The past year was a good year for bad guys on the Web. Fraud complaints surged 60 percent to 120,000 from 75,000 a year ago, according to the Internet Crime Complaint Center in Fairmont, West Virginia.
The Center, which changed its name last week from the Internet Fraud Complaint Center, maintains a database on Internet crime and acts as a clearinghouse for forwarding cases to various law enforcement jurisdictions.
Founded in May 2000, the agency is a partnership between the FBI and the National White Collar Crime Center, a federally funded, nonprofit organization.
Illegal activity on the Internet appears to have reached a crescendo at the end of the year, according to the Anti-Phishing Working Group. In a statement released last week, the group reported that more than 60 million e-mail fraud attacks were launched to exploit the holiday season.
Two weeks prior to Christmas, the group said, 60 unique e-mail fraud attacks using a technique known as “phishing” were instigated against consumers.
Phishing attacks involve the mass distribution of spoofed e-mail messages with return addresses, links and branding that all appear to come from banks, insurance agencies, retailers or credit card companies.
These fraudulent messages are designed to fool the recipients into divulging personal data, such as credit card numbers, bank account numbers, passwords and social security numbers.
Because these e-mails look “official,” an average of 5 percent of recipients respond to them, resulting in financial losses, identity theft and other fraudulent activity.
“Consumer phishing attacks are dangerous and are quickly increasing both in number and in sophistication,” Dave Jevans, chairman of the Anti-Phishing Working Group and a senior vice president at Tumbleweed Communications in Redwood City, California, said in a statement.
“To most Internet users, the e-mails and Web sites are indistinguishable from legitimate business communications,” said Jevans. “The spam epidemic has rapidly evolved from a nuisance to a real security threat with the shift from dubious advertising to financial crime and identity theft.”
Although fraud complaints are rising, more fraud is being stymied than ever before, according to Susan Henson, a spokesperson for the New York-based Merchant Risk Council, whose members include Best Buy, Barnes & Noble and American Express. “Our merchants are employing more and more sophisticated fraud-detection methods that are catching more of the fraud before losses actually occur,” she told TechNewsWorld.
“Smaller companies have seen an increase in fraud,” she continued, “but larger companies who have put much more emphasis on fraud prevention technology have seen their fraud go down.”
There was a marked change last year in the attitude of Internet miscreants, according to Tony Magallanez, a systems engineer in the San Jose, California, office of F-Secure, a data security firm headquartered in Helsinki, Finland.
In the past, the typical motive for a writer of malware was popularity and bragging rights, he told TechNewsWorld. “This year, the clear motive is profit,” he said. “People are stealing credit card information, or they’re turning machines into spam mail forwarders and then selling the location of those machines to third parties.”
He cited the SoBig worm as an example of the new malware writer ethic. The worm contained an expiration date, a strategy that was unheard of in the virus-writing community since part of the “kick” of creating a worm was to see how far and how long it would spread.
But the longer a virus lives and the further it travels, the more likely it is that it will be discovered and destroyed — and the writers of the SoBig worm wanted it to remain undiscovered by the operators of the machines it infected.
“One of the things that a lot of people didn’t know about the SoBig worm is that every single version put on each machine it infected had an e-mail spamming tool,” Magallanez said. “It allowed spammers to send their e-mail through the infected machines.”
2004 Growth Market
“Throughout the year, we found people who bought lists off the black market of computers infected with SoBig,” he added. “The only way to get that information is through the writers themselves.”
In the coming year, credit card fraud will continue to be a growth market for Web grifters, Magallanez said.
In the past, he explained, fraudsters could generate their own credit card numbers that would pass muster through the merchant-verification system. But merchants got wise to that practice and have thwarted it — which has boosted the market for stolen credit card numbers.
“That’s one of the things that we saw this year,” Magallanez said. “There was a very large increase in the theft of credit numbers.”