Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
In his address to the conference, Trey Ford, director of solutions architecture for WhiteHat Security, explained how simple faults in procurement systems could cost companies hundreds of thousands of dollars.
Some of these techniques required little or no technical skill at all, he said. For example, a woman in the US found that by making an order and then cancelling it before the browser had reloaded she would still be sent the products but not billed for them.
She sold more than US$400,000 worth of these goods on eBay before being caught – not because the company identified her but because buyers of the products became suspicious.
The reload function of the browser could also be used by "pump and dump" scams – where stock prices are manipulated by online information – by interfering with Google News rankings, he said.
It would be easy to write code that reloaded a certain news page many thousands of times and shift it up into the Google News top stories page, he said, and this could be very profitable for a pump and dump scam.
“Pump and dump is highly profitable,” he said. “In a good stock market you can make seven-figure sums by gaming the market correctly.”
He gave the example of United Airlines, which lost 75 per cent of its stock price temporarily after an outdated and inaccurate Bloomberg report about the airline jumped into the Google News rankings.
While he said this wasn't the activity of pump and dump scammers as far as anyone knew, it showed how the savvy scammer could make huge sums by manipulating online information.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.