March is Fraud Prevention Month
. The Competition Bureau
of Canada has been running a campaign every March since 2004 to raise awareness of the risks of fraud, especially now that information technology, such as cloud computing and social networking sites, has given traditional scams all-too-effective digital vector attacks, warns one expert.
While the fraud prevention educational campaign may assume a consumer perspective on the inherent risks, enterprise workers are still consumers working inside a business, exposed to the same risks and prone to the same behaviour, said Bill Harmon, associate general counsel with Microsoft Corp.’s digital crimes unit.
“You still have individuals working inside these businesses and they are still subject to receiving these advanced fee fraud scams or people asking for money,” said Harmon.
In particular, with cloud computing, cyber criminals can take advantage of the advertising channel to ship malicious code that can affect the PC of an unsuspecting end user, said Harmon. Fraudsters can also run scareware to trick end users into believing their machines are infected and convince them to pay fees for fake security software.
Click fraud is also a problem for subscribers of a fraudulent content service that auto generates fake clicks to draw more money from advertisers, said Harmon. “Those kinds of scams are taking advantage of the cloud infrastructure,” said Harmon. “And those are the kinds of things we’d want to be wary of and police against.”
Earlier this week in Ottawa, Harmon spoke about fraud risks brought on by Web 2.0 technologies at the Preventing Fraud in a Digital Age
summit, an event put on by a group of government and law enforcement agencies, businesses and associations.
Harmon said the information end users reveal on public social networking accounts, although seemingly benign, can be just enough for fraudsters to figure out the password to that person’s account with other cloud services.
Brian O’Higgins, an Ottawa-based security consultant, thinks that raising education and awareness about fraud is the most important thing government agencies and security experts can do. But he said he hasn’t exactly noticed any particular initiative being very effective.
“Of course, a spectacular breach or fraud gets attention, and for the next three weeks or so people are more cautious,” said O’Higgins. “But the memory quickly fades.”
O’Higgins doesn’t expect many businesses and individuals will even realize March is Fraud Prevention Month. And if they do, they probably won’t even bother changing their behaviour to lessen the risks.
Despite that dismal outlook, O’Higgins does think there is opportunity for Canada’s National Cyber Security Strategy
, announced in 2010, to play a meaningful role by focusing, for instance, on outreach activities.
The goal of the strategy is to improve protection from cyber threats against individuals and businesses. ITAC
(Information Technology Association of Canada) took part in the strategy’s unveiling last year.