- Email: [email protected]
UK-based alliance offers forensics support to small businesses
NEWS
Editorial office: Elsevier Ltd PO Box 150 Kidlington, Oxford OX5 1AS, United Kingdom Tel:+44 (0)1865 843695 Fax: +44 (0)1865 843971 E-mail: [email protected] Editor: Sarah Hilley Editorial Advisors: Peter Stephenson, US; Silvano Ongetta, Italy; Paul Sanderson, UK; Chris Amery, UK; Jan Eloff, South Africa; Hans Gliss, Germany; David Herson, UK; P. Kraaibeek, Germany; Wayne Madsen, Virginia, USA; Belden Menkus, Tennessee, USA; Bill Murray, Connecticut, USA; Donn B. Parker, California, USA; Peter Sommer, UK; Mark Tantam, UK; Peter Thingsted, Denmark; Hank Wolfe, New Zealand; Charles Cresson Wood, USA Bill J. Caelli, Australia Production/Design Controller: Colin Williams Permissions may be sought directly from Elsevier Global Rights Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, email: permissions@elsevier. com. You may also contact Global Rights directly through Elsevier’s home page (http:// www.elsevier.com), selecting first ‘Support & contact’, then ‘Copyright & permission’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (+1) (978) 7508400, fax: (+1) (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) (0) 20 7631 5555; fax: (+44) (0) 20 7631 5500. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal circulation within their institutions. Permission of the Publisher is required for resale or distribution outside the institution. Permission of the Publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the Publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the Publisher. Address permissions requests to: Elsevier Science Global Rights Department, at the mail, fax and e-mail addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02065 Printed by: Mayfield Press (Oxford) Limited
2
Computer Fraud & Security
British bank fraud victims to be denied right to report to police
V
ictims of bank fraud in the UK will no longer be able to report the crime directly to the police when new government plans get implemented.
The UK Government has proposed changes whereby account holders can only lodge a complaint to their bank if they are defrauded. It is then left up to the bank to inform the police. The police will no longer collate data on the amount of fraud taking place, but will rely on banks to supply them with the information. A spokeswoman for the Police Service in Northern Ireland said: “The Home Office has proposed changes which will be implemented in April 2007 which will mean only financial institutions will make complaints of financial crime to police. The customer will complain to the bank and the bank will report it to the police. Any customer reporting to police will be informed to advise their bank.” However, a spokesman for the UK Payments Association (APACs) told Computer Fraud & Security it is unlikely the Home Office proposals will take effect by April. Although he confirmed they are certain to go ahead. The plans are “at the discussion stage. It looks like it is unlikely to come into force in April. All parties agree to the happening.” He said ATM fraud or card not present victims should still report the crime to the police for the foreseeable future. APACs says around £1.2 million is lost to card fraudsters every day with one in three people being a victim. Bank customers are subjected to card cloning where their card is copied and used by criminals as well as card not present fraud, which is believed to be the most common scam in the UK. Some may consider the changes put too much trust on banks to self investigate frauds considering surveys reveal companies in the past have been slow to report crimes against them. The CSI/FBI 2006 survey showed only 25% of corporations and financial firms reported security compromises to law enforcement. Forty eight
percent of organizations were concerned about attracting negative publicity.
UK-based alliance offers forensics support to small businesses
A
membership-based organization has been set up to give affordable forensics support to small and mediumsized businesses, which seldom have the resources to cope with crime against them.
Simon Janes, former head of the Scotland Yard Hi-Tech Crime Unit, has established the Computer Forensic Alliance (CFA) to help small cybercrime and fraud victims. Many crimes against small businesses go unsolved or undetected, as they do not have the in-house expertise to investigate them. Often the police do not have enough resources to dedicate to small cases. Janes said: “Our senior personnel are dealing with workplace incidents on a daily basis. We encounter every manifestation of computer related incidents.” Companies pay an annual fee to get a range of support from expert investigators in the CFA. The fees range from £40 to £500 per year. Members get a range of offerings including forensic acquisition services, secure deletion of data, advice from experts, preliminary analysis and complete investigation. More information: www.computerforensicsalliance.com.
Bank virus makes screen pop up
A
number of Allied Irish Bank (AIB) customers have encountered a bogus registration screen when logging into their account online.
