Online Fraud – How Serious Is The Problem?

Cloud-Based Fraud

Cloud services have brought untold benefits to both personal users and businesses around the world, but with its success has come a darker side – as the cloud unquestionably helps criminals commit fraud and other illegal activities.

Why does it Happen?

The cloud’s key benefits, such as rapid elasticity, on-demand provisioning, high availability and competitive pricing, are all equally as appealing to cybercriminals as to ordinary users.

Cloud-Based Fraud – How Serious is the Problem?

Cloud services are easy to purchase, can be reasonably anonymous, and can be controlled from anywhere in the world. Jeff Spivey, International Vice President of ISACA (an independent, non-profit, global association that engages in the development, adoption and use of globally accepted information systems knowledge and practices) says, “All of the advantages of the cloud for enterprises are [also] the advantages for the bad guys”. Adding “It’s the anonymity and scale that’s attractive to the fraudsters”.

How does it Happen?

There are many different routes open to a cybercriminal. From phishing schemes and money-transfer scams to identity theft and Malware – each has its own dangers and requires its own prevention methods.

For a would-be criminal, the process is easy. Research suggests that stolen credit cards can be obtained on the black market for as little as one dollar. Once a criminal has a card it only takes a matter of minutes to sign up online and take control of their own server. The server will have been purchased using a stolen identity on a stolen card without physically talking to anyone from the service provider itself – it’s almost the perfect crime.

Raj Samani, Vice President and Chief Technology Officer of McAfee, also points out that despite the vast resources dedicated to protecting customer data by cloud providers, for a criminal it can still be easy to hack a legitimate customer account. “They use the VMs to use for their own fraudulent activities” says Raj. “Cybercriminals are now looking to Infrastructure as a Service to provide vast amounts of on-demand processing power to launch distributed-denial-of-service attacks”.

Banking Fraud in the Cloud

One of the most high profile fraud cases in recent years is that of ‘Operation High Roller’. An international criminal ring targeted wealthy people and commercial accounts across European banks, with McAfee estimating that anywhere between $75 million and $2.5 billion was stolen.

The entire fraud was conducted through the cloud. The combination of remote servers and the criminals’ intimate knowledge of banking transaction systems made it possible to automate the theft, rather than simply stealing user names and passwords and manually transferring money from a computer.

The fraud started with an email disguised to look like it came from the recipient’s bank. Clicking on a link in the message downloaded the malware that would later steal the information needed to perform fund transfers. Commenting on the attack, Dave Marcus, Director of Advanced Research and Threat Intelligence at McAfee, said “You can’t make a fraudulent transaction look like a valid transaction, if you don’t know what you’re doing, and these guys know what they’re doing”.

Detecting and Protecting

There is a fine line between balancing customer privacy concerns and preventing illegal activities. As result, cloud providers have spent huge sums on developing systems that monitor how customers use the service without monitoring the actual data. As soon as large scale fraud is detected the information is passed to the relevant authorities.

The difficultly for providers is not being over-zealous with their detection software. Customers who are regularly prevented from using the service the way they want because the provider wrongly assumes there is criminal activity will quickly get disenfranchised with the cloud and look to alternative methods of storage.

What do you think? Have you been a victim of cyber-fraud? Do you receive regular attempts to phish your details via email?

By Daniel Price

Sangeeta Chhabra

What Accountants Should Know About The Cloud

Cloud Accounting Cloud technology has been at the top of the charts of new-age technologies for a long time now. Almost every industry in the world has started realizing its capabilities and integrating cloud strategies ...
Ben Ferguson

7 Reasons Why You Should Consider Deploying SD-WAN Alongside Public Cloud Services

Why You Should Consider Deploying SD-WAN Software-defined WAN (SD-WAN) and public cloud IaaS services both offer powerful benefits to virtually any business. Many of these same businesses, however, are missing out on an incredible opportunity by ...
Aarti Parikh

What are the Capabilities of the AWS Serverless Platform?

AWS Serverless Platform AWS serverless compute services allow to build and deploy applications on AWS cloud without having to manage the servers. AWS serverless platform enables vendors to deploy cloud solutions without server provisioning, deploying, ...
Patrick Joggerst

Payments Companies Will Always See ROI on Embedded Real Time Communications

ROI on Embedded Real Time Communications Without secure, real time communications applications, the financial services industry could literally come to a standstill. While transactions are driven by data, the human voice and human messaging continues ...
Customers Will Recover From Downtime. But Will Your Business?

Customers Will Recover From Downtime. But Will Your Business?

Downtime Recovery Today’s society relies heavily on being connected to service providers. The ability of a business to transact or provide services online is now just as important as the products they offer, or the ...
Madhaven Krishnan

Steps To Achieve Hyper Productivity With Your Digital Apps Development

Achieve Hyper Productivity The mobile and cloud revolution in enterprise IT is well underway and is already causing never-before--seen changes in the way apps are developed, managed and transformed. The driving factors behind these changes ...