7-Fold Rise in Mobile Fraud
It seems that as we spend more time using mobile devices, the fraudsters are following us as a new RSA Security report shows a massive rise in mobile fraud over the last 3 years.
Up Nearly 700%!
The latest quarterly report by fraud and risk intelligence experts at RSA Security shows that as the volume of mobile app transactions has risen by 200% since 2015, accordingly the growth rate for fraudulent transactions has increased to a massive 680%.
New Accounts and ‘Burner Phones’
One of the key trends at the heart of the rise in mobile fraud is the apparent rise of the use of fake new accounts and ‘burner / burn phones’ to commit fraud.
A burner / burn phone is a mobile phone handset that is acquired for temporary use, is usually prepaid / without a contract in order to retain the user’s anonymity, and can be discarded if necessary.
Alongside the burner phone, fraudsters are also known to use stolen identities to set up fake ‘money mule’ accounts, purely for the purpose of collecting the cash from their fraudulent activities.
The RSA report shows that new accounts and new devices have been used in this way in 32% of all the fraudulent transactions in the last quarter.
Phishing Still Top
The report shows that phishing is still the top fraudulent activity accounting for 48% of all fraud attacks in Q1 of 2018.
Trojan Malware & Payment Card Compromise
Other popular frauds involve the use of Trojan malware to steal financial credentials. This method was used in one in four fraud attacks in Q1 2018.
Also, using details from compromised cards is still a very common activity among fraudsters, and the RSA researchers who compiled the report claim to have recovered more than 3.1 million unique compromised cards and card details (which included verification numbers) on offer from online sources in Q1.
Mobile App Security
It is believed that poor security in mobile apps is allowing many criminals to hijack mobile applications and siphon off credentials and funds from many unwitting users.
What Does This Mean For Your Business?
These figures show that our increasing use of mobile devices and apps has opened the door to even more channels for fraudsters. There is clearly a responsibility among mobile app developers and those commissioning mobile apps to deliver their services to ensure that security is built-in from the ground up. This should mean making sure that all source code is secure and known bug-free, all data exchanged over app should be encrypted, caution should be exercised when using third-party libraries for code, and only authorised APIs should be used. Also, developers should be building-in high levels of authentication, using tamper-detection technologies, using tokens instead of device identifiers to identify a session, using the best cryptography practices e.g. store keys in secure containers, and conducting regular, thorough testing.
As users of mobile devices and apps, we also need to pay attention to our own levels of security. For example, we can take precautions to stop ourselves from falling victim to mobile fraud by using mobile security and antivirus scan apps, only using trusted apps / trusted app sources, uninstalling old apps and turning off connections when not using them, locking our phones when not in use, using 2-factor authentication, and using a VPN rather than just the free Wi-Fi when out and about.
Tech Tip – One Handed Keyboard On An iPhone
If you’ve struggled to use the keyboard on an iPhone and found it a little unwieldy, or had difficulty reaching across the entirety of the keyboard when you have only one hand free, here’s how to adjust the size and position of the keyboard in iOS 11 so you can use it with just one hand:
- Hold down the emoji / globe icon on the keyboard.
- Three small keyboard icons will appear.
- Selecting the one with an arrow pointing to the right will shift the keyboard to the right, and selecting the one pointing to the left will shift the keyboard to the left.
- To put the keyboard back to normal, tap the arrow in the blank space that’s created by the keyboard shift, or hold down the emoji icon again and select the ‘centre’ icon.
Handy Location Tracker
A peanut-shaped, hand-held, smart, long-range tracking device called LynQ has been launched that can tell you how far and in what direction your friends are, all without the need for a data connection, and without monthly fees.
Why?
As well as being used for outdoor activities to replace traditional maps and location methods, a ‘LynQ’ can be used as a safety device for tracking children or pets, for rescue workers, or for making sure dementia sufferers don’t wander too far. It can also be used as a fun / leisure device e.g. to find each other in festival crowds, or to keep track of each other when hiking or skiing.
How Does It Work?
Powered by a rechargeable power cell that can offer up to three days of battery life between charges, a LynQ can reportedly track other LynQ users from up to 3 miles (5km) away.
Being marketed as a kind of smart compass for the 21st century, the LynQ doesn’t need an app, phone or Wi-Fi network. Instead, it uses what is described as “a new approach to GPS”. This means that LynQ devices send their GPS coordinates directly to each other. The GPS data has a compression algorithm applied to it in order to make it possible to send that data more frequently and reliably.
2 To 12 People Can Use
LynQ allows 2 or more people (up to 12 can link up) to use a one-button control and simple digital interface to find each other. The display shows a simple display of distance and direction that changes accurately as you move towards or away from your target, and the single button allows you to switch between people you’re tracking.
The display turns off automatically when you let it go to hang by its clip, thus saving battery life, but the LynQ is always receiving the data.
Other Features
The device allows you to create a “home” location that linked devices can point toward. It also allows you to set a safe zone (a radius from your device) that will warn you if the other person leaves that safe zone. You can also send basic preset messages like “meet up” or “help.”
