Take the Fraud News Challenge! 7/18/17

In the world of online fraud, news moves quickly. Have you been staying on top of it? Time to test your knowledge! See if you can fill in the blanks below. When you’re done, check your answers. No cheating!

Fill in the Blanks

1. Aetna has launched a new security system for mobile and web apps that makes _____ optional.

2. In a successful phishing attack, hackers stole names, email addresses, and phone numbers from one of the world’s largest _____.

3. Officers raided the homes of three Taiwanese fraudsters, uncovering 1,300 _____.

4. A surprising security vulnerability in _____ may put thousands of people at risk of account takeover.

How Did You Do?

1. Aetna has launched a new security system for mobile and web apps that makes passwords optional.

It might seem as counterintuitive as putting a lock on a door but not requiring a key to use it…and yet that’s exactly what Aetna is doing. Their new machine learning security system doesn’t require the use of passwords at all. Instead, it monitors users’ interactions with their device and learns the user’s habits. The system then detects when the user seems to be doing something out of the ordinary – for example, accessing their device from a different country than they usually do.

Just last year, more than 3 billion passwords were stolen in data breaches and sold online. But unlike passwords, data on users’ habits can’t be breached and harvested on the dark web – not yet, at least!

2. In a successful phishing attack, hackers stole names, email addresses, and phone numbers from one of the world’s largest cryptocurrency exchanges.

Bithumb, a prominent Ethereum and bitcoin cryptocurrency exchange, recently suffered a devastating breach. Cybercriminals stole a database containing personal information for 31,800 employees. That’s 3% of the site’s customers.

How did it happen? Maybe not the way you think. Instead of trying to nab the database off the company’s internal network, the thieves stole the database off an employee’s personal computer.

3. Officers raided the homes of three Taiwanese fraudsters, uncovering 1,300 SIM cards.

Yes, SIM cards: that little chip you insert into your new cell phone when you’ve gotten fed up with your service provider and switched carriers. Here’s what happened. Taiwan’s Criminal Investigation Bureau arrested three people who were involved in an e-commerce fraud ring. The three established shell tech companies that they used to apply for business cellphone numbers. These scammers then charged fellow fraudsters a fee to use these numbers to receive verification codes and open new accounts on e-commerce sites.

When that was done, the three fraudsters applied to have these phone numbers changed so they could throw investigators off their trail. And it worked…but not for long.

4. A surprising security vulnerability in Myspace may put thousands of people at risk of account takeover.

You remember Myspace, right? Well, hopefully online fraudsters don’t. A security researcher has pointed out that a Myspace security flaw could leave users vulnerable to debilitating account takeover attacks.

It has to do with Myspace’s account recovery tool. When you try to recover your account, Myspace asks you to submit information to prove that you’re the account owner: your full name, email address, username, date of birth, and location. However, Myspace only verifies three of those fields: name, username, and date of birth. For most people, those three pieces of information are easily accessible via a quick Google search.

It’s unlikely that fraudsters would want to gain access to your old Myspace as an end unto itself. Nobody wants to see your top eight that badly. However, once they’ve taken over your Myspace account, they could use that as a springboard to commit other account takeovers.