Archive

Archive for the ‘financial crime and fraud’ Category

Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting

September 29, 2014 Comments off

Empirically Characterizing Domain Abuse and the Revenue Impact of Blacklisting (PDF)
Source: George Mason University Department of Computer Science

Using ground truth sales data for over 40K unlicensed prescription pharmaceuticals sites, we present an economic analysis of two aspects of domain abuse in the online counterfeit drug market. First, we characterize the nature of domains abused by affiliate spammers to monetize what is evidently an overwhelming demand for these drugs. We found that the most successful affiliates are agile in adapting to adversarial circumstances, and channel the full spectrum of domain abuse to advertise to customers. Second, we use contemporaneous blacklisting data to provide an economic analysis of the revenue impact of domain blacklisting, a technique whereby lists of “known bad” registered domains are distributed and used to filter email spam. We found that blacklisting rapidly and effectively limited per-domain sales. Nevertheless, blacklisted domains continued to monetize, likely as a result of high demand, non-universal use of blacklisting, and delay in deployment. Finally, our results suggest that increasing the number of domains discovered and using blacklists to block access to spam domains could undermine profitability more than further improving the speed with which domains are added to blacklists.

About these ads

Dialing Back Abuse on Phone Verified Accounts

September 26, 2014 Comments off

Dialing Back Abuse on Phone Verified Accounts (PDF)
Source: George Mason University

In the past decade the increase of for-profit cybercrime has given rise to an entire underground ecosystem supporting large-scale abuse, a facet of which encompasses the bulk registration of fraudulent accounts. In this paper, we present a 10 month longitudinal study of the underlying technical and financial capabilities of criminals who register phone verified accounts (PVA). To carry out our study, we purchase 4,695 Google PVA as well as pull a random sample of 300,000 Google PVA that Google disabled for abuse. We find that miscreants rampantly abuse free VOIP services to circumvent the intended cost of acquiring phone numbers, in effect undermining phone verification. Combined with short lived phone numbers from India and Indonesia that we suspect are tied to human verification farms, this confluence of factors correlates with a market-wide price drop of 30{40% for Google PVA until Google penalized verifications from frequently abused carriers. We distill our findings into a set of recommendations for any services performing phone verification as well as highlight open challenges related to PVA abuse moving forward.

Cyber-attacks: Effects on UK

September 23, 2014 Comments off

Cyber-attacks: Effects on UK
Source: Oxford Economics

The UK Centre for the Protection of National Infrastructure (CPNI) requested Oxford Economics to carry out a study of the impact of state-sponsored cyber-attacks on UK firms. The study consists of the elaboration of an economic framework for cyber-attacks, a survey of UK firms on cyber-attacks, an event study on the impact of cyber-attacks on stock market valuations, and a series of case studies illustrating the experience of several UK firms with cyber-attacks.

Free registration required.

New From the GAO

September 22, 2014 Comments off

New GAO Reports
Source: Government Accountability Office

1. Identity Theft: Additional Actions Could Help IRS Combat the Large, Evolving Threat of Refund Fraud. GAO-14-633,August 20.
http://www.gao.gov/products/GAO-14-633
Highlights – http://www.gao.gov/assets/670/665367.pdf
Podcast – http://www.gao.gov/multimedia/podcasts/665529

2. Oil and Gas Transportation: Department of Transportation Is Taking Actions to Address Rail Safety, but Additional Actions Are Needed to Improve Pipeline Safety. GAO-14-667, August 21.
http://www.gao.gov/products/GAO-14-667
Highlights – http://www.gao.gov/assets/670/665403.pdf
Podcast – http://www.gao.gov/multimedia/podcasts/665350

3. Patient Protection and Affordable Care Act: Procedures for Reporting Certain Financial Management Information Should Be Improved. GAO-14-697, September 22.
http://www.gao.gov/products/GAO-14-697
Highlights – http://www.gao.gov/assets/670/665984.pdf

4. Consumer Financial Protection Bureau: Some Privacy and Security Procedures for Data Collections Should Continue Being Enhanced. GAO-14-758, September 22.
http://www.gao.gov/products/GAO-14-758
Highlights – http://www.gao.gov/assets/670/666001.pdf

