Cybercrime and Phishing Scams Sweeping China

A wave of cybercrime has swept across China this past week, triggering the Chinese government to mount a counter campaign. Whilst the criminals attempt to steal online banking details, the government has sought expert advice on how to combat the issue. One of the key results, is that phishing sites will now appear below those of legitimate banks in search results.

The personal details of over 45 million Chinese people (almost 10% of China’s online population) were stolen during wave of attacks. China’s Ministry of Industry and Information is investigating the crimes, and has said "The department believes the recent leak of user information is a serious infringement of the rights of internet users and threatens internet safety". The phishing scams work by impersonating a legitimate bank (or similar), and sending messages directing people to the fake sites. Once people visit the fake sites, their login details are taken, and then used by the criminals to steal money from the account.

The way in which the Chinese government fought back was to employ SEO (search engine optimisation) tactics; that is to say ensuring what results users get from searching particular terms online. The Chinese government has managed to get the 10 biggest search engines in China on board the anti-phishing campaign. Furthermore, some of the Chinese search engines are going to introduce an icon, confirming the legitimacy of a site. These two techniques combined should reduce the number of people being tricked and scammed.

Phishing scams are common globally, and are relatively easy to avoid if you follow these simple tips:

-        Beware email messages!!

Look out for emails that claim to be from companies asking you to click-through to update your details or rectify a problem with your account. If you’re unsure about the authenticity of an email, don’t open it and contact the company it claims to be from.

-        Keep an eye on your accounts

Be vigilant for any transactions you don’t recognise. Contact your bank or credit card provider to query a transaction if it looks unfamiliar. You should also contact your bank or credit card provider if your statements fail to arrive. They may have been redirected by a fraudster.

-        Avoid attachments!

Genuine banks will never send emails with attachments.

-        View an example

There is a good example of what a phishing email might look like, with annotations of things to look out for on the Lloyds TSB site.

Up to date information, tips and more can be found on online blogs such as http://fightbankfraud.blogspot.com/

No More Mr Nice Guy?

Security analysts believe the US should clarify the repercussions of cyberattacks following sustained hacks from China.  It is also believed that the Chinese attacks are carried out by as few as 12 groups directed, for the most part, by the Chinese government. During the cyberattacks, the Chinese groups have stolen billions of dollars' worth of intellectual property and information from US companies and government agencies, according to online security experts.

Thanks to advances in technologies and increasing knowledge amongst experts, more cybercriminals are being identified by their ‘digital fingerprint’. The distinguishing characteristics of each attack is monitored by US experts enabling them to link individuals to particular groups of hackers, and sometimes where they are, or who they are. These techniques have, according to US security experts, shown an intensifying pattern. This escalating issue has sparked the recent concern amongst industry experts. As James Cartwright, a retired Marine general and former vice chairman of the Joint Chiefs of Staff puts it, "If you want to attack me you can do it all you want, because I can't do anything about it. It's risk free, and you're willing to take almost any risk to come after me."

The problems the US has in confronting the issue are the same as any other country has: firstly it is very hard to prove exactly who carried out the attack, and secondly both countries must have mutual agreements on such a situation. Mr Cartwright went on to say that the US "needs to say, 'if you come after me, I'm going to find you, I'm going to do something about it.' It will be proportional, but I'm going to do something ... and if you're hiding in a third country, I'm going to tell that country you're there, if they don't stop you from doing it, I'm going to come and get you."

The question is, how should the US proceed? Due to the nature of what is being stolen, the response is pretty much unanimous from  US government campaigners: a clear and firm message must be sent to those breaking the law. Online security specialist, Tero Pollanen, agrees Cartwright that "the US needs a clear policy on dealing with cyber attacks, and the countries through which the attacks are routed. This way, when an attck is apparent, the US can request the country to stop the attack. If the request is refused, the US then has the right to stop the computer server from sending the attack. "

The problem is, he goes on, "there is no international police force. Enforcing laws in another territory is always going to be tricky to manage."

This article is by Tero Pollanen; an online security and fraud prevention specialist. For the latest online security and financial news, tips and more, check out his blog: http://tero-pollanen.blogspot.com/