Online payment processing firm CyberSource has released it 11th annual Online Fraud Report, which highlights shifts in global online sales and fraud management. Ecommerce Merchants See Drop In Fraud Rates This year’s survey of ecommerce merchants found that among U.S./Canadian merchants accepting international orders, 21 percent of their online orders came from abroad, up 17 percent from the year before and 8 percent in 2005. The steady growth is supported by progress in meeting the increased fraud challenge of international orders, with a 50 percent lower fraud rate and 30 percent lower or rejection rates. “We see this as a meaningful trend in eCommerce - real evidence of increasing globalization,” said Doug Schwegman, CyberSource’s Director, Customer and Market Intelligence. “We think the trend was driven in part by merchants’ needs to find new sources of revenue in a challenged economy, but also by merchants’ growing ability to manage fraud on international orders.” U.S./Canadian merchants say they saw fraud rates (accepted orders that turned out to be fraudulent) on international business drop 50% in 2009-from an average of 4% in 2008 to 2% in 2009 (this compares to 1.2% on orders with domestic origins). International orders that were rejected due to suspicion of fraud dropped 30% in 2009, from 10.9% to 7.7%. “These global numbers may be higher than their domestic equivalents, but clearly, more merchants now feel they have the controls in place to better control the risk,” said Schwegman. The report found 20 percent of U.S. and Canadian merchants that take orders from abroad stopped accepting orders from at least one country due to high fraud levels in 2009. Among that group, half cited Nigeria and 45 percent cited Ghana. Other countries high on the list included Indonesia and Malaysia (30% each), Iran, Pakistan, Romania and Russia (23% each), and China and Vietnam (20% each). The survey also highlighted areas of fraud in North America. Thirty-three percent of merchants said New York represented the highest risk of any U.S. or Canadian city when accepting domestic orders. Among Canadian cities, 4 percent of merchants said Montreal and Toronto each represented the highest risk of online fraud.

See the original post: 
Ecommerce Merchants See Drop In Fraud Rates

Computer scientists at Rutgers University have demonstrated how hackers could attack smartphones and use them to listen in on a meeting, track a users travels, or rapidly drain the battery without the owner being aware of what happened. Researchers Warn Of SmartPhone Security Threats “Smart phones are essentially becoming regular computers,” said Vinod Ganapathy, assistant professor of computer science in Rutgers’ School of Arts and Sciences. “They run the same class of operating systems as desktop and laptop computers, so they are just as vulnerable to attack by malicious software, or ‘malware.’” Ganapathy and computer science professor Liviu Iftode worked with three students to study malware known as “rootkits.” Unlike viruses, rootkits attack a computer’s operating system. They can only be detected from outside a corrupted operating system with a tool know as a virtual machine monitor, which can examine every system operation and data structure. Rootkit attacks on smartphones or upcoming tablet computers could be more devastating because smart phone owners tend to carry their phones with them all the time. This creates opportunities for potential attackers to eavesdrop, extract personal information from phone directories, or just pinpoint a user’s whereabouts by querying the phone’s Global Positioning System (GPS) receiver. Smartphones also have new ways for malware to enter the system, such as through a Bluetooth radio channel or via text message. In one test, the researchers showed how a rootkit could turn on a phone’s microphone without the owner knowing how it happened. In such a case, a hacker would send an invisible text to the infected phone telling it to place a call and turn on the microphone, such as when the phone’s owner is in a meeting and the attacker wants to eavesdrop. “What we’re doing today is raising a warning flag,” Iftode said. “We’re showing that people with general computer proficiency can create rootkit malware for smart phones. The next step is to work on defenses.” The researchers pointed out they did not assess how vulnerable specific types of smartphones are. They did their work on a phone used mainly by software developers versus commercial phone users. Working within a legitimate software development environment, they deliberately inserted rootkit malware into the phone to study its potential effects. They did not find a vulnerability that a real malware attacker would have to exploit.

See the original post:
Researchers Warn Of SmartPhone Security Threats

Online criminals are having greater success with increased technical sophistication affecting a wider range of industries, according to a new report by Cyveillance. Cybercriminal Attacks Becoming More Targeted “Cyber criminals are focusing their efforts on developing more sophisticated and targeted attacks rather than using a far reaching blanket approach, in order to reap greater financial rewards,” said Panos Anastassiadis, chief operating officer of Cyveillance . “From emails to social networks, online criminals have increasingly more information at their disposal and a growing array of attack vectors to appear credible and go undetected. Organizations must be more vigilant in proactively protecting themselves and cannot rely solely on traditional security measures to keep their infrastructure and sensitive information safe.” While banks and credit unions continue to be the top targets of phishers, governments and the technology and energy industries are now seeing growing number of attacks. During the second half of 2009, 399 brands were first-time targets of phishing attacks, nearly double the amount of first-time targets than in the first half of this year. Averaging over 36,000 confirmed, unique attacks per month in the same period of 2009, phishing attacks continue to succeed despite added security measures and consumer education. The United States hosted 35 percent of all phishing attacks for the second half of 2009, over 4 times as much as the closest country, Netherlands, hosting 8 percent of all attacks.

