Wednesday, February 13, 2013

Fraud: Part 2 - Why and What?


 Fraud: Part 2 - Why and What?

My last post discussed who commits fraud and the various ways they obtain your personal information.  You can check that out here.  As promised, this post will discuss the different types of fraud that cybercriminals commit after they have your information and what you can do to protect yourself.  I will also talk about the various ways that fraudsters are using web analytics to develop their newest fraud schemes.  Of course, I am focusing on cybercrime and cybercriminals, so the fraud schemes discussed will be focused on internet crime. 

Why? - To Get Your Money       

That seems obvious, right?  But there are lots of different ways to steal your money and that's the trick for a fraudster - figuring out the best way!  There are too many scams to name them all in this blog post so I will include references at the end if you're interested in learning more.  Now let's talk about some of the techniques that fraudsters use to separate you from your hard-earned cash over the internet!

  • Clean Fraud - This is a relatively new term and it is becoming a BIG problem.  Clean fraud happens when purchases are made on the internet with stolen credit cards...  here comes the but...  BUT the transactions APPEAR to be completely legitimate to fraud detection software!!  This is possible because cybercriminals can manipulate all of the elements of a card transaction and internet browsing session1.  In other words, someone in New York can use MY card and make it look like the purchase is coming from MY computer.  This is all made possible by web analytics.  Fraudsters have been smart enough to collect data and analyze what is causing their stolen cards to get declined.  And sure enough, they have cracked the code and are only getting better!  This is a huge threat to online merchants in particular because the "old" methods of detecting fraudulent transactions are no longer effective.

  • Account Takeover - What better way of stealing your money then to hi-jack your credit card and bank accounts?  A cybercriminal will use all of the ways we discussed last post (malware, SQL Injections, keyloggers, etc.) to obtain your credentials to your various accounts.  Once in, they make unauthorized transactions and move your money out of your account.  Because the cybercriminal was able to log in, it appears as though it was you that withdrew all your money and made those charges.
  • Identity Theft - Considering a fraudster can mimic your transactions and takeover your accounts, why not just give them access to your entire identity?  If a fraudster has obtained enough of your information, they can open new accounts in your name.  Some open credit cards and buy merchandise, others prefer to open bank accounts in the names of others to launder money and deposit fraudulent funds (resulting in cash).  
The examples above are just three of the most prevalent types of internet scams2.  I included them because these three crimes in particular have been able to evolve because of web analytics.  Without proper data collection and analysis, fraudsters would have never been able to determine what to change in their techniques to remain undetected.  It is a constant game of cat and mouse for those committing fraud and those detecting it.

What? - What You Can do to Protect Yourself from Fraud

So now that you know who wants to steal your money, the various ways they collect your information, and what they do with your information you probably want to know what you can do to protect yourself.  Here are some things you can do to reduce your risk of being scammed:

  • Educate yourself!  There are various websites that provide information on internet crime and fraud schemes.  Check out the website LooksTooGoodToBeTrue and visit the "Take Our Test" portion of their website.  Their assessments can help you determine if you have become or are about to become a victim of fraud.  You can also learn about all of the various types of internet scams3.  You will be amazed at what is happening out there on the internet.
  • Check your bank account and credit card statements regularly for unauthorized transactions.  If you see anything that you didn't do, report it to your bank or card issuer immediately!
  • Change your passwords regularly and make sure they are complex.  Many people don't realize that a weak password can be hacked in a matter of minutes by an experienced fraudster with the right tools. If you have a strong password it could take their software days, or maybe even prevent them from cracking it all together.  Get password tips and check the strength of your password here.
  • Protect your computer.  This is probably the most important thing you can do.  Make sure you have reputable and robust anti-virus software installed on your computer.  And most importantly, don't forget to use it!
Fraud happens to good people every day.  Cybercriminals are using advanced methods to develop their attacks and will continually find new and innovative ways to get your money.  Whenever you are on the internet, know that they are out there waiting for you to make a mistake.  Be aware!  I hope my posts have been informative and demonstrated that even the bad guys are benefiting from the wonderful world of Web Analytics!

References and Resources


1 comment:

  1. Great info & important to share. I had no idea that criminals now were learning to circumvent IP addresses as you mentioned if they can make the computer location appear the same. Seems like the technology just keeps getting more and more advanced. From my 7 years experience in financial services I have seen a lot of fraud happen.