Publication: Fraude digital : prevención, detección, análisis y eliminación
Loading...
Identifiers
Publication date
2015-03-09
Defense date
2015-03-09
Authors
Advisors
Tutors
Journal Title
Journal ISSN
Volume Title
Publisher
Impact
Export
Abstract
El delito digital es una realidad que no se puede pasar por alto. Cada día son más y más los delincuentes que deciden cambiar la calle por el ordenador debido a todas las ventajas que ello conlleva, pues se trata de un mundo que a día de hoy permanece casi virgen en lo que a seguridad se refiere y les permite actuar a voluntad con mucho menos riesgo del que tendrían en el mundo real. Por ello se ha ideado este documento, cuyo objetivo es orientar en la lucha contra uno de los delitos más comunes, el Fraude Online.
La gestión de un caso de Fraude Online como pudiese ser un Phishing se estructurará en 3 momentos claves para su tratamiento: Detección, Análisis y Eliminación. Se añadirá un apartado extra, el de Prevención, que son unas pautas más orientadas al usuario medio en un ámbito doméstico que al analista del ámbito profesional.
Aunque se ha intentado crear una guía lo más sencilla posible para el lector, la naturaleza de la temática que se va a tratar hace que sea fácil perderse en algunos puntos, es por ello que a continuación, se explicarán los pasos básicos a realizar para solventar con éxito un caso reportado:
- Detección: La motivación de este módulo es conseguir verificar que se está ante un caso de fraude fidedigno. Para ello se harán uso de diferentes herramientas (ya sean privadas o públicas) que permitirán al analista comprobar la actividad y evaluar la gravedad del caso. Con esto ya se podrá informar al cliente de su apertura y del tratamiento del mismo. Éste, probablemente, sea el momento que más experiencia requiere por parte del analista, pues la información obtenida por las herramientas debe ser interpretada por él para sacar las conclusiones adecuadas y proceder en consecuencia declarando como fraude un caso.
- Análisis: Llegado este punto, es el momento de recabar toda la información posible para poder acelerar el cierre del caso. Para ello y de nuevo, se deberán utilizar diversas herramientas que mostrarán toda la información relacionada con el Dominio afectado. Con esta información se elaborará un plan de actuación con el que empezar a contactar en el siguiente apartado con los contactos que puedan tener algún tipo de influencia en el caso. Como se indicará es recomendable revisar casos ya cerrados en el pasado para comprobar si existe algún patrón de actuación ya utilizado que pueda ser de ayuda o si hay algún tipo de información que sea común a ambos, con el consiguiente ahorro de tiempo y medios.
- Eliminación: En este momento de la vida del caso, se van a realizar las acciones oportunas para solicitar que aquellas personas o empresas que tengan algún tipo de poder administrativo sobre el Dominio empiecen a gestionar el cierre del mismo o, en su defecto, colaboren con el analista para conseguirlo. Una vez obtenido el cierre y verificado el mismo, se informará al cliente de la conclusión satisfactoria del caso y se procederá a monitorizar la/s Uri/s afectada/s. Con esto se tendría el plan de ruta básico y elemental para hacer frente al Fraude Digital, no obstante, la experiencia del analista es la que va a determinar el éxito en la gestión de un caso, por lo que independientemente de esta guía, es primordial contar con una formación especializada sólida.
