Rid the fools of their money – the online world of crime and fraud

Allikas: KakuWiki
Redaktsioon seisuga 31. juuli 2006, kell 23:35 kasutajalt Kakk (arutelu | kaastöö)
Mine navigeerimisribaleMine otsikasti

(Status of the text: under development)


  • History of online crime - from first pranks to organised crime

Main types

Online frauds

The first Internet frauds probably occurred soon after the Net was discovered as a marketing and trade channel. In turn, this happened when the critical mass of users was reached due to Internet reaching mainstream. The first frauds were probably simple - someone offered some goods with very favourable prices, asked for payment in advance and never delivered. This kind of activity can be still found in the Net, but as the online trade became more organised with appearance of larger players (eBay, Amazon etc), it became more difficult to get away. In most places, failure to play fair results in banishment of the fraudster, who needs to find another place to practice. This kind of fraudsters generally prefer popular goods with small dimensions, e.g. jewelry, watches, cameras etc. To reach potential clients, many fraudsters either practice spamming themselves or order "mass marketing" from dedicated spammers.

However, this kind of fraud is relatively small-scale compared to the credit card frauds. This sector is rapidly increasing and is connected to the spyware makers - various malware like trojans and keyloggers are used to obtain credit card information, which then is used to purchase various goods over the Net. But spyware is not the only way to get credit card data - methods include stealing of credit cards, intrusion to companies' databases, stealing computers containing valuable data and many kinds of social engineering. Even the so-called 'secure transactions' are not always secure (somehow it seems to be a bigger problem in the US due to the specific features of business practices and transfer systems) - while most of the online transactions are encrypted nowadays, it is possible to intercept the transfer before the encryption is applied (e.g. hijacking the user's computer with a trojan).

The features of the US banking system (especially the use of cheques which are still a widespread payment option in the US, while being much less used in the UK and France and long gone in Northern Europe) allow fraudsters to use social engineering to obtain wire transfer information from the merchants, which is then used to generate fake cheques to pay for goods.

Credit card frauds are a subclass of identity theft. The most straightforward way is to send out (by e-mail, often spammed) inquiries to various merchants, asking if they accept credit cards. Stolen credit card data is then used to pay for the goods - later, the seller will usually receive a chargeback demand from the credit card company and will lose his/her money.

Another largely US-specific feature that has increasingly been exploited during the recent years is postal money orders. [1] These are cheques which are meant for sending by ordinary post system. Although they are designed to be relatively secure (using similar technologies with regular bank notes), they have been increasingly counterfeited by criminals. Having a quite long and relatively 'clean' history, people may well be less suspicious than with bank notes. Like many other kinds of online crime, the main sources tend to be West Africa and Eastern Europe.

Nigeria(tm): scam industry

  • The roots - what makes it possible
  • Countermeasures