Battling Cyber Crime collectively

Cyber Crime or the threat of Cyber based intrusions into your business or home life is dramatically increasing while getting increasingly more subtle and AIME Members have already fallen victim to cyber crime that has cost the industry c.£20 million in the last year alone.

As consumers access to the internet increases through better connectivity on home PC’s and frequency of access increases through the use of mobile devices (60% of mobile users are now smartphone enabled), the penetration possibilities of cyber crime increase. All AIME Members either operate with consumer services that are accessed via the internet, or have internet connectivity themselves for their business.

Do not think that you are impervious to Cyber crime. Here are two examples at both ends of the spectrum:

1. A major High St. Bank knew that its account holders accounts were being compromised by lack of appropriate PC security (through spyware) and introduced a mobile phone check for their accounts when a new payee was being set-up by an account holder. The bank started to receive reports of accounts being drained when the subscribers had gone away on holiday. It appeared that the spyware detected the keystrokes to log in to the bank, the booking for holidays and the login for the mobile account management. The cyber crims using this data when the subscriber had left on holiday, called the mobile network, went through the usual security checks and asked that all calls to be transferred to another number as “the phone had been left at home”. Then they logged into the bank account, set up a new payee, went through the phone based authentication (which they could do due to the divert) and drained the account.  The consumers of course blamed the bank and the mobile network, but not their lack of PC security.

2.  The dominance of Android and the openness of the operating system has enabled the development of Trojans (software the comes into the mobile device under the guise of another software item that the consumer wanted). Trojans usually come via sites that offer software that would otherwise be unavailable or charged on the proper App store, but some have been known to come pre-loaded to the handset. A majority of handsets do not have antivirus software despite the wide availability of free basic protection or low cost protection. One Trojan caught recently in the UK is “chargeware” that can sit underneath images delivered to the handset from an app and take the consumers “clicks” on the images to feed them to affiliate advertising and premium SMS services, mimicking human behaviour but costing the  consumer and the advertiser significant amounts of money.

AIME Exec has embarked  on investigative work to ascertain where the large threats to Members lie and what we can do as a collective body to reduce these threats. We have initiated three programmes:

1. AIME Digital Marketing Working Group is looking at the area of safe Digital Marketing and covers affiliate publishers misleading practices as well as Malware threats. A Code of Practice for advertisers is being developed by AIME members that will be discussed soon with PhonepayPlus. The AIME website will have a facility for Members and other bodies to report threats to Members advertising. The information will then be shared with other Members, EU counterparts and CISP (see below).

2. CISP (www.cisp.org.uk) is a UK Government initiative that AIME will join and will sponsor individual Members to join. It is (Cyber Security Information Sharing Partnership) an information sharing collective, hosted by the Cabinet Office and run in partnership between UK Government and UK Industries. By contributing information and receiving information on all sorts of threats, from major hack attacks on large corporations to Android malware, the heightened situation awareness will help Members to reduce their exposure to this form of crime.

3. Cyber Street Wise (www.cyberstreetwise). This is a Home Office and Business Innovation and Skills initiative that is aimed at consumers and heightens their awareness of the risks they can take in their on-line world, including mobile. AIME would like all consumer facing Members to provide web site links to this initiative and discuss this also with consumers when they report issues with premium rate or Charge to Mobile services. We are also discussing with PhonepayPlus, adding elements to their call centre script that discusses antivirus software with their callers.

AIME will update this discussion with progress on the initiatives, but in the interim, please access CISP and CyberStreetWise and encourage your organisations to join in.