The price is $154 / £114.30 per pair (early bird), going up to $200 / £148.40.
What Does This Mean For Your Business?
This is another smart device that shows how a combination of technologies can be used to create something that can meet a real need and has multiple applications e.g. leisure, sport, safety, and even defence. For example, the Thai Ministry of Defence tested LynQ and found that it helped soldiers find each other much faster while radio silent, and helped them quickly get into formation for a search mission.
This could also represent another possible way to keep track of those in the care of others e.g. dementia sufferers being tracked by carers. Back in 2016 for example, a barcode tagging system for tracking elderly dementia sufferers was being tested in Tokyo, but the LynQ could provide an even simpler and more practical system.
Quite simply as a gadget, the LynQ appears to have multiple applications, thereby offering many opportunities to business and personal users. The fact that the LynQ requires no monthly fees, and doesn’t require a data connection will increase its appeal.
The hope is that the LynQ device is secure and that signals can’t be intercepted and used by criminals to track victims e.g. for attack or abduction. There are still widespread fears about the vulnerability of many smart / IoT devices to hacking, but the fact that LynQ doesn’t need a connection could make it safer.
Less Shop Visits Due To Digital. But More Spending.
British Retail Consortium (BRC) figures show that footfall in retail stores fell by 3.3% in April 2018 compared to last year, marking a further shift in consumer behaviour towards digital adoption.
Two Consecutive Months
The drop in footfall numbers for April was the second consecutive month where the trend away from visiting the physical high street could be observed, and in comparison to this time last year when footfall was on the up, it is seen by analysts as being significant.
Visiting Even Less – But Still Spending
The last time such a significant drop in footfall occurred (3.8%) was recorded was in 2009 when the UK was in recession and consumers were spending less as a result. Even compared to that, this year’s drop in the numbers of people visiting physical store locations is larger at 4.8%.
Despite the apparent fall in physical store visits, Barclays bank data shows that consumer spending is still on the increase.
What’s Happening?
Retail experts have noted a shift in consumer behaviour towards digital shop visits rather than physical ones, based on a number of benefits including flexibility (in what goods they purchase and when), product / service ranges available, convenience, digital innovations enhancing customer experiences, and a predisposition towards leisure rather than retail spend.
This changing consumer behaviour is forcing the retail industry to evolve and re-structure.
Increased Leisure Spending
One key trend that has been noted by analysts is the increase in leisure rather than retail spending by consumers. For example, a report by Deloitte based on the quarterly survey of more than 3,000 UK adults found that 2017 (last quarter) ended positively for the leisure sector, with consumer spending increasing in 7 out of 11 leisure categories compared to the previous year.
The areas that have shown an increase include experience-led activities, short break holidays, going to the gym, drinking in pubs and bars and attending live sporting events.
What Does This Mean For Your Business?
For retail businesses, these figures mean that the digital retail environment is posing many challenges, but the changes can also be embraced as part of a restructured strategy to remain competitive.
Many retailers understand that they now need to rebalance investment in physical and digital infrastructure, and change the way stores are used e.g. by adopting technology to engage people, and to make stores more like centres for experiences rather than just places for purchasing goods. This is particularly important for younger consumer groups.
Retailers can embrace technology as an opportunity to deliver more value to customers whether in store, at home or on the move. Retail commentators frequently talk about the importance of the need to create a seamless customer experience between online and offline, and to develop an omni-channel platform. Improving and optimising the current experience that retailers offer customers, and replicating these as effectively as possible across all channels could be the key to staying competitive in the evolving retail business environment.
Efail – Encryption Flaw
A German newspaper has released details of a security vulnerability, discovered by researchers at Munster University of Applied Sciences, in PGP (Pretty Good Privacy) data encryption.
What Is PGP?
PGP (Pretty Good Privacy) is an encryption program that is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and disk partitions, and to increase the security of e-mail communications. As well as being used to encrypt and decrypt email, PGP is also used to sign messages so that the receiver can verify both the identity of the sender and the integrity of the content. PGP works using a private key that is kept secret, and a public key that the sender and receiver share.
The technology is also known by the name of GPG (Gnu Privacy Guard or GnuPG), and is a compatible GPL-licensed alternative.
What’s The Flaw?
The flaw, which was first thought by some security experts to affected the core protocol of PGP (which would make all uses of the encryption method, including file encryption, vulnerable), is now believed to be related to any email programs that don’t check for decryption errors properly before following links in emails that include HTML code i.e. email programs that have been designed without appropriate safeguards.
‘Efail’ Attacks
The flaw leaves this system of encryption open to what have been called ‘efail’ attacks. This involves attackers trying to gain access to encrypted emails (for example by eavesdropping on network traffic), and compromising email accounts, email servers, backup systems or client computers. The idea is to reveal the plaintext of encrypted emails (in the OpenPGP and S/MIME standards).
This type of attack can be carried out by direct exfiltration, where vulnerabilities in Apple Mail, iOS Mail and Mozilla Thunderbird can be abused to directly exfiltrate the plaintext of encrypted emails, or by a CBC/CFB gadget. This is where vulnerabilities in the specification of OpenPGP and S/MIME are abused to exfiltrate the plaintext.
