Rid the fools of their money – the online world of crime and fraud

Allikas: KakuWiki
Redaktsioon seisuga 1. august 2006, kell 00:03 kasutajalt Kakk (arutelu | kaastöö)
Mine navigeerimisribaleMine otsikasti

(Status of the text: under development)


  • History of online crime - from first pranks to organised crime

Main types

Various online frauds

The first Internet frauds probably occurred soon after the Net was discovered as a marketing and trade channel. In turn, this happened when the critical mass of users was reached due to Internet reaching mainstream. The first frauds were probably simple - someone offered some goods with very favourable prices, asked for payment in advance and never delivered. This kind of activity can be still found in the Net, but as the online trade became more organised with appearance of larger players (eBay, Amazon etc), it became more difficult to get away. In most places, failure to play fair results in banishment of the fraudster, who needs to find another place to practice. This kind of fraudsters generally prefer popular goods with small dimensions, e.g. jewelry, watches, cameras etc. To reach potential clients, many fraudsters either practice spamming themselves or order "mass marketing" from dedicated spammers.

However, this kind of fraud is relatively small-scale compared to the credit card frauds. This sector is rapidly increasing and is connected to the spyware makers - various malware like trojans and keyloggers are used to obtain credit card information, which then is used to purchase various goods over the Net. But spyware is not the only way to get credit card data - methods include stealing of credit cards, intrusion to companies' databases, stealing computers containing valuable data and many kinds of social engineering. Even the so-called 'secure transactions' are not always secure (somehow it seems to be a bigger problem in the US due to the specific features of business practices and transfer systems) - while most of the online transactions are encrypted nowadays, it is possible to intercept the transfer before the encryption is applied (e.g. hijacking the user's computer with a trojan).

The features of the US banking system (especially the use of cheques which are still a widespread payment option in the US, while being much less used in the UK and France and long gone in Northern Europe) allow fraudsters to use social engineering to obtain wire transfer information from the merchants, which is then used to generate fake cheques to pay for goods.

Another largely US-specific feature that has increasingly been exploited during the recent years is postal money orders. [1] These are cheques which are meant for sending by ordinary post system. Although they are designed to be relatively secure (using similar technologies with regular bank notes), they have been increasingly counterfeited by criminals. Having a quite long and relatively 'clean' history, people may well be less suspicious than with bank notes. Like many other kinds of online crime, the main sources tend to be West Africa and Eastern Europe.

Car scams, on the other hand, have been found all over the net. These may include pretending to sell a car and convincing the potential buyer to send in some money 'to cover the transaction costs'. It is also possible to do a typical 'money-change' scam with large-sum counterfeited cheques: to send in a fake cheque for e.g. $35000 for a $31000 car and ask the victim to return the balance of $4000. Later, the cheque will bounce and the balance money is lost.

Credit card frauds

Credit card frauds are a subclass of identity theft. The most straightforward way is to send out (by e-mail, often spammed) inquiries to various merchants, asking if they accept credit cards. Stolen credit card data is then used to pay for the goods - later, the seller will usually receive a chargeback demand from the credit card company and will lose his/her money.

The more ingenious schemes involve getting a 're-shipper' somewhere 'in the West'. It might be a woman who were targetted over a chat or dating service and promised a marriage (a favourite trick of some Nigerians), or someone who reacted to a spammed 'business proposal'. The re-shipper is convinced to receive some goods (no payments are needed) and then forward them to an address that is safe for scammers (e.g. somewhere in Nigeria). The goods are purchased using stolen cards, but when they are tracked, usually only the re-shipper will be caught.

Nigeria(tm): the scam industry

  • The roots - what makes it possible
  • Countermeasures