Yet Another Reason Banks Should Call for the Mass Adoption of Peripheral Card Readers for Online Banking

European Banks:  29

American Banks: Zero

During the course of the past year, I have made a huge effort to point out that online banking (the way it is conducted now) is doomed for failure. (see related posts below)  I started with a series I called: "Online Banking is Weak Week."



Bottom line?  Online Banking MUST be done "outside" the browser space.  We've seen the ZeuS, Clampi, URLZone, BlackEnergy2 banking trojans, we've seen lawsuits filed by customers against banks accusing them of lax authentication procedures, we've see keylogging, man in the middle and man in the browser attacks, we've seen billions of phishing attempts, we've seen the head of the FBI swear off online banking, we've been told we need a "dedicated" machine for online banking.  We've seen Avivah state that nothing in the browser can be trusted, I can go on and on... and I will because...

OTP's (One Time Passwords) will be circumvented

by MITB attacks. (and real-time keylogging)

American banks go on and on with their belief they can protect the security of their customers by asking them to type data into boxes in a browser.  (European Banks are trending towards issuing card readers and almost 30 percent (see chart above) of European online banking customers use a card reader)



Either I don't get it or the banks don't.  I'm confident enough to say that if you were to go back through the PIN Debit blog over the past 18 months or so and look at everything I've posted regarding online banking, you will see that I'm not the one who doesn't get it.  (type "online banking security" into the custom search box for proof)

I'm not Nostradamus, but I can tell you this.  Banks would "prophet" from the eradication of "typing" and thus all the problems associated with with it. 

When Kaspersky Labs calls for the mass adoption of peripheral card readers and suggests that banks could be big drivers of this type of hardware, then banks might want to pay more attention.  On the horizon is a new dilemma for online banking security.  





Avivah Litan, distinguished analyst from Gartner Research points out that banks rely on "flash cookies" to identify legitimate users and that's about to change.  



Again...Why not use a common sense approach to authenticate legitimate users.  Take your "bank issued" card out of your purse/wallet and swipe it through a PCI certified PIN Entry Device designed for online commerce and securely enter your PIN.  What you have (card) and what you know (PIN) is entered into what the bank owns (the peripheral PED card reader)  





Adobe Flash Player Private Browsing May Force Change in Fraud Fight 





A report from Gartner highlights how the reliance on Flash cookies as an authentication mechanism by online banks may need to change with the release of Adobe Flash Player 10.1. Flash Player's "Private Browsing" feature will make it easier to clear Flash cookies, and e-commerce businesses will need to adjust, some say.

Banks Should Be Big Drivers

of this kind of hardware.  First

they need to admit that they're

in a losing battle with hackers

and must stop with the band-aid

responses to the real threats they face.

When the final version of Adobe Flash Player 10.1 hits desktops later this year, it will bring with it new functionality designed to allow users to automatically clear Flash cookies after a Web session. But while the feature may be lauded in the name of privacy, it may also force online banks to change how they fight fraud.

Flash cookies, also known as LSO (local shared objects), are used by many banks and e-commerce sites to identify legitimate users and block unauthorized or fraudulent access. In a report entitled, "Privacy Collides With Fraud Detection and Crumbles Flash Cookies," Gartner analyst Avivah Litan writes that the practice of using HTTP browser cookies for authentication gained steam roughly three years ago due to guidelines imposed by the Federal Financial Institutions Examination Council.



“Most banks responded by implementing stronger authentication that depended in large part on knowing that their online banking customer was logging in from a known PC,” Litan wrote.

“Upon entering a user ID to log into an online banking session, the bank Web server would check for the presence of this cookie…If the bank software could not find the cookie – for example because the user was logging in from a different PC – then the bank software would generally challenge the user with a series of questions that only the legitimate user could presumably answer.”

But a growing desire for privacy led users to delete their browser cookies more often, meaning banks had to find something else to rely on, the report noted. Enter Flash LSOs, which are “basically hidden from casual users who aren’t aware of them and don’t know how to delete them.”

