There’s so many things going in favor of online fraudsters these days – so much back wind they can use to accelerate their evil business – that it seems like there was never a better time to take up to crime. Provided, of course, that you have a weak moral
fiber.
Let me list a couple of things:
- Trojans are so easy to run and operate. The State-of-the-art has never been within reach of so many non-technical fraudsters.
- Trojans also come cheap. Just a single fraudulent online banking transfer will cover your cost for buying the latest Trojan on the market.
- Trojans can defeat any single authentication technology thrown at them. A little bit like germs that eventually become immune to antibiotics. By the way, the trick is to use multiple lines of defense and combine visible with invisible techniques.
- Infection is getting really out of hand. We talk about x10 infection rates compared to just a year ago. Mostly this is due to drive by downloads. If you want a good example for that, check out www.Paulmccartney.com – and have a look at their security statement
from 01.05.2009 (first of May for those of you not used to British dates).
But these are just the technological advancements. It wouldn’t have been so bad if the economy was OK. But now that there’s a storm outside, the impact of these advancement is far worse. Fraudsters learned how to ride the storm.
There are several ways to use the economic hardships to scale up your fraud operation. Some say it’s a good time to find insiders within a call center of a bank or a retailer. I think the main opportunity the fraudsters use is different: work-from-home ads.
In order to empty a victim’s account you need a “mule”. Someone that will – unknowingly – collaborate with you. Before the economic crisis it wasn’t that difficult to find mules: you just sent emails explaining you’re a European charity looking for a local
manager in Australia that will receive “donator money” and wire it to the needy in East Europe. Or that you’re a foreigner who can’t open an account in the UK, but you have lots of business and many customers willing to pay; so you’re looking for a regional
financial officer to take care of these payments: customers will pay via money transfers, and the financial officer will walk to the international wire agency branch to send the cash out of the country. Many people responded to these scams and became part
of a criminal fraud operation.
Hey, I even got such email myself – see attached image.
I’m still considering working for AutoPay – the extra salary is amazing, I meet all the qualifications, and I can squeeze a couple of hours of working from home in my schedule, I reckon. Maybe I can even do it from the office.
OK, enough fun. Where was I? Oh. I was making the point that even before Credit Crunch, it wasn’t difficult to find mules willing to work for the fraudsters.
But now with the economic crisis, things have gotten much worse. People actively search online job websites for these ‘work from home, earn lots of money’ ads. People that lost their job, or had to cut their salary, or small businesses that collapsed.
So thousands of innocent people apply, give all their information, and wait for an opening. The fraudster just uses each mule in turn, and picks the next one standing in line. They also improve their “front end” – today’s scams look much better than AutoPay.
This allows the criminals to scale up their cash-out operation. So now they have great scalability in both stealing the data, and using it.
eCommerce fraud is also easier these days. Merchants are reluctant to reject good business. They need every customer they can get and will think twice before declining transactions, especially in high-ticket items.
Another way to ride the economic crisis is new account opening. If – through identity theft – you collected enough information to pose as a legitimate person, preferably someone with great credit history, no card issuer will refuse letting you open an account.
They’ll be crazy to turn you down in these troubled times. They’ll also offer you amazing benefits if you “move” from another issuer using a balance transfer.
Then all you have to do is use the credit and run.
And here’s another side effect of the economy: delinquency is now at record high figures. In the US, the top 5 card issuers had 5.4% delinquency in 2008. This means one out of twenty loans are never paid, and it’s not getting any better.
So now you have a collection team that handles a huge amount of credit defaults. They send the 6’5” goons to knock on people’s doors and convince them to pay their credit bills. But many of these “cardholders” are phantoms. They are fraudulent applications
miss-classified as bad debt. And the bank loses in three ways: first by getting hit by the fraud, then by not having enough data on how much they lost – limiting their capability to mitigate future fraud, and third by hiring more goons to chase these ghost
accounts.
To summarize all that: there’s a storm outside, and the bad guys are riding it really well.