New identity theft and online fraud techniques

Authors of computer viruses and threats (including phishing scams) are looking for direct financial profit from cybercrime. For this reason, they are using more innovative and diversified techniques to, above all, steal usersí identities or obtain bank details to commit fraud.

In the first half of 2006, PandaLabs registered a 50 percent increase in identity theft and online fraud related activity. Whatís more, it detected new tricks that used phishing techniques but with different methods than those traditionally used.

An example emerged in June with the use of MySpace, the wide social networking website. In this case, the attack came in the form of a link included in a message received via instant messaging. This link accessed a website that spoofed MySpace and requested the username and password. As the website was a phony, these details were stored, and the authors of the scam gained access to the userís personal profile. Once they had discovered userís personal details, they used them to steal the userís identity and commit fraud, as if they were another person.

PandaLabs also recently detected a phishing scam that announced that the National Bank of Australia had gone bankrupt. It was sent via email and contained a link that accessed an official-looking page, which explained that the bank had gone bankrupt and that people were starting to panic, and advised clients to access their account to check that it was still active and in credit.

This link accessed a website that spoofed the identity of the bank and contained an exploit that ran the Haxdoor Trojan. This Trojan captured the user details for accessing the account, and from then on, the author was free to carry out transactions and similar operations.

After stealing usersí money, the phishers looked for victims to launder the money. They did this using false employment offers that promised significant income in a very short time. In most cases, these employment offers involved a large amount of money being paid into victimsí bank accounts, which they then had to transfer to accounts in other countries.

By doing this, without realising, the victim contributed to closing the cycle that the phisher had started when the first email was sent to obtain usersí personal details or banking details.

On other occasions, the data is sold on the ìblack marketî so that others use them to commit fraud, generating a double income: the first from selling the data and the second from the money stolen from these accounts.

Panda Software recommends all users to take precautions against this new cybercrime activity. It is extremely important to protect PCs with a good security suite and keep informed and updated about the new cybercrime techniques used in the Internet to avoid falling victim. You can do this by visiting www.cybercrimewatch.com, or subscribing to any of our security bulletins at www.pandasoftware.com/about/suscriptions.

To check if your PC is free from viruses and other threats, you can use the free online tool Panda ActiveScan, available at www.activescan.com.