Now that approach could be threatened as well, Litan told eWEEK...<<read more>>

Related articles by Zemanta

• Kaspersky Co-Founder Eugene Kaspersky Recommends using Peripheral Card Readers for ALL Internet Banking Users (pindebit.blogspot.com)


• Trust on Trial: Online Banking Industry Awaits Comerica/EMI Lawsuit on Phishing (pindebit.blogspot.com)


• Video: Phishing Big Problem with Online Banking in South Africa (pindebit.blogspot.com)


• Is Online Banking's "Perfect Storm" Brewing? (pindebit.blogspot.com)


• Shouldn't We Have Figured Out How to Authenticate an Online Banking Session with a PC Before Introducing Mobile Banking? (pindebit.blogspot.com)


• Phishers Ambush Military Credit Unions (pindebit.blogspot.com)


• Online Banking Is Convenient For Everyone, Including Hackers (pindebit.blogspot.com)


• Featured Post: Banking's BIG Dilemma: How to Stop Cyberheists via Customer PCs (pindebit.blogspot.com)


• Yet Another Reason Banks Should Call for the Mass Adoption of Peripheral Card Readers for Online Banking (pindebit.blogspot.com)

Tabnapping (New Phishing Technique)

Image via Wikipedia

From CNET Blog by Larry Magid

Mozilla's Aza Raskin (left) is warning about a new type of phishing attack called tabnabbing.

Unlike traditional phishing attacks which trick people into clicking on links that take them to bogus sites that look legitimate, tabnabbing doesn't require a user to click on a link. But it too can trick people into disclosing their usernames and passwords.

While you're visiting a Web page infected with malicious tabnabbing code, a tab in the background morphs into what appears to be a legitimate site like Gmail or a banking site. To the user it looks quite familiar and since it's not uncommon for people to have multiple tabs open at the same time, it's easy to assume that it really is the site you want to visit. When you click on it, you're not logged in, but that too can seem quite normal since many sites log you out automatically after a period of time. However, if you're a tabnabbing victim and try to log in to the site, you wind up giving your log-in credentials to the tabnabber.

Related articles by Zemanta

• Tabnapping Is a New Browser Security Threat (livescience.com)


• Tabnabbing: A New Type of Phishing Attack (downes.ca)


• TabNabbing: Phishing By Switching Background Tab Content (ajaxian.com)


• New Type of Phishing Attack Goes After Your Browser Tabs (mashable.com)


• The Tech Herald: Tabnapping! Quick call the fuzz! (boxofmeat.net)


• Tech Thursday - tabnabbing, clickjacking, framebusting and the price of pacman (developer.yahoo.net)


• Protect your browser from "tabnabbing" (tuaw.com)


• Researcher warns of browser 'tabnapping' (news.cnet.com)


• Likejacking & Tabnapping (schott.blogs.nytimes.com)


• Tabnabbing: Like phishing within browser (podcast) (news.cnet.com)

Phishers Ambush Military Credit Unions

Internet.com is reporting that "a number of bogus Web sites that appear to be the official pages of a pair of credit unions used by military personnel are actually phishing traps designed to steal soldiers' identities."



Phishing can be eliminated. What they are "phishing" for are online banking passwords and usernames. Get rid of the antiquated login process and start "really" getting serious about authentication.



Replicate the same trusted process to disperse cash "in real time" from an ATM and two-factor" authenticate the online banking session by having customers swipe their bank-issued card and enter their bank-issued PIN.  



Start doing that, and banks will eradicate the "phishing" problem...because there will be nothing left to phish phor.



The money banks spend "phighting" phishing can be spent providing their customers with a PCI 2.1 Certified PED resulting in the complete eradication of the threat posed.  (it would also provide an ROI to the issuing bank via interchange revenue derived from usage of the device for eCommerce purchases)



Whats the phake phishing site going to ask people to do? Swipe their card and Enter their PIN?  Worthless move.  It's instantly 3DES DUKPT encrypted inside the device and guess who "doesn't" have the encryption key? If you said the phisher you're right.  If you said the online banking customer you are also correct.  The way it's done now, the customer does have the information being phished phor.  



Translation: No more username/passwords.



Even the customer him/herself does NOT have the "information" the phishers are looking for so they cannot be "duped" into providing it.



Make sense?  When swiping the card and entering the PIN "outside the browser and inside the box" and there isn't "ANY phishable" information.





That's why Eugene Kaspersky of Kaspersky Labs last week called for "MASS adoption of peripheral card readers for ALL internet banking customers. (see top left...and click the top right sidebar graphic for the complete story)

May 28, 2010  By Larry Barrett

Phishers don't play favorites and their latest intended victims are the men and women in uniform.

