Silver Tail Systems Blog

Preventing Online Fraud Through Web Session Intelligence

12 Scams of Christmas

This is my last post of the year and given that it is the holidays, I wanted to do something a little festive.  Granted, fraud is in no way festive.  But maybe protecting yourself from fraud is??

Either way, McAfee released a report on the “12 Scams of Christmas“.  While this is relevant now, most of what the recommend is also relevant the rest of the year – everything except maybe the Christmas carol one, thought that would apply year-round to popular songs’ lyrics.  The criminals are just trying to get you to their websites and they are going to use whatever they think will get you there.

It seems appropriate to close out the year with ways to keep you, and your loved ones, safe.  Take a look at the report and hopefully it will make for a very happy (and safe) 2010.

Happy holidays everyone!  I’ll look forward to talking to you in the new year.

December 22, 2009 Posted by | Online Fraud | , | Leave a Comment

Part 5: Dot-Con – Online fraud from the victim’s perspective

My previous posts described Paul and Scott, the scams they fell for, and the things they did to try to get help.  In talking to Paul and Scott, I came to realize that I had very little understanding of electronic crime from the victim’s perspective.  I have spent my professional life trying to thwart these online criminals through policies and technology, driven by the belief that it was the right thing to do.  But hearing the frustration, tedium, and finally hopelessness that Paul and Scott have endured because they were fooled by schemes that were very convincing and seemed legitimate has reawakened the purpose of my pursuit.  More than I ever I want to stop these scams.

At the moment, my main concern is this: the bad guys have found a loophole in the system that allows them to exploit people like Paul and Scott and get away with it.  By keeping the final “take” for each victim relatively low (within $10k or so), and by having geographically diverse victims, the bad guys make it extremely difficult for law enforcement to determine when there might be a mass crime spree taking place.

In talking to someone from the FBI, it sounds like it is generally believed the bad guys aren’t targeting the low dollar amounts to stay under the radar.  But, since the amounts in these cases are low, they do tend to go a bit more under-reported/under-investigated than the higher dollar amounts.  There are groups within law enforcement that not only collect the data from the victims (through ic3.gov), but also link that data to more prolific online fraud networks like botnets, spam rings, etc.  This is great news!

So, there are places to report this: ic3.gov.  I don’t think law enforcement usually spends much on marketing, so that might be why the message about this site isn’t out there.

What I’m wondering has two parts.

1) Is ic3.gov the best place to report these types of crimes?  Are there other such databases/aggregators?

2) Whatever place is the best – can we get the message out about how to respond to this type of fraud?  Just because law enforcement doesn’t have a marketing budget, doesn’t mean the message can’t get out there.  Maybe we can help.

apwgindexbanner1If anyone out there knows has thoughts on these questions, I’d be very interested to hear them.  I’m going to start exploring this topic further.  I’ll be soliciting help from my friends at the Anti-Phishing Working Group (APWG) to do this, but if any of you out there would like to participate in this quest, please let me know.  I think the questions above are fundamental to moving the fight against online fraud forward.

March 30, 2009 Posted by | Fraud, Investigation, Online Fraud, Phishing, Prevention, Social engineering, Trust | , , | 3 Comments

   

Follow

Get every new post delivered to your Inbox.