How To Make Safe Financial Transactions

Warning

NOTE: “I am trying to help people make safe financial transactions but I take no responsibility for anyone’s financial loss. Reading and following this information is done at your own risk.” — HC

Introduction

“The criminals hack into the email chains between sellers and buyers and their solicitors and estate agents. The fraudsters then send an email – usually on the day of sale completion – informing the parties that bank account details have changed at the last minute and that money should be deposited in a different account.” – Robert Mendick, and Nicole Blackmore, The Telegraph

The news is telling us about people who have been defrauded while making financial transactions where they have to exchange large sums of money, particularly when purchasing or selling real estate. This has made me think through the issues and give my two penny worth of advice about how to make safe financial transactions, particularly when email is involved. In particular I refer to the use of Digital Certificates otherwise referred to as Digital IDs (Identities) when sending emails.

Digital Certificates are used to digitally sign an email. When the process is performed correctly by all parties it would take a really massive effort by a fraudster to make his fake email appear genuine.

I cannot deny that steering clear of computers, mobile phones and other forms of IT would be the safest way. Beware of information passed in a phone call too. That could be fraudulent as well.

“We are getting more and more instances of this. The outcome for the fraudster is tremendous. They can earn £1m on the sale of a house in the south-east.” – Steve Proffitt, deputy head of Action Fraud. (Quoted from The Telegraph)

This Article About Safe Financial Transactions Covers:
  • Methods used to get people’s money by using fraudulent communications,
  • How to avoid being persuaded to send money to a fraudsters account,
  • Use of email Digital Certificates (Digital IDs).

Continue reading “How To Make Safe Financial Transactions”

Backdoor Trojan Regin Spying Since 2008

A recently discovered Backdoor Trojan Regin is a computer bug found by the software security company Symantec. Its purpose is to spy on the activities taking place on computers. It can collect passwords, capture screen images and even recover deleted files.

The Backdoor Trojan Regin has been made to operate in five stages the last two being encrypted to make it very difficult to discover and understand. If any stage were to be discovered it would say little about the other stages. Two stages are specifically given over to loading each other and the other stages. You can see a block diagram of Regin’s stages of operation at this Symantec site.

Backdoor Trojan Regin appears to have been developed as far back as 2008 and by its sophisticated nature was probably developed by a nation state as opposed to criminals. It appears to have been withdrawn from use by its masters in 2011 and a new version reintroduced in 2013.

Regin infections have been found in the following countries:

  • Afghanistan
  • Austria
  • Belgium
  • India
  • Iran
  • Ireland
  • Mexico
  • Pakistan
  • Russian Federation
  • Saudi Arabia

All Regin infections have been shared by these sectors thus:

  • Airline – 5%
  • Energy – 5%
  • Hospitality – 9%
  • Research – 5%
  • Small Businesses & Private Individuals – 48%
  • Telecoms Backbone – 28%

The Backdoor Trojan Regin has been made extremely stealthy so that it is very hard to determine what it is up to even after discovery. It could go undetected for years. For those interested it uses RC5 encryption which isn’t commonly used.

References

  1. BBC News – Regin, new computer spying bug, discovered by Symantec.
  2. Symantec Security Response – Regin: Top-tier espionage tool enables stealthy surveillance.
  3. Symantec White Paper on Regin.
  4. Wikipedia on Trojan Horse – Computer terminology.
  5. Wikipedia on RC5 encryption.