As eSecurity Planet discovered, several clever phishing traps have popped up online in the past year with almost the exact same look and feel of a pair of popular credit unions primarily used by folks serving in the U.S. military.

Security software experts are warning customers of both USAA, an insurance and financial services firm, and the Navy Federal Credit Union to be especially vigilant before divulging their Social Security numbers, passwords, account numbers and other personally identifying information.

Symantec said this latest attack comes from Web sites hosted on servers in Taiwan and variants of this particular phishing URLs have been used to spoof other online brands as well.

---

U.S. Strategic Command officials are joining leading security software vendors in warning soldiers serving in the U.S. Army, Navy, Air Force and Marine Corps to be on high alert for a new phishing scam that targeting customers at a pair of credit unions catering to servicemen and their families.

Gen. Kevin P. Chilton, the STRATCOM commander, is warning soldiers and their families that bogus Web sites imitating both USAA, a popular insurance and financial services firm catering to military families, and the Navy Federal Credit Union have successfully stolen the personal and banking data of an unknown number of customers. 

Read the full story at eSecurity Planet: 

Phishing Scam Targets Military Credit Unions

Related articles by Zemanta

• Online Phishing Scams Get Personal, Experts Caution (pindebit.blogspot.com)


• Yet another phishing attack to be aware of. This one's sly and nasty. (thenextweb.com)


• Customer vs. Bank: Who is Liable for Fraud Losses? (pindebit.blogspot.com)


• Trust on Trial: Online Banking Industry Awaits Comerica/EMI Lawsuit on Phishing (pindebit.blogspot.com)


• New UK Cyber Team to Target Online Banking Fraudsters (pindebit.blogspot.com)

Phishers Ambush Military Credit Unions

Internet.com is reporting that "a number of bogus Web sites that appear to be the official pages of a pair of credit unions used by military personnel are actually phishing traps designed to steal soldiers' identities."



Phishing can be eliminated. What they are "phishing" for are online banking passwords and usernames. Get rid of the antiquated login process and start "really" getting serious about authentication.



Replicate the same trusted process to disperse cash "in real time" from an ATM and two-factor" authenticate the online banking session by having customers swipe their bank-issued card and enter their bank-issued PIN.  



Start doing that, and banks will eradicate the "phishing" problem...because there will be nothing left to phish phor.



The money banks spend "phighting" phishing can be spent providing their customers with a PCI 2.1 Certified PED resulting in the complete eradication of the threat posed.  (it would also provide an ROI to the issuing bank via interchange revenue derived from usage of the device for eCommerce purchases)



Whats the phake phishing site going to ask people to do? Swipe their card and Enter their PIN?  Worthless move.  It's instantly 3DES DUKPT encrypted inside the device and guess who "doesn't" have the encryption key? If you said the phisher you're right.  If you said the online banking customer you are also correct.  The way it's done now, the customer does have the information being phished phor.  



Translation: No more username/passwords.



Even the customer him/herself does NOT have the "information" the phishers are looking for so they cannot be "duped" into providing it.



Make sense?  When swiping the card and entering the PIN "outside the browser and inside the box" and there isn't "ANY phishable" information.





That's why Eugene Kaspersky of Kaspersky Labs last week called for "MASS adoption of peripheral card readers for ALL internet banking customers. (see top left...and click the top right sidebar graphic for the complete story)

May 28, 2010  By Larry Barrett

Phishers don't play favorites and their latest intended victims are the men and women in uniform.

As eSecurity Planet discovered, several clever phishing traps have popped up online in the past year with almost the exact same look and feel of a pair of popular credit unions primarily used by folks serving in the U.S. military.

Security software experts are warning customers of both USAA, an insurance and financial services firm, and the Navy Federal Credit Union to be especially vigilant before divulging their Social Security numbers, passwords, account numbers and other personally identifying information.

Symantec said this latest attack comes from Web sites hosted on servers in Taiwan and variants of this particular phishing URLs have been used to spoof other online brands as well.

---

U.S. Strategic Command officials are joining leading security software vendors in warning soldiers serving in the U.S. Army, Navy, Air Force and Marine Corps to be on high alert for a new phishing scam that targeting customers at a pair of credit unions catering to servicemen and their families.