5. Bureau of Prisons: Management of New Prison Activations Can Be Improved. GAO-14-709, August 22.
http://www.gao.gov/products/GAO-14-709
Highlights – http://www.gao.gov/assets/670/665416.pdf

6. Army Corps of Engineers: The Corps Needs to Take Steps to Identify All Projects and Studies Eligible for Deauthorization. GAO-14-699, August 21.
http://www.gao.gov/products/GAO-14-699
Highlights – http://www.gao.gov/assets/670/665394.pdf

CRS — The Federal Trade Commission’s Regulation of Data Security Under Its Unfair or Deceptive Acts or Practices (UDAP) Authority (September 11, 2014)

September 18, 2014 Comments off

The Federal Trade Commission’s Regulation of Data Security Under Its Unfair or Deceptive Acts or Practices (UDAP) Authority (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

The Federal Trade Commission Act established the Federal Trade Commission (FTC or Commission) in 1914. The protection of consumers from anticompetitive, deceptive, or unfair business practices is at the core of the FTC’s mission. As part of that mission, the FTC has been at the forefront of the federal government’s efforts to protect sensitive consumer information from data breaches and regulate cybersecurity. As the number of data breaches has soared, so too have FTC investigations into lax data security practices. The FTC has not been delegated specific authority to regulate data security. Rather, the FTC has broad authority under Section 5 of the Federal Trade Commission Act (FTC Act) to prohibit unfair and deceptive acts or practices.

CRS — Health Care Fraud and Abuse Laws Affecting Medicare and Medicaid: An Overview (September 8, 2014)

September 15, 2014 Comments off

Health Care Fraud and Abuse Laws Affecting Medicare and Medicaid: An Overview (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

A number of federal statutes aim to combat fraud and abuse in federally funded health care programs such as Medicare and Medicaid. Using these statutes, the federal government has been able to recover billions of dollars lost due to fraudulent activities. This report provides an overview of some of the more commonly used federal statutes used to fight health care fraud and abuse and discusses some of the changes made to these statutes by the Patient Protection and Affordable Care Act (ACA).

Title XI of the Social Security Act contains Medicare and Medicaid program-related anti-fraud provisions, which impose civil penalties, criminal penalties, as well as exclusions from federal health care programs on persons who engage in certain types of misconduct. ACA amends these administrative sanctions and authorizes the imposition of several new civil monetary penalties and exclusions.

The Check is in the Mail: Monetization of Craigslist Buyer Scams

September 10, 2014 Comments off

The Check is in the Mail: Monetization of Craigslist Buyer Scams (PDF)
Source: George Mason University, Department of Computer Science

Nigerian or advance fee fraud scams continue to gain prevelance within the world of online classified advertisements. As law enforcement, user training, and website technologies improve to thwart known techniques, scammers continue to evolve their methods of targeting victims and monetizing their scam methods. As our understanding of the underground scammer community and their methods grows, we gain a greater insight about the critical points of disruption to interrupt the scammers ability to succeed. In this paper we extend on previous works about fake payment scams targeting Craigslist. To grow our understanding of scammer methods and how they monetize these scams, we utilize a data collection system posting ”honeypot advertisements” on Craigslist offering products for sale and interact with scammers gathering information on their payment methods. We then conduct an analysis of 75 days worth of data to better understand the scammer’s patterns, supporting agents, geolocations, and methods used to perpetuate fraudulent payments. Our analysis shows that 5 groups are responsible for over 50% of the scam payments received. These groups operate primarily out of Nigeria, but use the services of agents within the United States to facilitate the sending and receiving of payments and shipping of products to addresses both in Nigeria and the United States. This small number of scammer organizations combined with the necessity of support agents within the United States indicate areas for potential targeting and disruption of the key scammer groups.

Hat tip: ResearchBuzz

See also: Scambaiter: Understanding Targeted Nigerian Scams on Craigslist (PDF)

Follow

Get every new post delivered to your Inbox.

Join 929 other followers