Course blog for Digital Analytics course at the University of Utah
Saturday, January 26, 2013
Fraud: Part 1 - Who commits fraud and how do they do it?
Fraud: Part 1 - Who and how?
This post will delve into the world of fraud and internet
crime. I could probably type a hundred
pages on the subject; however I realize that’s not the best way to get
readers. I hope to provide you with
enough information to spark your interest and the resources to find out more
should you feel inclined. This particular
post will discuss internet crime trends and types of attacks. My next post will discuss the various types
of fraud and what you can do to protect yourself from the “bad guys”.
Who? - Cybercriminals
Unless you've been living under a rock, then you have
probably heard the terms cybercrime and cybercriminal. But how much do you really know about the
business of fraud? Crime, particularly
cybercrime, is a BIG business. It is
estimated that the cost of cybercrime in 2012 was $110 billion worldwide and
$21 billion in the United States1.
In fact, cybercrime is the new organized
crime that involves a complex business model and many intelligent players. In Russia, magazine publications on how to commit
fraud are sold in gas stations! And they,
the Russians, even hold seminars and classes on how to commit bank and card
fraud. The fraudster, or cybercriminal, will
steal the identity and/or financial information of an innocent person and then
use that identity and/or financial information to illegally obtain funds. Cybercriminals steal information from large
institutions by hacking into their networks or they steal information directly
from the victim’s computer. Stealing
directly from the victim is usually the preferred way because it is often
easier and less protected.
A recent investigation by RSA, discovered that
cybercriminals are using advanced web analytics tools and marketing techniques
to refine their attacks. By obtaining
statistics on their attacks, they are able to identify the most effective
attacks and the best time to conduct attacks.
For example, using web analytics and A/B testing, a cybercriminal can
determine which phishing email got the highest open rates and most
Often, what is most surprising to people, is how difficult
these criminals are to prosecute. Many
of the crimes are committed on computers in other countries, making prosecution
next to impossible (and that’s if you ever find the bad guy). To help law enforcement and regulatory
agencies organize their investigations, the Internet Crime Complaint Center, or
IC3, was established as a partnership between
the Federal Bureau of Investigation and the National White Collar Crime
Center. I won’t go into detail about
what they do, but in a nutshell, they enable consumers and businesses to report
cybercrime to a centralized place. Below
is a chart that shows the number of complaints the IC3 has received by year3:
to view the 2012 Norton Cybercrime Report for more facts about cybercrime.
How? - Types of Attacks
As I mentioned above, the first step in committing cybercrime
is to steal personal information. There is
an extensive black market that exists where cybercriminals buy and sell stolen personal
information over the internet. These online
Fraud Forums are used to exchange goods and services and are a way for
fraudsters to collaborate and offer up their skills and expertise4. If you've never googled “credit card dump”,
give it a try! There is a high-demand
for stolen information and the market is lucrative and pays well to those that
can obtain it. Cybercriminals use
extensive resources to obtain everything from card numbers, email addresses,
bank login information, to whole identities.
Once they have it, they sell the information to other cybercriminals who
then use it to steal money! It’s all
very exciting really.
Below I have described the most common attack techniques5
– Software that collects personal information from a computer undetected. Spyware, botnet, viruses, worms, keyloggers, Trojan
horses, adware, and more are all types of malware.
– An email, instant message, or other communication that appears to be from a
trustworthy source. The purpose of these
fraudulent communications is to obtain usernames, passwords, and card numbers.
·SQL Injections – A
technique often used to attack data driven applications. This is done by
including portions of SQL statements in an entry field in an attempt to get the
website to pass a newly formed SQL command to the database (e.g., dump the
database contents to the attacker).
– Flooding a network or server with traffic in order to make it unavailable to
its users. This enables the fraudsters
to redirect victims to a spoofed website in order to intercept their personal
– Devices that steal credit card information when the card is swiped through
them. The stolen credit card information is then sold online through an online
action to carders
who use the numbers to make counterfeit cards.
For more information on the types of attacks cybercriminals
use, click here.
I have included some resources below if you are interested
in reading more about cybercrime. My
next post, “Fraud: Part 2 – Why and what?” will discuss the other half of the
fraud business model. What do fraudsters
do with your personal information and what can you do to protect yourself from