This page contains a Flash digital edition of a book.
ASK AWAY TOP 5 CYBER SCAMS


AFTER A REVIEW OF OUR INTERNAL DATA SECURITY, WE HAVE NOTICED THAT EMPLOYEES ARE STILL RECEIVING AN ABUNDANCE OF E-MAILS THAT RESEMBLE ONLINE SCAMS. WITH THE AMOUNT OF SUSPICIOUS E-MAIL WE RECEIVE, WHAT ARE TODAY’S MOST COMMON INTERNET SCAMS WE SHOULD KNOW ABOUT?


In 2009, the Internet Fraud Complaint Center (IFCC) reported that more than $560 million had been lost to Internet scams and frauds. The IFCC celebrated its 10th anniversary in May 2010, and six months later the organization received its two millionth complaint. These statistics, along with the fact that there are more than two billion people connected to the Internet today, necessitate the need to educate people on the types of cyber scams we’re seeing in our labs on a daily basis. As such, here are the five most active cyber scams we see today: EMPLOYMENT SCAMS: Involve criminals who dupe their vic- tims into laundering money on their behalf. The victims, re- ferred to as “money-mules,” are unaware that the money or goods they are transferring are stolen. This scam targets people interested in making money while working from home, such as the retired, students and the unemployed. This scam can land a victim in legal trouble since their actions are criminal in most areas, whether they know it or not. ADVANCE FEE “NIGERIAN” FRAUD:The concept for this scam is to convince the victims they are going to receive a large amount of money in exchange for little or no effort on their part. It relies on escalation of commitment: once contact has been made, victims are asked to cover fictional fees to release money. This type of fraud was originally developed by university stu- dents who manipulated business investors interested in shady deals in the Nigerian oil sector. It can sometimes lead to dra- matic consequences. There have been documented cases of victims unable to cope with the losses and committing suicide, as well as cases where the victims have been lured to Nigeria or South Africa and kidnapped. PURCHASE FRAUD: The top two categories this type of scam falls into are auction and retail fraud and PayPal fraud. The former occurs when a buyer does not receive the items pur- chased or receives one that has much less value. It also occurs when a scammer uses fraudulent means to pay for merchan- dise. In the case of PayPal fraud, the perpetrators target auc- tions that allow them to personally collect merchandise from a seller that accepts PayPal as a means of payment, then con- test the transaction after the merchandise has been received. There have been cases of automated accounts that add posi- tive comments to increase a fraudulent seller’s reputation. FINANCIAL SCAMS: This works the same as 20th-century Ponzi schemes, such as the one popularized by Bernie Madoff. These schemes lure victims by promising unrealistically high returns on their initial investment. When new funds come in slower than what’s being passed out, the business model collapses. PHISHING:This is a way to acquire sensitive information, such as bank login details, social security numbers or credentials, by masquerading as a trustworthy person or business. This scam can quickly become a large problem that affects more than just the victim – damage can snowball when stolen cre- dentials are used in second-stage attacks.


Graham Bushkes is the vice president of sales, Canada for Fortinet, a worldwide provider of net- work security appliances and unified threat man- agement solutions.


WWW.SECURITYMATTERSMAG.COM VIRTUALIZATION ARE IT TEAMS READY FOR MISSION CRITICAL APPS?


Enterprise Windows servers have come a long way in the last decade. On top of that, virtualization technologies for Windows have made signifi- cant technology advances in the last five years. We have seen mission- critical applications and workloads that traditionally only ran on main- frames migrate to UNIX platforms, and then to LINUX platforms. Today, the combination of Windows Servers running on virtualization technolo- gies on x86 platforms is a cost-effective, convenient and readily available option for many enterprises to migrate existing mission-critical work- loads or for new green-ield applications. Virtual machines, both the host operating system (hypervisor) and


guest operating systems, typically operate at the most secure level (Ring 0), where they have easy accessibility to the hardware and networking layers. Additionally, there are functional capabilities like “hot” migration, which allow administrators to move live operating environments from one host to another. This also introduces elements of risk in a virtual- ized Windows environment. Organizations can reduce risk exposure with a few preventive con-


trols and some reporting and monitoring capabilities. One of the first key preventive measures is to secure the hypervisor with additional ac- cess control technologies that are above and beyond the native security capabilities of the virtualization technology and the operating system. Further, you can add preventive access control technologies to reduce threat vectors on the guest operating systems. Finally, it is important to use these preventive controls to produce the right level of audit de- tails that should be regularly monitored and reviewed for unusual ac- tivity, anomalies and adjustments. It is important to remember to add preventive and re-


porting controls at the application layer. When done, or- ganizations can deliver applications on a virtual Windows- based platform within acceptable risk parameters.


Tarun Khandelwal is a senior solution strategist for security solutions with CA Technologies in Canada.


PRIVACY VS. BETTER SERVICES


WHAT’S MORE PRIVACY PROTECTIVE: PAPER OR ELECTRONIC RECORDS?


First, let’s consider the volume of information collected on each of us. On paper, it would be a challenge to record, let alone access and search. Online, we leave traces of ourselves from the moment we sign on. Paper is held in disparate systems, while electronic data is stored in central- ized data centres where it is easier to aggregate and search without human intervention. When databases are networked, mistakes can be made on a scale that would be difficult with paper. A misplaced USB key can contain the records of thousands of people, whereas the same in paper would require hundreds of banker boxes and a truck. A nurse in the doctor’s office may peek at your file, but once it is on- line the potential “peekers” expand exponentially. Proximity is no longer a requirement for access for only an Internet connection is required to gaze into data that is not meant for other people’s viewing. Both paper and e-records can get lost, misfiled or stolen, and both


can be damaged and irretrievable. Records can get lost in the mail, and RIM can have outages. Do you trust Canada Post more or less than Rogers or Bell? Electronic systems are not value-neutral; they need our information to function and in turn they create more personal informa- tion about us. Do we have to give up privacy to have better services? In order to weigh the risk, we need to consider the actual benefit of electronic service delivery and the alternatives to investing in IT systems.


Tracy Ann Kosa is a doctoral candidate at UOIT in computer science. She can be reached at tracyann.kosa@uoit.ca.


FOLLOW US ON AND • SECURITY MATTERS 23


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28