Gen. Kevin P. Chilton, the STRATCOM commander, is warning soldiers and their families that bogus Web sites imitating both USAA, a popular insurance and financial services firm catering to military families, and the Navy Federal Credit Union have successfully stolen the personal and banking data of an unknown number of customers. 

Read the full story at eSecurity Planet: 

Phishing Scam Targets Military Credit Unions

Related articles by Zemanta

• Online Phishing Scams Get Personal, Experts Caution (pindebit.blogspot.com)


• Yet another phishing attack to be aware of. This one's sly and nasty. (thenextweb.com)


• Customer vs. Bank: Who is Liable for Fraud Losses? (pindebit.blogspot.com)


• Trust on Trial: Online Banking Industry Awaits Comerica/EMI Lawsuit on Phishing (pindebit.blogspot.com)


• New UK Cyber Team to Target Online Banking Fraudsters (pindebit.blogspot.com)

Online Phishing Scams Get Personal, Experts Caution

If we swiped vs. typed there would be nothing to phish phor...



We offer the only PCI 2.0 Certified PIN Entry Device

designed specifically for online banking authentication,

eCommerce and mCommerce use.  (USB & DTMF)

Online Phishing Scams Get Personal, Experts Caution (from Yahoo at 5-18-2010) In a new phishing trend, spammers are focusing on individualized attacks. Recipients may be deceived into thinking the message is from a friend, but these spammers want access to their credit card accounts. Phishing is a common scamming practice that involves emailing users under false pretenses with the aim of tricking them into revealing their private information. The emails feature the recipients' names in the subject lines, claim to have seen them at Starbucks, and ask them to click on... read more»

Online Phishing Scams Get Personal, Experts Caution

If we swiped vs. typed there would be nothing to phish phor...



We offer the only PCI 2.0 Certified PIN Entry Device

designed specifically for online banking authentication,

eCommerce and mCommerce use.  (USB & DTMF)

Online Phishing Scams Get Personal, Experts Caution (from Yahoo at 5-18-2010) In a new phishing trend, spammers are focusing on individualized attacks. Recipients may be deceived into thinking the message is from a friend, but these spammers want access to their credit card accounts. Phishing is a common scamming practice that involves emailing users under false pretenses with the aim of tricking them into revealing their private information. The emails feature the recipients' names in the subject lines, claim to have seen them at Starbucks, and ask them to click on... read more»

APWG Report Finds a Single Electronic Crime Syndicate Responsible for Most Phishing Attacks in Second Half of 2009

SAO PAULO, Brazil--(BUSINESS WIRE)--A single electronic crime syndicate employing advanced malware was responsible for two-thirds of all the phishing attacks detected in the second half of 2009 -- and was responsible for the overall increase in phishing attacks recorded across the Internet, according to a report released today by the Anti-Phishing Working Group (APWG).

“Avalanche's relentless activities led to the development of some very effective counter-measures.”

The report authors found that the Avalanche phishing gang was responsible for some 66 percent of all phishing attacks launched in 2H2009. Avalanche successfully targeted some 40 banks and online service providers, and vulnerable or non-responsive domain name registrars and registries.

"Avalanche's impact was unprecedented," said Greg Aaron, Director of Key Account Management and Domain Security at Afilias and co-author of the study. "This one criminal group was responsible for two-thirds of the world's phishing, and also combined it with sophisticated crimeware distribution. The losses by banks and individual Internet users were staggering."

"Avalanche" is the name given to the world's most prolific phishing gang, and to the infrastructure it uses to host phishing sites. This criminal enterprise perfected a system for deploying mass-produced phishing sites, and for distributing malware that gives the gang additional capabilities for theft.

Rod Rasmussen, founder and CTO of Internet Identity and co-author of the study, said, "Avalanche's relentless activities led to the development of some very effective counter-measures." Rasmussen explained, "The data shows that the anti-phishing community -- including the target institutions, security responders, and domain name registries and registrars -- got very good at identifying and shutting down Avalanche's attacks on a day-to-day basis. Further, a coordinated action against Avalanche's infrastructure in November has led to an ongoing, significant reduction in attacks through April 2010."

Aaron and Rasmussen are reporting their findings today at the APWG's fourth annual Counter eCrime Operations Summit, an international conference for industry and law enforcement professionals who respond to electronic crime and protect consumers and businesses from electronic crime.

http://www.antiphishing.org/events/2010_opSummit.html

The new report also contains analysis of other phishing trends. Key findings and highlights include:

• Phishing uptimes have dropped by a third since 2008. Uptimes are a vital measure of how damaging phishing attacks are, and the drop indicates the success of mitigation efforts.


