Scams promising work-at-home opportunities disguise money mule operations to translate the glut of stolen identities into cash, says Cisco's annual security report.
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010
What's in store for information security attacks this year? Expect more viruses, malware, spam, and phishing attacks, of course. But in a twist, also expect cybercriminals to devote more time and energy to translating stolen financial information into cash.
So says the "Cisco 2010 Annual Security Report," released on Thursday, which predicts that "the real focus of cybercriminal investment for 2011... will be on improving the success and expanding the number of cash-out services."
The problem for today's online criminals is that they have many more stolen account credentials than they can translate into profit. "Currently, the ratio of stolen account credentials to available mule capacity could be as high as 10,000 to 1," said Cisco senior security researcher Mary Landesman. On forums devoted to selling such information, "there's such a glut of stolen credit cards that they don't even fetch that much."
The barrier is simple: "cash-out" operations are labor-intensive and risky, and may result in arrest. To lower the risk to themselves, cybercriminals often farm out this part to money mules -- teams of criminals who use fake ATM or credit cards loaded with stolen account credentials. Money mules typically withdraw money from a different country than the one in which the target account is located, and outside the other country's banking hours. Criminals' goal is to maximize their haul before financial service organization's fraud departments get suspicious, block withdrawals, or alert law enforcement.
Increasingly, however, these money laundering operations are being built on scams that target unemployed or underemployed people, Landesman said. "Whereas a couple of years ago, money mules tended to be meth addicts or people addicted to drugs who didn't mind taking these risks, today, money mules tend to be people who are just victims."
Such scams increasingly pose as "work at home" opportunities where people's "job" involves receiving shipments of items, repackaging them, and shipping them out of the country. In reality, however, the goods have been ordered by criminals using stolen or fraudulent credentials, as a way to launder their money.
"When you're desperate to put food on the table, you might not look too closely at exactly what you're being asked to do," said Landesman.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.