AIB has warned customers to not enter any details as the screen originates from a virus. It asks customers to enter their mobile phone number, Visa card number, full registration number and Personal Access Code (PAC). The bank warned on its website: “This is NOT an AIB screen, it is a fraudulent attempt to obtain your personal details.” February 2007
Editorial office: Elsevier Ltd PO Box 150 Kidlington, Oxford OX5 1AS, United Kingdom Tel:+44 (0)1865 843695 Fax: +44 (0)1865 843971 E-mail: [email protected] Editor: Sarah Hilley Editorial Advisors: Peter Stephenson, US; Silvano Ongetta, Italy; Paul Sanderson, UK; Chris Amery, UK; Jan Eloff, South Africa; Hans Gliss, Germany; David Herson, UK; P. Kraaibeek, Germany; Wayne Madsen, Virginia, USA; Belden Menkus, Tennessee, USA; Bill Murray, Connecticut, USA; Donn B. Parker, California, USA; Peter Sommer, UK; Mark Tantam, UK; Peter Thingsted, Denmark; Hank Wolfe, New Zealand; Charles Cresson Wood, USA Bill J. Caelli, Australia Production/Design Controller: Colin Williams Permissions may be sought directly from Elsevier Global Rights Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, email: permissions@elsevier. com. You may also contact Global Rights directly through Elsevier’s home page (http:// www.elsevier.com), selecting first ‘Support & contact’, then ‘Copyright & permission’. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (+1) (978) 7508400, fax: (+1) (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) (0) 20 7631 5555; fax: (+44) (0) 20 7631 5500. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal circulation within their institutions. Permission of the Publisher is required for resale or distribution outside the institution. Permission of the Publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the Publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the Publisher. Address permissions requests to: Elsevier Science Global Rights Department, at the mail, fax and e-mail addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer. 02065 Printed by: Mayfield Press (Oxford) Limited
2
Computer Fraud & Security
British bank fraud victims to be denied right to report to police
V
ictims of bank fraud in the UK will no longer be able to report the crime directly to the police when new government plans get implemented.
The UK Government has proposed changes whereby account holders can only lodge a complaint to their bank if they are defrauded. It is then left up to the bank to inform the police. The police will no longer collate data on the amount of fraud taking place, but will rely on banks to supply them with the information. A spokeswoman for the Police Service in Northern Ireland said: “The Home Office has proposed changes which will be implemented in April 2007 which will mean only financial institutions will make complaints of financial crime to police. The customer will complain to the bank and the bank will report it to the police. Any customer reporting to police will be informed to advise their bank.” However, a spokesman for the UK Payments Association (APACs) told Computer Fraud & Security it is unlikely the Home Office proposals will take effect by April. Although he confirmed they are certain to go ahead. The plans are “at the discussion stage. It looks like it is unlikely to come into force in April. All parties agree to the happening.” He said ATM fraud or card not present victims should still report the crime to the police for the foreseeable future. APACs says around £1.2 million is lost to card fraudsters every day with one in three people being a victim. Bank customers are subjected to card cloning where their card is copied and used by criminals as well as card not present fraud, which is believed to be the most common scam in the UK. Some may consider the changes put too much trust on banks to self investigate frauds considering surveys reveal companies in the past have been slow to report crimes against them. The CSI/FBI 2006 survey showed only 25% of corporations and financial firms reported security compromises to law enforcement. Forty eight
percent of organizations were concerned about attracting negative publicity.
UK-based alliance offers forensics support to small businesses
A
membership-based organization has been set up to give affordable forensics support to small and mediumsized businesses, which seldom have the resources to cope with crime against them.
Simon Janes, former head of the Scotland Yard Hi-Tech Crime Unit, has established the Computer Forensic Alliance (CFA) to help small cybercrime and fraud victims. Many crimes against small businesses go unsolved or undetected, as they do not have the in-house expertise to investigate them. Often the police do not have enough resources to dedicate to small cases. Janes said: “Our senior personnel are dealing with workplace incidents on a daily basis. We encounter every manifestation of computer related incidents.” Companies pay an annual fee to get a range of support from expert investigators in the CFA. The fees range from £40 to £500 per year. Members get a range of offerings including forensic acquisition services, secure deletion of data, advice from experts, preliminary analysis and complete investigation. More information: www.computerforensicsalliance.com.
Bank virus makes screen pop up
A
number of Allied Irish Bank (AIB) customers have encountered a bogus registration screen when logging into their account online.
AIB has warned customers to not enter any details as the screen originates from a virus. It asks customers to enter their mobile phone number, Visa card number, full registration number and Personal Access Code (PAC). The bank warned on its website: “This is NOT an AIB screen, it is a fraudulent attempt to obtain your personal details.” February 2007