Dot-Con: Online fraud from the victim’s perspective – Part 1

[This is the first part in a series of blogs about how electronic crime impacts every day people.]

I worry that there is a general assumption that the victims of electronic crime are naïve, technologically-unsavvy people who were fooled by rudimentary techniques that would be “easy” for the rest of us to detect.  Even Bruce Schneier talks about how people in security tend to blame the victim.

If it was ever easy to detect these types of scams, it is very different now.  I have come across two cases in the last few weeks that highlight the sophistication level of the criminals, how difficult it is to determine whether the attacks are malicious, and how challenging it can be to get help when you have fallen victim to these scams.  In both cases, the victims were educated, intelligent people who were defrauded by elaborate schemes.

My goal with this series is to give people the victim’s perspective with respect to electronic crime.  In hearing about these two cases, I am concerned that the criminals have found yet another loophole they can exploit: keep the crimes in the medium dollar range ($5,000-$10,000) and make sure your victims are geographically diverse.  By doing these two things the criminals have made it almost impossible for law enforcement to do anything about these crimes.

Before I get started I want to point out that I’m absolutely not blaming law enforcement.  I understand why the Secret Service, FBI and their local and international counterparts need proof that the crime resulted in a high amount of loss before they can prioritize it for investigation.  My concern is that the criminals have figured this out and are using it to perpetrate these crimes without getting caught.  If the full extent of these crimes was understood, investigating these crimes might be a much higher priority.

Throughout this series, I’ll explain the scams and the victims as well as what they went through to report their cases and what I went through trying to help as a professional e-crime fighter with the best connections and resources available.

I am fortunate to have had the opportunity to talk to these people about their experiences.  In many cases, victims of these crimes are hesitant to talk to people about what happened to them because of the stigma that smart people couldn’t possibly fall for these scams.  It is imperative for security people to understand the experience from the victims’ point of view and I am, therefore, lucky to have had the opportunity to hear these stories from the people who lived them.

Like TV crime shows, I have changed or anonymized the pertinent details to protect the innocent.  In both cases, the victims feel violated and ashamed.  This only serves as an added bonus for the criminals since a very large percentage of victims never report these incidents.  In both cases, the victims lost large sums of money, and were completely powerless in getting any of their money returned.  In both cases, the victims felt the only possibility for justice would be if they went after the criminals themselves.

The two cases I will detail in this series should be familiar to all who read this blog.  The first is a traditional Nigerian inheritance scam that makes appearances of being run out of the UK, while the second is an online work-from-home drop-ship scam.  My goal in presenting these cases is to redefine how we in the online security space interact with these victims and think about these crimes.

Here is the series:

Part 2: Dot-Con – Online fraud from the victim’s perspective

Part 3: Dot-Con – Online fraud from the victim’s perspective

Part 4: Dot-Con – Online fraud from the victim’s perspective

Part 5: Dot-Con – Online fraud from the victim’s perspective

Part 6: Dot-Con follow up

March 17, 2009 - Posted by Laura Mather | Fraud, Online Fraud, Phishing, Social engineering, Trust | 419 scams, Fraud, nigerian scam, Online Fraud, Social engineering | 6 Comments