Cyber-crooks are making a killing. In the first half of 2006, PandaLabs registered a 50% increase in identity theft and online fraud-related activity. Also, in the second quarter of the year alone, it detected a 30% increase in malicious code designed to hold personal information for ransom.
An example emerged in June with the use of MySpace, the wide social networking Web site. In this case, the attack came in the form of a link included in a message received via instant messaging. This link accessed a Web site that spoofed MySpace and requested the username and password. As the Web site was a phoney, these details were stored, and the authors of the scam gained access to the user`s personal profile. Once they had discovered the user`s personal details, they used them to steal the user`s identity and commit fraud, as if they were another person.
A phishing scam that announced the National Bank of Australia had gone bankrupt was also detected recently. It was sent via e-mail and contained a link that accessed an official-looking page, which explained that the bank had gone bankrupt and that people were starting to panic, and advised clients to access their account to check that it was still active and in credit.
This link accessed a Web site that spoofed the identity of the bank and contained an exploit that ran the Haxdoor Trojan. This Trojan captured the user details for accessing the account, and from then on, the author was free to carry out transactions and similar operations.
Laundering the evidence
After stealing users` money, the phishers looked for victims to launder the money. They did this using false employment offers that promised significant income in a very short time. In most cases, these employment offers involved large amount of money being paid into victims` bank accounts, which they then had to transfer to accounts in other countries.
The search for potential money launderers using spam and Web sites has greatly intensified in recent months.
Jeremy Matthews, founder, Dax Data
By doing this, without realising, the victim contributed to closing the cycle that the phisher had started when the first e-mail was sent to obtain users` personal details or banking details.
Success has a price. Cyber-crooks who manage to steal funds from computer users around the world are faced with the difficult task of laundering the profits generated from their criminal activities. Illicit electronic transactions are, after all, relatively easy to trace and doing so would often implicitly incriminate the hacker himself.
Cyber-crooks are picking up tips from their non-cyber counterparts and making it more and more difficult for law enforcers to find where the funds disappear to. One way in which criminals launder money is by using `mules`. In slang, this term refers to individuals who, for a commission, deposit stolen money in their bank accounts and then transfer it to other accounts in a variety of ways.
To mule or not to mule?
The increase in cyber-crime profits has led criminals into an aggressive recruitment drive for mules on the Internet. Their preference is for normal users who are not related to any type of organised crime. This is because, in the event of an investigation, one of the prime targets for the authorities is the person laundering the money, and therefore the more distant the link between the mule and criminals, the more difficult it will be able to trace the latter.
The search for potential money launderers using spam and Web sites has greatly intensified in recent months. As a rule, potential mules are offered unfeasibly well-paid work related to the Internet, with no experience or qualifications required. All that is asked are a few personal details and the number of a bank account in which transfers can be received. However, the act of laundering money for cyber-crooks can have very serious consequences for users. Bear in mind that the mule is, to all intents and purposes, a scapegoat for criminals but is considered to be an accomplice by the authorities. Don`t be tempted by large sums of money from strangers. Laundering money, whether acquired through a bank robbery, drug sale or Internet crime is a jailable offence.
It is likely that most people have already received one or more e-mails similar to the ones described above. As tempting as they may sound, users should ignore messages or Web sites offering unbelievably easy and well-paid work. If in doubt, before making contact it is advisable to get reliable information about the company supposedly offering the work. Needless to say, one should never supply any personal details, such as passport, identity numbers or bank details. Even if the user does get wise to the scam, the data could still be used for other criminal purposes, including the opening of illicit bank accounts in the user`s name.
Share