Scottish industry and academia have joined forces to tackle the growing threat of online fraud and to stay one step ahead of the continuing battle against hackers who reputedly steal photographs and personal files.

The event, organised by the 83 member SFE this week, sponsored by Logica, saw key figures from Scotland’s finance sector hear Edinburgh Napier University researchers discuss the latest
e-Commerce security risks and new methods for fraud detection.
 
Napier's research focuses on detecting fraud where businesses use ‘pay-per-click’ advertising. The Office of Cyber Security & Information Assurance (OCSIA) estimates that this type of crime alone costs the UK over £1.4bn yearly, contributing to a total cost of cybercrime to UK businesses of over £21bn. 
 
Tony Kelly, Logica security consultant says: “Cybercrime is a threat to all Scottish businesses, not least the finance sector and their customers…. In the last week alone, we’ve seen news of security incidents in relation to Mitsubishi’s defence wing, NHS Kent, Spanish Police as well as Scarlett Johansson!
 
“Financial services remain the cornerstone of the Scottish economy and workshops like these support information sharing and promotion of best practice, as well as identifying the latest tools to protect the public who use their services.  This helps promote Scotland as a safe place to do business.”
 
The cyber security research at Edinburgh Napier has recently attracted further funding, including from the Financial Services Authority (FSA), to develop Proof-of-Concept which involves key collaborations with Scotland’s finance industry and key experts such as Logica, who provide an extensive range of software tools for fraud detection within online transactions.
 

Prof Bill Buchanan,  (right) Edinburgh Napier University adds: ““The finance sector is so important to theScottish economy and our work in new methods of detecting on-line fraud are key in getting Scottish companies at the forefront of the finance industry. An important part of our research is to listen to experts within the finance sector, and try and build systems which overcome these problems. Events such as this allow this conversation to happen, and keep Scotland at the centre of the information age.” 

"With increasing reliance on overseas business with exports, be it through e-commerce, the supply of food, drink or other luxury goods or engineering knowledge, ensuring that corporate information is safe is an absolute priority."

However, some banks  can be their own worst enemy. Bank of Scotland for example recently modifying its network, has changed its Bank Identifier Code, but  done nothing to notify customers of this. So that money being moved internationally between accounts is rejected, thanks to the use of an obsolete BIC number.

And a new defraud has emerged, happening to an Associated Press reporter who mistyped a message to "Verizonwireless.co" instead of .com and got a response "I am out of office right now on a my dream vacation and will get back to you when I return. If you don't hear from me, my assistant should contact you shortly. You should check this site out to see how I scored the best travel deal for my trip."

The link is to a site that advertises luxury resorts. The owner of verizonwireless.co makes money when someone clicks through to any of the resort sites. "Typo-squatters,"  goal is to make money from advertising, as people accidentally visit the sites after mistyping an address in their Web browser.

If more typo-squatting sites start auto-replying, it could be a problem for Internet mailing lists. If a participant mistypes his or her address when joining a mailing list, every message to the list could get a response from a typo-squatter.  

Tyler Moore, a fellow at Harvard University, and Benjamin Edelman, an assistant professor at the Harvard Business School, estimate last year that nearly 1m typo-squatting domains, like faceboop.com, gootle.com and wamlart.com shadow the top 3,264 dot-com sites. That's almost 300 typo sites for every legit one.

Unwanted out-of-office spam isn't the only reason to be careful about typing email addresses. A small security firm recently reported setting up 30 Web addresses, with names similar to those of major corporations, and saving every email that came in over six months. The firm, Godai Group, ended up with 120,000 emails, with contents that included trade secrets, network usernames and passwords