Sunday, April 10, 2011

Targeted phishing emails help clone magnetic stripe credit cards

In the last months, I read two interesting news reports. The first was of a couple arrested for using cloned credit cards to make purchases. They were recruited by a local Nigerian crime ring which provided them with cloned the cards to purchase designer goods. These goods were later sold and profits shared. What was most surprising was that the couple was young, about to get married,  MBA's and came from reputable Indian families.

The second was actually several reports of targeted phishing mails using events and antiphishing themes to con user into parting with credit card details. The World Cup Cricket, RBI, Income Tax Department, Kiran Bedi were events, organisations or personalities on which elaborate stories were built to social engineer users.

In India, we still use magnetic stripe cards unlike other countries that use chip and pin which enables phishers to generate cloned cards based on information stripped from phishing scams. These are used by small crime rings to buy goods and sell them for cash.

The other low tech way of obtaining card information is while you shop. Card information is read by a magnetic reader and later used to clone the card. The actually cloning of the card is actually an easy process requiring plastic cards, a printer and an embossing kit. The whole apparatus does not cost more that 5000$.

It may not be easy to fake an rupee note due to the special features built into the note itself, but a magnetic stripe card is fairly simple as it has only a single hologram of the card issuer as credible protection. Low tech forgers usually replace this 3D hologram with a 2D picture, but recently hologram stickers are now available at 100$ for a pack of 10.

No comments:

Post a Comment