Originally posted here:
Cybercriminal Attacks Becoming More Targeted

Young U.S. Internet users are not receiving enough education about being safe online, according to a new poll by the National Cyber Security Alliance (NCSA) and supported by Microsoft. U.S. Schools Fall Short On Cybersecurity Education More than three quarters of teachers have spent fewer than six hours on education related to cyberethics, cybersafety, and cybersecurity in the last 12 months; more than 50% of teachers reported their school districts do not require these subjects as curriculum; and only 35% taught proper online conduct. Key highlights of the survey include: *More than 90% of technology coordinators school administrators and teachers support teaching cyberethics, cybersafety and cybersecurity in schools. However, only 35% of teachers and just over half of school administrators report that their school districts require cyberethics, cybersafety, and cybersecurity in their curriculum. *Low levels of integration of key cyberethics, cybersecurity, and cybersafety topics into everyday instructional activities. For example, only 27% of teachers taught about the safe use of social networks, only 18% taught about scams, fraud and social engineering, and only 19% taught about safe passwords in the past 12 months. Additionally, 32% of teachers indicated they had not taught cyberethics, and 44% of teachers had not taught cybersafety or cybersecurity. *Differing opinions between teachers and administrators as to who is or should be responsible (parents vs. teachers) for educating students about cyberethics, cybersafety, and cybersecurity. For example, while 72% of teachers indicated that parents bear the primary responsibility for teaching these topics, 51% of school administrators indicate that teachers are responsible. “The study illuminates that there is no cohesive effort to provide young people the education they need to safely and securely navigate the digital age and prepare them as digital citizens and employees,” said Michael Kaiser, Executive Director of the National Cyber Security Alliance . “Unfortunately, we are not meeting the needs of schools, teachers, or students. The survey also found schools rely on shielding students instead of teaching behaviors for safe and secure Internet use. More than 90 percent of schools have built up digital defenses, such as filtering and blocking social networking sites, to protect children on school networks. Those measures may help reduce the online risks children face at school, they do not prepare students to act more safely when accessing the Internet at home or on mobile devices.

View original here:
U.S. Schools Fall Short On Cybersecurity Education

A New York man has pleaded guilty in U.S. District Court in Alexandria, Virginia, to criminal copyright infringement for selling more than $250,000 worth of pirated copies of popular business, engineering and graphic design software programs. According to court documents, Robert Cimino, 59, of Syracuse, N.Y., advertised the sale of discounted popular software programs on a number of Internet advertising forums, operating under the business name “SoftwareSuite.” Customers would contact Cimino by email and would usually buy the products using PayPal. Cimino would mail them pirated copies of Adobe, Autodesk, Intuit and Quark programs he had burned to CD or DVD to the customers. Cimino admitted that from February 2006 to September 2009, he received at least $270,035 from his sales of infringing software products. Cimino is scheduled to be sentenced by U.S. District Judge Anthony J. Trenga on May 28, 2010. Cimino faces a maximum sentence of five years in prison, three years of supervised release, a $250,000 fine, restitution and forfeiture.

More: 
NY Mans Pleads Guilty To Selling Pirated Software Online

People who chose not to use Google’s newest social experiment, Google Buzz, now have one more reason to congratulate themselves on the decision. That means folks who are giving Google Buzz a try may want to be careful, though, as spammers are also testing the figurative water. Spammers Make Situation Iffier For Google Buzz Websense wrote in a blog post, “Today we saw the first spam using Google Buzz to spread a message about smoking . . . . The spammer is already following 237 people, and we can only imagine that he or she has sent similar messages to all of them. This particular message leads to a site hosted on a free Web hosting service talking about how to quit smoking.” That’s not good for all the traditional reasons people don’t like spam, of course. Then there’s a more specific way in which this could pose a problem for Google. Given that Google Buzz was already struggling on the PR front (all sorts of privacy issues cropped up since Google sort of sprung the feature on Gmail users without their permission), spammers could do its reputation serious harm. Think of it this way: a cool new technology with some bugs might be found acceptable . . . a new way for spammers to reach people doesn’t stand much of a chance. Google’s very much in damage control mode at the moment, so we’ll give this a while to see how things shake out.

See the original post here:
Spammers Make Situation Iffier For Google Buzz