Patience is the virtue that pays when it comes to online fraud
I can imagine the thrill an online fraudster must get when he breaks into a bank—quietly clicking away at his browser in the comfort of his home checking the victim’s account balances to see if the balance is high enough to justify the added risk of proceeding to drain the account. With so many more potential targets to find and monitor, why not wait to strike when the moment is right and the payoff is huge? That’s exactly what the sophisticated fraudsters do: they wait because they know time is on their side.
The New York Times reports that Unspam Technologies filed a lawsuit against “gangs based in Eastern Europe that electronically break into business computers, steal banking password and transfer themselves money.” Unspam wants to get the names of the hackers by way of the banks and their customers who have been compromised. Unspam’s lawsuit invokes the federal Can-Spam Act, aiming at the email messages that are often the means by which consumer’s computers are compromised.
The critical enabler to these crimes is consumer computers infected with malicious software by cyber criminals who then monitor their activity in order to learn passwords and then use them to impersonate the consumer. The sheer numbers of infected computers is staggering; estimates put the number in the tens of millions worldwide. Fraudsters have the luxury of time on their side and the advantage of powerful technology that enables them to maximize the return on their efforts. The technology is sophisticated enough to alert the hackers “once their computers find they have gained access to the computer of someone who controls a lot of money.” They watch for consumer behaviors—like wiring money to other banks—that offer the biggest payoffs.
McAfee and Symantec among others offer consumers tools to help prevent and clean up the viruses that give control and power to the fraudsters-but they are not foolproof nor does everyone use them. Banks and companies doing business on the wordwide web invest in technologies to identify and prevent criminals from infiltrating their business—it’s in their best interest to protect themselves and their customers. The lawyer for Unspam, Jon L. Praed, told the NYT “he hoped his John Doe lawsuit would encourage banks to improve their electronic defenses.” I’m not sure banks need more motivation to defend against crime, but they do need to continue to invest in more anti-fraud tools and people to stay ahead of the cyber criminals. Device identification is the new new thing to help banks and their customers keep the bad guys out.
- Tom