• The amount of Internet domain names and numbers used for phishing has remained fairly steady over the past two-and-one-half years, a period in which the number of registered domain names in the world has grown.


• The great majority of phishing continued to be concentrated in certain name spaces -- just five top-level domains (TLDs).

The study is available at:

http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_2H2009.pdf

Start Swiping, Stop Typing and Phishing is Eliminated

About the APWG:

The APWG, founded in 2003 as the Anti-Phishing Working Group, is a global industry, law enforcement, and government coalition focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,800 companies, government agencies and NGOs participating in the APWG and more than 3,300 members. The APWG's Web site offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection. APWG's corporate sponsors are as follows:

AT&T(T), Able NV, Afilias Ltd., AhnLab, AVG Technologies, BillMeLater, BBN Technologies, Blue Coat, BlueStreak, BrandMail, BrandProtect, Bsecure Technologies, Check Point Software Technologies, Cisco (CSCO), Clear Search, Cloudmark, Cyveillance, DigiCert, DigitalEnvoy, DigitalResolve, Digital River, Easy Solutions, eBay/PayPal (EBAY), Entrust (ENTU), eEye, Fortinet, FraudWatch International, FrontPorch, F-Secure, Goodmail Systems, GeoTrust, GlobalSign, GoDaddy, Goodmail Systems, GuardID Systems, HomeAway, IronPort, HitachiJoHo, ING Bank, Iconix, Internet Identity, Internet Security Systems, Intuit, IOvation, IronPort, IS3, IT Matrix, Kaspersky Labs, Kindsight, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, Marshall8e6, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, MySpace (NWS), MyPW, MX Logic, NameProtect, National Australia Bank (ASX: NAB) Netcraft, NetStar, Network Solutions, NeuStar, Nominum, Panda Software, Phoenix Technologies Inc. (PTEC), Phishme.com, Phorm, Prevx, The Planet, SIDN, SalesForce, Radialpoint, RSA Security (EMC), RuleSpace, SecureBrain, Secure Computing (SCUR), S21sec, Sigaba, SoftForum, SOPHOS, SquareTrade, SurfControl, SunTrust, Symantec (SYMC), TDS Telecom, Telefonica (TEF), Trend Micro (TMIC), Tricerion, TriCipher, TrustedID, Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Wal-Mart (WMT), Websense Inc. (WBSN) and Yahoo! (YHOO).

Contacts

APWG

Peter Cassidy, 617-669-1123

pcassidy@antiphishing.org

http://www.antiphishing.org

or

Afilias

Heather D. Read, 215-706-5777

hread@afilias.info

http://www.afilias.info

or

Internet Identity

pr@internetidentity.com

253-590-4100

http://www.internetidentity.com

Permalink: http://www.businesswire.com/news/home/20100512005973/en/APWG-Report-Finds-Single-Electronic-Crime-Syndicate

APWG Report Finds a Single Electronic Crime Syndicate Responsible for Most Phishing Attacks in Second Half of 2009

SAO PAULO, Brazil--(BUSINESS WIRE)--A single electronic crime syndicate employing advanced malware was responsible for two-thirds of all the phishing attacks detected in the second half of 2009 -- and was responsible for the overall increase in phishing attacks recorded across the Internet, according to a report released today by the Anti-Phishing Working Group (APWG).

“Avalanche's relentless activities led to the development of some very effective counter-measures.”

The report authors found that the Avalanche phishing gang was responsible for some 66 percent of all phishing attacks launched in 2H2009. Avalanche successfully targeted some 40 banks and online service providers, and vulnerable or non-responsive domain name registrars and registries.

"Avalanche's impact was unprecedented," said Greg Aaron, Director of Key Account Management and Domain Security at Afilias and co-author of the study. "This one criminal group was responsible for two-thirds of the world's phishing, and also combined it with sophisticated crimeware distribution. The losses by banks and individual Internet users were staggering."

"Avalanche" is the name given to the world's most prolific phishing gang, and to the infrastructure it uses to host phishing sites. This criminal enterprise perfected a system for deploying mass-produced phishing sites, and for distributing malware that gives the gang additional capabilities for theft.