The digital crime is a reality that cannot be overlooked. Every day there are more and more criminals who decide to change the streets for the computer, due to all the advantages that it carries, because it is a question that today still remains almost virgin in what to safety refers and allows them to operate to will with much fewer risk of which they would have in the real world. That is the reason why this document has been designed, and which aim is to orientate in the fight against one of the most common crimes, the Fraud Online. The management of a case of Fraud Online like Phishing, for example, will be structured in 3 key moments for his treatment: Detection, Analysis and Elimination. It will be added an extra paragraph, the Prevention one, which is a few guidelines more orientated to the average user in a domestic area that to the analyst of the professional area. Though an as simple as possible guide has tried to be created for the reader, the nature of the subject matter that is going to treat does that it is easy to get lost in some points, is for it that later, the basic steps which must be done will be explained to solve successfully a brought case: - Detection: The motivation of this module is to manage to check that one is in front of a case of trustworthy fraud. For that, it will be used different tools ( private or public ones) that will allow to the analyst to verify the activity and to evaluate the gravity of the case. With this, it will already be possible to inform to the client of his opening and how to treat it. This one, will probably be the moment that more experience needs on the part of the analyst, since the information obtained by the tools must be interpreted by him to extract the suitable conclusions and to proceed in consequence declaring as fraud a case. - Analysis: Come this point, it is the moment to obtain all the possible information to be able to accelerate the closing of the case. For it and again, there must be used diverse tools that will show all the information related with affected Domain. With this information there will be elaborated a plan of action with which to start contacting in the following paragraph with the contacts that could have some type of influence in the case. As it will be indicated it is advisable to check other cases already closed, to verify if there is some boss of action already used, that could help or if there is some type of information that is common to both, with the consequent saving of time and a half. - Elimination: At this moment of case's life, the opportune actions are going to start in order to request that those persons or companies that have some type of administrative power on the Domain start managing the closing of it or, in his fault, collaborate with the analyst to obtain it. Once obtained the closing and assured it, the client will be informed of the satisfactory conclusion of the case and we will proceed to monitor the Uri’s afected. With this we have the basic and elementary plan of route to face the Digital Fraud, nevertheless, the experience of the analyst it is what is going to determine the success in the management of a case, for what independently of this guide, it is basic to possess a specialized solid formation.
The digital crime is a reality that cannot be overlooked. Every day there are more and more criminals who decide to change the streets for the computer, due to all the advantages that it carries, because it is a question that today still remains almost virgin in what to safety refers and allows them to operate to will with much fewer risk of which they would have in the real world. That is the reason why this document has been designed, and which aim is to orientate in the fight against one of the most common crimes, the Fraud Online. The management of a case of Fraud Online like Phishing, for example, will be structured in 3 key moments for his treatment: Detection, Analysis and Elimination. It will be added an extra paragraph, the Prevention one, which is a few guidelines more orientated to the average user in a domestic area that to the analyst of the professional area. Though an as simple as possible guide has tried to be created for the reader, the nature of the subject matter that is going to treat does that it is easy to get lost in some points, is for it that later, the basic steps which must be done will be explained to solve successfully a brought case: - Detection: The motivation of this module is to manage to check that one is in front of a case of trustworthy fraud. For that, it will be used different tools ( private or public ones) that will allow to the analyst to verify the activity and to evaluate the gravity of the case. With this, it will already be possible to inform to the client of his opening and how to treat it. This one, will probably be the moment that more experience needs on the part of the analyst, since the information obtained by the tools must be interpreted by him to extract the suitable conclusions and to proceed in consequence declaring as fraud a case. - Analysis: Come this point, it is the moment to obtain all the possible information to be able to accelerate the closing of the case. For it and again, there must be used diverse tools that will show all the information related with affected Domain. With this information there will be elaborated a plan of action with which to start contacting in the following paragraph with the contacts that could have some type of influence in the case. As it will be indicated it is advisable to check other cases already closed, to verify if there is some boss of action already used, that could help or if there is some type of information that is common to both, with the consequent saving of time and a half. - Elimination: At this moment of case's life, the opportune actions are going to start in order to request that those persons or companies that have some type of administrative power on the Domain start managing the closing of it or, in his fault, collaborate with the analyst to obtain it. Once obtained the closing and assured it, the client will be informed of the satisfactory conclusion of the case and we will proceed to monitor the Uri’s afected. With this we have the basic and elementary plan of route to face the Digital Fraud, nevertheless, the experience of the analyst it is what is going to determine the success in the management of a case, for what independently of this guide, it is basic to possess a specialized solid formation.
Description
Keywords
Delitos informáticos, Fraude, Protección de datos