Cyber Monday Deal: Up to 60% off InvestingProCLAIM SALE

Social media - More hindrance than help in banks' cyber crime fight

Published 14/10/2014, 13:59
Social media - More hindrance than help in banks' cyber crime fight

By Steve Slater

LONDON (Reuters) - Banks are fighting an uphill battle to protect themselves and their client accounts from cyber attacks, and the sometimes careless use of social media by customers and staff isn't making the fight any easier.

British police and banks this week warned customers about the rise in criminals using social media to strike up a relationship and then try to get money from them.

Personal details from sites such as Facebook, Twitter and LinkedIn are also being used by fraudsters to scam customers, including to help in the increasingly common practice of "vishing", or voice phishing, industry sources said.

"Vishing" involves fraudsters calling and saying they are from the bank. They say there is a security problem, and ask the customer to call the emergency number on their bank card. But the fraudsters never hang up from the call -- in Britain they are able to stay on the line for 2 minutes -- and create a fake dial tone to convince the customer to provide account details or even transfer money to another account.

Britain's BBA banking lobby group estimates one in six customers could fall for this type of fraud, or 8 million people in the United Kingdom alone.

"The classic cyber crime doesn't involve extremely sophisticated technology, it involves finding a date of birth on social media," said Paul Clandillon, European practice leader for fraud and financial crime at IBM, at a recent conference on financial crime.

Revelations this month that hackers had obtained details of 83 million customers of JP Morgan -- one of the biggest data breaches in corporate history -- have shown how vulnerable banks remain, despite spending hundreds of millions of dollars a year on cyber defences.

That was a complex attack, but far simpler and more frequent frauds involve scammers using social media profiles to obtain a fuller picture of potential victims, bank industry sources and fraud investigators said.

Fraudsters can map out a bank's organisational chart via information on social media, or dig out customer information online. Often they don't need to look far -- when Barclays introduced debit cards with photos on them, for example, some customers posted photos of their new cards, including account details printed on them, on social sites.

THE WEAKEST LINK

"They (fraudsters) view the customer as the weakest link and they are convincing customers they are the bank. They have access to data in ways they never had before," Bruce Forbes, head of security investigations and digital forensics at Royal Bank of Scotland, said at last month's BBA conference.

Banks have long been the favourite target of cyber criminals -- although retailers, healthcare firms and others have also been hit -- with attacks including attempts to steal money, client data or confidential information about sensitive financial deals, or just trying to disrupt systems.

So-called hacktivists can break into financial systems to score political points while state-sponsored hackers can look to conduct industrial espionage or disrupt economic activity using banks as intermediate targets.

Cyber crime costs the global economy $445 billion (279.36 billion pound) a year and continues to grow, according to the Center for Strategic and International Studies (CSIS). These losses come from fraud, intellectual property theft and the mushrooming spending on cybersecurity itself.

Often hackers will not use data themselves, but parcel them up and sell them to other people to use, notably specialists who convert stolen passwords and identities into financial gains. Criminals can keep data for months or years before using it.

DEFENCE TOOL

Social media provides a double-edged sword for banks, however, and the industry is also using it to fight back.

"Social media helps the criminals pursue their trade, but it also leaves a digital footprint in evidence that provides opportunities for us," said Mark Rowley, assistant commissioner for specialist operations for London's Metropolitan Police.

Technology developed more than a decade ago to help casinos in Nevada detect collusion between players and dealers is among the tools being used by banks to hunt for networks of organised fraudsters, by hunting out associations between people on social media that were otherwise nearly impossible to find.

Facebook, LinkedIn and Google Earth are also being used by banks alongside more complex searches, involving trawling for data that does not show on regular search engines.

Such "unstructured data" includes not just social media but pictures and videos and other information, and accounts for more than 80 percent of all data available.

"Focusing on unstructured data is what will give us the edge (over criminals) to be able to identify the very complex and organised collusive rings," said IBM's Clandillon.

(Additional reporting by Eric Auchard; Editing by Mark Potter)

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.