Rod Rasmussen, founder and CTO of Internet Identity and co-author of the study, said, "Avalanche's relentless activities led to the development of some very effective counter-measures." Rasmussen explained, "The data shows that the anti-phishing community -- including the target institutions, security responders, and domain name registries and registrars -- got very good at identifying and shutting down Avalanche's attacks on a day-to-day basis. Further, a coordinated action against Avalanche's infrastructure in November has led to an ongoing, significant reduction in attacks through April 2010."

Aaron and Rasmussen are reporting their findings today at the APWG's fourth annual Counter eCrime Operations Summit, an international conference for industry and law enforcement professionals who respond to electronic crime and protect consumers and businesses from electronic crime.

http://www.antiphishing.org/events/2010_opSummit.html

The new report also contains analysis of other phishing trends. Key findings and highlights include:

• Phishing uptimes have dropped by a third since 2008. Uptimes are a vital measure of how damaging phishing attacks are, and the drop indicates the success of mitigation efforts.


• The amount of Internet domain names and numbers used for phishing has remained fairly steady over the past two-and-one-half years, a period in which the number of registered domain names in the world has grown.


• The great majority of phishing continued to be concentrated in certain name spaces -- just five top-level domains (TLDs).

The study is available at:

http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_2H2009.pdf

Start Swiping, Stop Typing and Phishing is Eliminated

About the APWG:

The APWG, founded in 2003 as the Anti-Phishing Working Group, is a global industry, law enforcement, and government coalition focused on eliminating the identity theft and fraud that result from the growing problem of phishing, email spoofing, and crimeware. Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community and solutions providers. There are more than 1,800 companies, government agencies and NGOs participating in the APWG and more than 3,300 members. The APWG's Web site offers the public and industry information about phishing and email fraud, including identification and promotion of pragmatic technical solutions that provide immediate protection. APWG's corporate sponsors are as follows:

AT&T(T), Able NV, Afilias Ltd., AhnLab, AVG Technologies, BillMeLater, BBN Technologies, Blue Coat, BlueStreak, BrandMail, BrandProtect, Bsecure Technologies, Check Point Software Technologies, Cisco (CSCO), Clear Search, Cloudmark, Cyveillance, DigiCert, DigitalEnvoy, DigitalResolve, Digital River, Easy Solutions, eBay/PayPal (EBAY), Entrust (ENTU), eEye, Fortinet, FraudWatch International, FrontPorch, F-Secure, Goodmail Systems, GeoTrust, GlobalSign, GoDaddy, Goodmail Systems, GuardID Systems, HomeAway, IronPort, HitachiJoHo, ING Bank, Iconix, Internet Identity, Internet Security Systems, Intuit, IOvation, IronPort, IS3, IT Matrix, Kaspersky Labs, Kindsight, Lenos Software, LightSpeed Systems, MailFrontier, MailShell, MarkMonitor, Marshall8e6, McAfee (MFE), MasterCard, MessageLevel, Microsoft (MSFT), MicroWorld, Mirapoint, MySpace (NWS), MyPW, MX Logic, NameProtect, National Australia Bank (ASX: NAB) Netcraft, NetStar, Network Solutions, NeuStar, Nominum, Panda Software, Phoenix Technologies Inc. (PTEC), Phishme.com, Phorm, Prevx, The Planet, SIDN, SalesForce, Radialpoint, RSA Security (EMC), RuleSpace, SecureBrain, Secure Computing (SCUR), S21sec, Sigaba, SoftForum, SOPHOS, SquareTrade, SurfControl, SunTrust, Symantec (SYMC), TDS Telecom, Telefonica (TEF), Trend Micro (TMIC), Tricerion, TriCipher, TrustedID, Tumbleweed Communications (TMWD), Vasco (VDSI), VeriSign (VRSN), Visa, Wal-Mart (WMT), Websense Inc. (WBSN) and Yahoo! (YHOO).

Contacts

APWG

Peter Cassidy, 617-669-1123

pcassidy@antiphishing.org

http://www.antiphishing.org

or

Afilias

Heather D. Read, 215-706-5777

hread@afilias.info

http://www.afilias.info

or

Internet Identity

pr@internetidentity.com

253-590-4100

http://www.internetidentity.com

Permalink: http://www.businesswire.com/news/home/20100512005973/en/APWG-Report-Finds-Single-Electronic-Crime-Syndicate