26 November 2014

The Joy of Fraud Fighting

Uri Rivner - BioCatch

77 | posts 318,157 | views 35 | comments

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

Sweetheart Scams: When Fraudsters Turn to Romance

30 June 2014  |  1811 views  |  0

It’s always heart breaking to see how people keep falling to good old fraud techniques, and while the recent wave of Sweetheart Scams carries a clear romantic notion, it’s actually one of the nastiest ploys on the market. “It’s too good to be true” has never been more highlighted than when the tall, handsome foreigner you had a digital relationship with ends up being a cyber con artist interested only in your bank account.

 

Most scams are the digital equivalent of the con artist developing a completely fake relationship with a person in order to steal her money, jewelry or – in case of industrial espionage – her company’s information. We’ve read about countless cases like these, seen countless movies and TV shows (remember the handsome fella in LOST?) and generally feel you have to be extra-stupid to fall for something like that. But when it comes to cyberspace, it’s getting more complicated. How can you trust ANYONE online?

 

Cybercriminals are exploiting this gap effectively, and are using online dating sites as the penetration point. They’ll befriend the victim and then steal their money. This interesting Netcraft blog shows how they deploy dating site phishing attacks so they can compromised people’s credentials and launch their scams without even using a stolen credit card to buy a subscription. And this article based on research by transaction monitoring company Guardian Analytics warns of the growing number of sweetheart scams online.

 

Sweetheart Scams are not just used as a way to attract new victims – but also to attract unsuspecting mules. One of our US customers, a Top 50 Bank, encountered an elaborate scam involving a fraudster in Nigeria and a US-based lady mule whom he ‘met’ online. Once the romantic relations between the two have been established, he asked his new girlfriend for a quick favor. The stories vary from one mule to another, but typically it would be something like this: I run a small business with multiple customers in US who complained about the fact they can’t easily send me money abroad. So honey, will you be so kind and accept those customers’ money transfers to your bank account, then go to the branch, get the cash and wire it to me via one of those international money wire services?

 

The bank found out the fraudster asked the mule to give her online banking credentials, and since we’ve been running our behavioral authentication for several months now at that bank, they asked us in BioCatch to see if we noticed anything suspicious in the account. What we found was that indeed two users with completely different behaviors were operating inside the account: the genuine user, and her digital sweetheart. Most of the fraudster's access was via local proxies in the US, except one case where they were probably in a hurry and connected from Nigeria. And we found another interesting thing.

 

The fraudster was pasting the user name during the login phase. That’s highly unusual: most people would either type the login or use auto-complete functions. Pasting the user name is very uncommon, but here’s the thing: this fraudster probably has dozens, if not hundreds, of sweethearts in the US; you can’t expect him to remember all their user names, right?

 

 

Good old Sweetheart Scams are now booming in Cyberspace TagsSecurityMobile & online

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Uri

Brazil vs. Germany: A Surprising Find

12 July 2014  |  2332 views  |  1  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

Sweetheart Scams: When Fraudsters Turn to Romance

30 June 2014  |  1811 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

BitCoin Explained: How to Become a BitCoin Thief - part 1

04 December 2013  |  17671 views  |  1  |  Recommends 1 TagsMobile & onlinePaymentsGroupInformation Security

A Message from Hell

01 October 2013  |  2880 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

The Dark Side of Security

11 September 2013  |  2145 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services
name

Uri Rivner

job title

Head of Cyber Strategy

company name

BioCatch

member since

2008

location

Tel Aviv

Summary profile See full profile »
Internet. The perfect fraud frontier. These are the thoughts of Uri Rivner, head of Cyber Strateg...

Uri's expertise

What Uri reads
Uri writes about

Who is commenting on Uri's posts

Ketharaman Swaminathan
Brett King