawa, Harmon spoke about fraud risks brought on by Web 2.0 technologies at the
Preventing Fraud in a Digital Age summit, an event put on by a group of government and law enforcement agencies, businesses and associations.
Harmon said the information end users reveal on public social networking accounts, although seemingly benign, can be just enough for fraudsters to figure out the password to that person’s account with other cloud services.
Brian O’Higgins, an Ottawa-based security consultant, thinks that raising education and awareness about fraud is the most important thing government agencies and security experts can do. But he said he hasn’t exactly noticed any particular initiative being very effective.
“Of course, a spectacular breach or fraud gets attention, and for the next three weeks or so people are more cautious,” said O’Higgins. “But the memory quickly fades.”
O’Higgins doesn’t expect many businesses and individuals will even realize March is Fraud Prevention Month. And if they do, they probably won’t even bother changing their behaviour to lessen the risks.
Despite that dismal outlook, O’Higgins does think there is opportunity for
Canada’s National Cyber Security Strategy, announced in 2010, to play a meaningful role by focusing, for instance, on outreach activities.
The goal of the strategy is to improve protection from cyber threats against individuals and businesses.
ITAC (Information Technology Association of Canada) took part in the strategy’s unveiling last year.
ITAC’s president and CEO, Bernard Courtois, said at the time that the strategy would up the ante on defending against cyber attacks, especially since more complex attack vectors are detected each year. “They are investing in their capabilities. We must respond by investing more in ours,” said Courtois. October is Cyber Security Awareness Month.
Harmon pointed out that the advent of information technology has provided a vehicle for fraudsters to deploy their scams that, today, have only been re-packaged to fit the digital world.
“They’re able to do it at scale. Think of the cybercriminal as an entrepreneur without any idea of social norms. And they’re just trying to exploit all this information,” said Harmon.
Follow Kathleen Lau on Twitter: @KathleenLau