National Cyber-Forensics & Training Alliance

Internet Fraud Alert

internet fraud alert initiative

What is Internet Fraud Alert?
Internet Fraud Alert (IFA) is a system that functions as a centralized clearinghouse and alerting mechanism allowing trusted participants to report compromised credentials that have been uncovered online. Once reported, IFA will issue an alert to the relevant financial institution or other service provider indicating its customer’s credentials have been compromised. Information regarding the compromised credentials will also be made available to law enforcement tasked with investigating cyber crime.

How does IFA work?
Users submit data through the IFA web application. Once reported, IFA will then issue alerts to the appropriate financial institutions or other service providers indicating customer credentials may have been compromised. The organizations may then log in to IFA and download the reported data as either a comma delimited or tab delimited file.

What if the organization is not a member of IFA?
Research will be conducted to determine the authoritative organization and all reasonable attempts will be made to make them aware of IFA and to solicit their participation.

How does an organization become an IFA partner?
To become an IFA partner, an organization must be affiliated with a trusted online service provider or retailer, financial institution, law enforcement, government, or Internet security research firm, and undergo a thorough vetting process.

What else happens to the data?
NCFTA performs analyses on all submitted data within the scope of its Mission. A submitting organization can choose to share its information with law enforcement.

Security:

  1. Two factor authentication in order to log in to the system
  2. Multiple layers of encryption on all levels
  3. Security reviews were done at the network, application, and application code layers by trusted third party security companies
  4. Vetting of user community

What is the cost of IFA?
There is no cost at this time. Microsoft has donated the tool to the NCFTA. Accuity, the leading provider of global payment routing data, has donated a solution to assist the NCFTA with the vetting of institutions. There will be future cost needs in terms of maintenance (bandwidth, internal data parsing, etc.) and any upgrades to the system.

For more information, please see: https://www.IFraudAlert.org.

NCFTA Cyber Alerts

NCFTA JOINS TARGET’S CYBERSECURITY COALITION

The National Cyber-Forensics and Training Alliance (NCFTA) is pleased to join Target, the National Cyber Security Alliance (NCSA), and the Better Business Bureaus (BBB) to form a coalition to assist in educational awareness of cyber threat activity affecting all consumers.   

When Target approached the NCFTA to be a part of this coalition, we were thrilled and honored.  Target has a long standing history and distinction of trust and doing the right thing.  Their approach to this adverse situation is not surprising, given their core values as a company and their commitment to communities.  The NCFTA is very proud to work with such trustworthy national organizations like Target, the BBB and the NSCA towards a safer cyber future for everyone, consumers and businesses.

In today's highly connected digital world, it is more important than ever for people to be more vigilant in regards to their cyber hygiene.  Education, knowledge and awareness to all of the schemes and techniques are critical to protect ourselves.  None of us are immune – from a personal or business perspective – but all of us can take steps to educate ourselves against the threats.  Cyber threats are constantly evolving and increasing complex.

Now, it is more important than ever to teach and spread the word to employees, friends, family, how to protect themselves from cyber criminals and threats.  When Target considered NCFTA as part of this coalition, we were truly honored to work with the BBB and NSCA in this worthy effort. 

Target’s Newsletter – “A Bullseye View”: http://www.abullseyeview.com/category/databreach//

Target’s Website:
https://corporate.target.com/about/payment-card-issue.aspx

National Cyber Security Alliance: http://staysafeonline.org/

Better Business Bureaus: http://www.bbb.org/council/

FBI looks for partnerships to counter Cyber threat

Government Security News
Mueller pointed to the National Cyber Forensics and Training Alliance as a model for private industry and law enforcement collaboration.

Press Release: Pennsylvania Governor Tom Corbett, FBI, Department of Homeland Security, and United Kingdom Officials to address government and industry collaboration on fighting cyber threats

FOR IMMEDIATE RELEASE Contact: Fleishman-Hillard Alex Kepnes, 703-575-8900 [email protected]   PENNSYLVANIA GOVERNOR TOM CORBETT, FBI, DEPARTMENT OF HOMELAND SECURITY, AND UNITED KINGDOM OFFICIALS TO ADDRESS GOVERNMENT AND INDUSTRY COLLABORATION ON FIGHTING CYBER THREATS   Forum to Focus on Steps Industry and Government Must Take to Address Cyber Threats at National, State and Local Levels   [...]

Tax Refund Spam

Individuals should be vigilant of emails concerning tax refunds. Fraudsters consistently send spam appearing to be from the IRS and financial institutions containing a link to a phishing website and/or malware typically during tax season in the US. Fraudsters then attempt to either socially engineer potential victims and/or infect their computers in order to gain [...]

Email Compromise and Wire Fraud

The NCFTA, along with its law enforcement and industry partners, has observed that cyber criminals are gaining access to compromised email accounts and leveraging the relationship between the email account holder and their financial advisor to request unauthorized wire transfers. The criminals either use the existing email address or slightly change the email address by adding or supplementing a letter or number. The criminals then typically attempt to socially engineer the advisor through stories of hardship or loss in order to justify the wire transfer.

Once the criminals have verified the amount in the account, they request that funds be sent to bank accounts in the US, Australia, and Malaysia. Some of the funds sent to US and Australian accounts have ultimately been sent to Malaysian accounts. Some of the money mules were recruited by romance scams on dating websites. Banks, brokerage firms, and credit unions of all sizes have been affected by this scam.

Please see http://www.ic3.gov/media/2012/EmailFraudWireTransferAlert.pdf for additional information on this scam and guidance on how to report such incidents to law enforcement.