Post on 11-Jul-2015
page 1R S A M O N T H LY F R A U D R E P O R T
F R A U D R E P O R T
MO’ MONEY MO’ PROBLEMS
March 2014
Ever since the Liberty Reserve takedown in May of last year and the confiscation of all
accounts by law enforcement, fraudsters have been busy finding a solid currency to
which they can entrust their spoils without the risk of losing them in a bust. The obvious
choices were Perfect Money and BitCoin, but both currencies carry inherent risk. Perfect
Money is of questionable background, while BitCoin does not provide fraudsters the
required level of anonymity and is not immune to seizure. These risks have pushed the
underground to adopt—or really create—unique currency systems to help protect the
financial security of its dwellers.
In a recent on-going investigation, RSA’s Fraud Intelligence agents have identified and
have been tracking the growing adoption of forum-specific currencies. These financial
platforms allow users to safely transact within their own community, under the
supervision of the forum administrator, avoiding the use of the more public currency
options such as Perfect Money and BitCoin. In some instances different forums shared
the same currency further widening the use and adoption of these platforms.
MUSD
The MUSD currency is used in a single underground board, and has been active since
November 2013. Forum members can use the currency to purchase items/services from
each other, as well as pay for advertising on the board itself. The currency provides a
built-in escrow-service and guarantees anonymity. The forum administrator vouches for
the currency system and is responsible for all its operations.
One can exchange funds to or from MUSD through exchange agents. Two verified
exchange agent services currently work with MUSD in this board, with one offering to
cash out MUSD for hard currency in person at an office in Kiev, Ukraine. Exchange rates
are linked to the US dollar and are set at 1 MUSD = $1 USD.
page 2R S A M O N T H LY F R A U D R E P O R T
UNITED PAYMENT SYSTEM
The United Payment System currency appears to be shared by four different Russian
language forums, with each forum designating its own sub-currency with the forum’s
initials. For example, DM RUR and MM RUR (DM and MM are initials of forum names, and
“RUR” indicates Russian Ruble). Each forum has its own official exchange agent, and
each exchange agent has an administrator. To make sure the exchange agent stays
“honest”, a senior forum member is appointed to supervise and review the activities of
the exchange agent. Funds can be added or cashed out via the exchange agents with
cash out options including refilling different pre-paid cards.
The interesting thing about this currency is that it is shared across a number of forums
allowing members from different forums to transact.
UAPS
UAPS has been in use for over a year and is used with two of the most powerful boards in
the Russian-language cybercrime community and in fact is referred to as the ‘First
Commercial Bank’ on one of them. Of the three currencies discussed here, it appears to
be the most advanced and secure option for fraudsters, with ongoing improvements and
upgrades being implemented by a dedicated software team. Adding funds and cashing
out is available directly from the UAPS system.
The system emphasizes maintaining end-user security and privacy, implementing a strict
data retention policy of just two months.
CONCLUSION
The advent of new private financial systems and currencies in the Russian-language
cybercrime community is a trend indicating a stronger level of collaboration, cooperation
and sophistication amongst individual fraudsters and between fraudster boards in the
cybercrime world.
These new internal currencies are carefully administered and secured, ensuring a high
level of anonymity in transaction and hiding the user identities, making it more difficult
for law enforcement to trace, block, or seize funds and accounts.
Figure 1
MUSD exchange rates
Figure 2
United Payment System icon
Figure 3
UAPS currency system login screen
page 3R S A M O N T H LY F R A U D R E P O R T
Phishing Attacks per Month
RSA identified 36,883 phishing attacks in
February, marking a 21% increase from
January’s attack numbers. This also
represents a 35% increase from the
number of attacks a year ago.
US Bank Types Attacked
Nationwide banks continued to be the
most targeted by phishing with 68% of total
volume in February, and credit unions saw a
sharp spike in attacks – jumping from 16%
to 27% compared to January.
Top Countries by Attack Volume
The U.S. remained the most targeted
country in February with an overwhelming
77% of total phishing volume, followed by
the UK, South Africa, the Netherlands, and
Canada.
36,883 Attacks
Credit Unions
Regional
National
77%
5%
4%
3%
South Africa
Netherlands
UK
U.S.
MARCH 2014Source: RSA Anti-Fraud Command Center
www.emc.com/rsa
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa
Top Countries by Attacked Brands
In February, nearly 40% of phishing
attacks were targeted at brands in the U.S.
and UK. Brands in India, Canada and
Australia were collectively targeted by
15% of total phishing volume.
Top Hosting Countries
The U.S. hosted 34% of global phishing
attacks in February, followed by Canada,
Germany, France and Brazil.
©2014 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC
Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective
holders. MAR RPT 0314
11%
U.S.
UK
27%
5% 4%6%
34%
GLOBAL PHISHING LOSSESFEBRUARY 2014