Sunday, October 5, 2014

JPMorgan Chase Hack Could Fuel Years of Fraud, Cybercrime Researchers Warn



JPMorgan Chase Hack Could Fuel Years of Fraud, Cybercrime Researchers Warn
(Mike Segar/Reuters/Landov)
Friday, 03 Oct 2014 05:08 PM
http://www.newsmax.com/Finance/JPMorgan-Chase-Hackers-Fraud-Security/2014/10/03/id/598547/
The 83 million customer records that hackers stole from JPMorgan Chase & Co. could fuel years of fraud, as criminals use the information to "phish" for customer passwords and ferret out other accounts that consumers may have, cybercrime researchers said.

The No. 1 U.S. bank by assets said on Thursday in a regulatory filing that customer names, addresses, phone numbers and email addresses were taken in the attack that the bank said surfaced in August. It added that it was continuing to investigate the matter and that customers would not be liable for any unauthorized transactions that were promptly reported to the bank.

The bank said it has not seen any rise in fraud in the wake of the discoveries, but security researchers said the information that hackers stole, such as addresses, tends to change relatively slowly, which gives criminals a long time to use it.

Their first step will likely be to use the information to send emails to customers purporting to be from JPMorgan Chase. Links embedded in those emails could be used to con customers out of their passwords, a practice known as "phishing."

"Hackers might send out emails saying 'Your JPMorgan Chase account has been breached, please log into our portal and enter your information,'" said Alex Holden, chief executive of Hold Security, a cybersecurity firm that monitors trade in stolen credentials.

The bank's letter to account holders on its website mid-day on Friday made no mention of "phishing," but it linked to a "frequently asked questions" document whose last answer warned about "phishing." JPMorgan spokeswoman Patricia Wexler said the bank is making the warning more prominent on its website.

"The risk is phishing" Wexler said, adding that people should be on the lookout. She said that there is no evidence that account numbers, passwords, user IDs, birthdays, or Social Security numbers were taken.

The stolen data is likely to end up being sold on underground cybercrime exchanges to fraudsters who will use it for "phishing" and other schemes. Holden said it is likely to be broken up into groups based on categories such as zip codes, with wealthy demographics going for higher rates. He estimates that lots of varying sizes would sell for between $1,000 and $15,000, with each of them being resold multiple times.

Such information can be used to craft "phishing" emails to seek other types of online accounts, beyond the initial firm that was breached, particularly when combined with personal details from social networking sites such as Facebook, Google, LinkedIn and Twitter, security researchers warned. Details from social media profiles can provide criminals with rich information that they can use to craft convincing "phishing" emails, including information about family, friends, education and work.

"Social media helps the criminals pursue their trade," said Mark Rowley, assistant commissioner for specialist operations for London's Metropolitan Police.

JPMorgan's Wexler said that the bank is not offering credit monitoring to its customers because no financial information, account data or personally identifiable information was compromised.

JPMorgan disclosed at the end of August that it suspected it had been the victim of a cyberattack, and said it had hired outside forensics experts to help it investigate the matter, which law enforcement is also probing.

In a letter to investors in April, JPMorgan Chase Chairman and Chief Executive Jamie Dimon told investors that the bank expects to spend more than $250 million on cybersecurity this year, with about 1,000 people focused on the area. The bank's efforts will grow exponentially in the coming years, he added.

Jamie Dimon
James Dimon is the chairman & CEO for the JPMorgan Chase & Co., a director at the United Negro College Fund, and was a director at the   Chicago Council on Global Affairs.
                                                                                         
Note: James A. Bell is a director at the JPMorgan Chase & Co., a member of the Commercial Club of Chicago, and was a director at World Business Chicago.
Richard M. Daley is a senior adviser for JPMorgan Chase & Co., a member of the Commercial Club of Chicago, William M. Daley’s brother, was a director at World Business Chicago, Michelle Obama was his staffer, and Valerie B. Jarrett was his deputy chief of staff.
William M. Daley was the chairman Midwest region for JPMorgan Chase & Co., the chief of staff for the Barack Obama administration, a director at World Business Chicago, a director at the   Chicago Council on Global Affairs, is Richard M. Daley’s brother, and a member of the Commercial Club of Chicago.
Valerie B. Jarrett is a member of the Commercial Club of Chicago, the senior adviser for the Barack Obama administration, a friend of Michelle Obama, a friend of Linda Johnson Rice, and was Richard M. Daley’s deputy chief of staff.
R. Eden Martin is the president of the Commercial Club of Chicago, and counsel at Sidley Austin LLP.
Newton N. Minow is a member of the Commercial Club of Chicago, a senior counsel at Sidley Austin LLP, and married to Josephine Baskin Minow.
Barack Obama was an intern at Sidley Austin LLP, and contributed $125,000 of Nobel Prize money to the United Negro College Fund.
Michelle Obama was a lawyer at Sidley Austin LLP, Richard M. Daley’s staffer, is a friend of Valerie B. Jarrett, and a director at the Chicago Council on Global Affairs.
Josephine Baskin Minow is an honorary life director for the Chicago Council on Global Affairs, and married to Newton N. Minow.
Cyrus F. Freidheim Jr. is an honorary life director for the Chicago Council on Global Affairs, a member of the Commercial Club of Chicago, and an honorary trustee at the Brookings Institution (think tank).
Foundation to Promote Open Society was a funder for the Brookings Institution (think tank), the Aspen Institute (think tank), and the International Rescue Committee.
George Soros was the chairman for the Foundation to Promote Open Society.
Lester Crown was a lifetime trustee at the Aspen Institute (think tank), is the chairman for the Chicago Council on Global Affairs, and a member of the Commercial Club of Chicago.
Linda Johnson Rice is a member of the Commercial Club of Chicago, a friend of Valerie B. Jarrett, and was a director at the United Negro College Fund.
James Dimon is a director at the United Negro College Fund, the chairman & CEO for the JPMorgan Chase & Co., and was a director at the   Chicago Council on Global Affairs.
Colin L. Powell was a director at the United Negro College Fund, is an overseer at the International Rescue Committee, and Michael K. Powell’s father.
Michael K. Powell is Colin L. Powell’s son, and a trustee at the Aspen Institute (think tank).   
Lester Crown was a lifetime trustee at the Aspen Institute (think tank), is the chairman for the Chicago Council on Global Affairs, and a member of the Commercial Club of Chicago.
James Dimon was a director at the   Chicago Council on Global Affairs, is a director at the United Negro College Fund, and the chairman & CEO for the JPMorgan Chase & Co.

















Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)