Internet scam-mongery to go ballistic: AusCert

Companies running online transactions will see their Web sites become the ugly new face of online fraud and identity theft, according to Graham Ingram, AusCert's general manager.

Speaking at the launch of the MessageLabs Fraud Protection Service in Sydney on Wednesday Ingram told bank IT security managers that the combination of burgeoning bandwidth and poor customer security will greatly increase the incidence of scams and attacks over the next five years.

"We are in a losing battle, but it's a battle we can't afford not to wage. [We can't afford to] turn away from the mums and dads," Ingram warned. Ingram reserved his strongest words to date for the recent mainstream uptake of broadband - presumably by mums and dads and their progeny. "In the US I understand they are up to 4Mbps on DSL modems. That's absolutely… that's a missile.

"I'm not trying to scare people. I'm just saying if we have the same level of security that we have now and start to stack on bandwidth, we are actually changing the dynamics," Ingram said, adding that denial of service attacks of such a previously unseen "enormous degree" would soon arrive.

With Australian Bankers' Association (ABA) representatives declining to attend the MessageLabs event, Internet Industry Association (IIA) chief executive Peter Coroneos made quick work of telling the pinstripe set to get real about fighting fake Web site scams and ID theft.

"I personally think the banks have not done enough in Australia. The IIA has approached all the banks. We've put an offer on the table to the banks. This is not just a banking issue it is much wider. It goes to the integrity of trust on the Internet. I am offering to do any joint initiative that they want to think of," Coroneos said.

Coroneos then gave an example of the lengths some bank customers felt they had to go to get their message across.

"Last year someone reported to our Web site that they were unable to lodge a complaint with the relevant authorities [about a phishing scam] - although they were watching an in-progress identity theft occurring. They had been the target of a phishing scam. They'd found the Web site in question and - breaking all Australian laws - hacked into the Web site.

"While they were on the phone to our portal manager, they said they were in the process of observing Australians going and typing in their password and log-in information. They said they saw six of these happen in the course of the conversation. We immediately referred them to the AHTCC, (the Australian High Tech Crime Centre), Alastair MacGibbon's outfit. Action was then taken. And then the banks moved quickly," Coroneos said.

Although present, Australian Hight Tech Crime Commission director Alastair MacGibbon refrained from responding to Coroneos' allegations. Under the usual caveat of anonymity, a senior bank IT security source present said that while Internet and on-line scams were definitely a problem, financial risks to banks and their customers had actually declined.

"It certainly exists, but it's a lot of hard work for an improbable return [for criminals]. Banks have to give customers the online services they demand in the manner they demand. There will always be scams. Compared to conventional card fraud and skimming… well it's [phishing] just not in the same league. But ID theft - any ID theft - is a real problem for us because merchants rely on those documents to authenticate a customer," the source said.

The new MessageLabs enterprise alert service is intended to process around 30 million e-mails per day in an effort to sniff out spam-based phishing scams, with a scanning refresh rate of 30 seconds. Targeted enterprises, should they sign up for the service, will then be contacted via SMS with technical details of the miscreant endeavour targeted at them.