Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Get Rich Quick On The Internet: Learn Online Fraud

Get Rich on the Internet – Learn Online Fraud

Get Rich on the Internet – Learn Online Fraud

Abbie Hoffman, social and political activist of the 1960s and 70s once said “a modern revolutionary group heads for the television station.” If Hoffman were alive he would surely advise today’s modern revolutionaries to get online. Before Youtube, Twitter and WordPress if you wanted to start a revolution your options for telling the world what you had in mind were fairly limited to the physical realm like break down the doors of the TV station or taking a hostage to draw attention to your cause. Hoffman’s 1970’s classic Steal This Book—a manual for then-wanna-be revolutionaries, offered detailed instructions on how to scam your way to freeloading, including how to steal (plastic) credit cards. Hoffman would be pleased that stolen credit cards are available in bulk today as cheap commodities starting at $1.50 each according to the latest Online Fraud Report from RSA.

Cybercrime Stats

The new report describes a thriving “cybercriminal underground” where accomplished or wanna-be-fraudsters can buy anything from a Zeus Trojan Kit ($3K – $4K) to Online Banking Logins ($50 – $1,000 per account) to build a fraud business. The report even uses standard business terms like “fraud business plan” and “fraud supply chain” to drive the point home that a fraud business is a real business—that also happens to be a criminal enterprise.

The RSA report makes painfully clear that there is a dynamic global fraud ecosystem that anyone can plug into. Maybe you start small, and then expand your criminal enterprise with the proceeds from your cybercrimes. Who knows, if you play your cards right you might hit break-even in a few months and achieve an operational scale that’s the envy of the cybercriminal underworld.

Abbie Hoffman’s Steal This Book sold 200,000 copies, making it a bit of a hit for its time—not bad for a book aimed at a narrow audience in a pre-Amazon.com book selling era. The cybercriminal underground has much better means to more efficiently share and distribute information that leaves book publishing in the dust. Fraud tools, techniques and stolen valuable personal data flow in underground online forums where cybercriminals buy, sell and trade their wares twenty four hours a day, seven days a week.

When you consider how quickly a cybercriminal new to the fraud ecosystem can grow his business, the numbers we see from various fraud reports probably under report the true extent of online fraud losses by a sizeable margin. Consider these fraud statistics:

• Internet Crime Complaint Center (IC3): $559 million

• CyberSource 11th Annual Fraud Report: $3.3 billion (352 US and Canadian Merchants)

Advertisement. Scroll to continue reading.

• Javelin Strategy & Research 2009 Identity Fraud Survey Report: $48 billion

• Deloitte Airline Fraud Report 2010: $2.4 million (Average fraud loss per airline)

Those are certainly some big numbers, but not as big when you consider the global flow of money for all kinds of transactions. In order to know the true fraud loss number, all victims (individuals and companies) would have to accurately and honestly report all instances of fraud. Let’s just say there’s not a lot of motivation to make that data available. Even if we had all the truth data, it would only account for failed attempts at fraud—what about all of the successful attempts that go undetected? Given what we know about the nature of the fraud business, it wouldn’t surprise me if far more dollars are lost to fraud than we will never know about or hear about.

Who loses more sleep at night worrying about online fraud: consumers or businesses? Consumers worry a lot more than they used to a few years ago, but for the most part they’re shielded from taking the hit for financial losses from fraud. Businesses, on the other hand have plenty to worry about in terms of hard dollar losses and damage to their reputation. They wrestle with the tradeoff between the costs to manage the risk of online fraud with the benefit.

How can businesses defend against such a well organized and connected underworld? In a word: intelligence. The more you know about the origin of the transactions attempted on your website—logins, purchases, new accounts before they occur—the better equipped you are to discern and control fraud risk. When you’re up against globally connected cybercriminals who collaborate to thwart your anti-fraud systems, it pays to have some intelligence of your own. Fraudsters aren’t typically out to change the world, but any connected fraudster would agree with Abbie Hoffman: “the first duty of a revolutionary is to get away with it.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.