What Could Happen?
The main fear appears to be that the vulnerabilities could be used to decrypt stored, encrypted emails that have been sent in the past (if an attacker can gain access). It is thought that the vulnerabilities could also create a channel for sneaking personal data or commercial data and business secrets off devices as well as for decrypting messages.
What Does This Mean For Your Business?
It is frustrating for businesses to learn that the email programs they may be using, and a method of encryption, supposed to make things more secure, could actually be providin a route for criminals to steal data and secrets.
The advice from those familiar with the details of the flaw is that users of PGP email can disable HTML in their mail programs, thereby keeping them safe from attacks based on this particular vulnerability. Also, users can choose to decrypt emails with PGP decryption tools that are separate from email programs.
More detailed information and advice concerning the flaw can be found here: https://efail.de/#i-have
Police Face Recognition Software Flawed
Following an investigation by campaign group Big Brother Watch, the UK’s information Information Commissioner, Elizabeth Denham, has said that the Police could face legal action if concerns over accuracy and privacy with facial recognition systems are not addressed.
What Facial Recognition Systems?
A freedom of information request sent to every police force in the UK by Big Brother Watch shows that The Metropolitan Police used facial recognition at the Notting Hill carnival in 2016 and 2017, and at a Remembrance Sunday event, and South Wales Police used facial recognition technology between May 2017 and March 2018. Leicestershire Police also tested facial recognition in 2015.
What’s The Problem?
The two main concerns with the system (as identified by Big Brother Watch and the ICO) are that the facial recognition systems are not accurate in identifying the real criminals or suspects, and that the images of innocent people are being stored on ‘watch’ lists for up to a month, and this could potentially lead to false accusations or arrests.
How Do Facial Recognition Systems Work?
Facial recognition software typically works by using a scanned image of a person’s face (from the existing stock of police photos of mug shots from previous arrests), and then uses algorithms to measure ‘landmarks’ on the face e.g. the position of features and the shape of the eyes, nose and cheekbones. This data is used to make a digital template of a person’s face, which is then converted into a unique code.
High-powered cameras are then used to scan crowds. The cameras link to specialist software that can compare the camera image data to data stored in the police database (the digital template) to find a potential ‘match’. Possible matches are then flagged to officers, and these lists of possible matches are stored in the system for up to 30 days.
A real-time automated facial recognition (AFR) system, like the one the police use at events, incorporates facial recognition and ‘slow time’ static face search.
Inaccuracies
The systems used by the police so far have been criticised for simply not being accurate. For example, of the 2,685 “matches” made by the system used by South Wales Police between May 2017 and March 2018, 2,451 were false alarms.
Keeping Photos of Innocent People On Watch Lists
Big Brother Watch has been critical of the police keeping photos of innocent people that have ended up on lists of (false) possible matches, as selected by the software. Big Brother Watch has expressed concern that this could affect an individual’s right to a private life and freedom of expression, and could result in damaging false accusations and / or arrests.
The police have said that they don’t consider the ‘possible’ face selections as false positive matches because additional checks and balances are applied to them to confirm identification following system alerts.
The police have also stated that all alerts against watch lists are deleted after 30 days, and faces in the video stream that do not generate an alert are deleted immediately.
Criticisms
As well as accusations of inaccuracy and possibly infringing the rights of innocent people, the use of facial recognition systems by the police has also attracted criticism for not appearing to have a clear legal basis, oversight or governmental strategy, and for not delivering value for money in terms of the number of arrests made vs the cost of the systems.
What Does This Mean For Your Business?
It is worrying that there are clearly substantial inaccuracies in facial recognition systems, and that the images of innocent people could be sitting on police watch lists for some time, and could potentially result in wrongful arrests. The argument that ‘if you’ve done nothing wrong, you have nothing to fear’ simply doesn’t stand up if police are being given cold, hard computer information to say that a person is a suspect and should be questioned / arrested, no matter what the circumstances. That argument is also an abdication from a shared responsibility, which could lead to the green light being given to the erosion of rights without questions being asked. As people in many other countries would testify, rights relating to freedom and privacy should be valued, and when these rights are gone, it’s very difficult to get them back again.
The storing of facial images on computer systems is also a matter for security, particularly since they are regarded as ‘personal data’ under the new GDPR which comes into force this month.
There is, of course, an upside to the police being able to use these systems if it leads to the faster arrest of genuine criminals, and makes the country safer for all.
Despite the findings of a study from YouGov / GMX (August 2016) that showed that UK people still have a number of trust concerns about the use of biometrics for security, biometrics represents a good opportunity for businesses to stay one step ahead of cyber-criminals. Biometric authentication / verification systems are thought to be far more secure than password-based systems, which is the reason why banks and credit companies are now using them.
Facial recognition systems have value-adding, real-life business applications too. For example, last year, a ride-hailing service called Careem (similar to Uber but operating in more than fifty cities in the Middle East and North Africa) announced that it was adding facial recognition software to its driver app to help with customer safety.