Read NBlog, the NoticeBored blog
Click the banner for the site map of NoticeBored.com, the information security awareness service
IT fraud resources

   

Quote by Jeff Matthews

General IT fraud resources

It's hot! Recommended resource. The Fraud Advisory Panel was set up in 1998 by the Institute of Chartered Accountants in England and Wales to lobby government and advise businesses on fraud.  They publish an excellent set of free advisories on topics such as identifying the signs of fraud and fighting fraud in SMEs, credit card fraud etc.

It's hot! Recommended resource. The UK DTI-sponsored Consumer Direct website offers advice on all sorts of current frauds/scams, as does the US National Consumer League’s Internet Fraud Watch.

The UK’s Fraud Act 2006 created a general offence of fraud with three ways of committing it - fraud by false representation, by failing to disclose information or by abuse of position.

KPMG’s report into 300 frauds provides data generally supporting common knowledge about fraud risks and controls.  Profiling indicates that fraudsters are commonly men who have been at the company for more than a year or two, work in Finance or as the CEO, and have both greed and the opportunity to commit fraud.  The most effective fraud controls are management reviews and whistleblowers’ hotlines.  From the IT Compliance Institute come 10 tips for fighting fraud including setting up a whistleblowers’ hotline, educating managers and 8 more.  The FBI’s whistleblowers’ hotline encourages confidential reporting of corporate fraud.  [Do you have a corporate whistleblowers’ hotline for your own employees, business partners and customers to alert management?]

A fraud involving the theft of customer details by call-center operators in an Indian company discredited the whole Indian off-shore/outsourcing market, according to rediff.com.  The truth is that IT fraud is a risk in ALL countries. India is not inherently more risky than anywhere else.

Internet auction fraud

In 25 Ways to Avoid Auction Fraud, blogger Ted Richardson highlights a suite of ‘things to be wary of’ if using PayPal and similar auction sites.  Despite the claim that the original blogged article was written by a fraudulent vendor and so might be suspect, the advice looks sound to me and well worth a read if you don’t fancy the idea of you, your relatives and friends being scammed.  Do you know how to spot shill bidding, for example?  Do you even know what it is?

Eight eBay sellers were ordered to pay $90,000 in fines and restitution after admitting to auction rigging.  Over a five year period, the gang bid on each others auctions (a practice known as “shill bidding”) using a number of eBay IDs to bump up the prices artificially.

Some eBay customers are taking matters into their own hands as a response to the level of fraud and, they claim, the lack of adequate support from eBay.  eBay’s security center offers advice to buyers and sellers on its Internet auctions.

Fans of British sitcom Only Fools and Horses should be aware that Delboy has spawned a raft of imitators on Amazon.co.uk’s “marketplace”.  Amazon seems quite happy to promote new and used marketplace goods alongside Amazon’s own goods but they are merely acting as go-betweens for lovely jubbly third party transactions.  If your deal turns out not to be cushty and the third party gives you the ’ump, the triffic Amazon money-back guarantee (with caveats) comes into play 30 days afterwards: meanwhile, you are left without the goods and the money, feeling like a right plonker, Rodney.

Escrow is one way to reduce the risks of on-line auctions, but as this story shows, it is vital that the escrow agent is trustworthy.  A savvy Internet user trying to purchase a flash car from abroad through an on-line auction lost $55k through a fraud involving a fake escrow agent.  He was certainly not the only one.

Financial & other forms of fraud

It's hot! Recommended resource. The ‘Lectric Law Library has a detailed and useful definition of fraud.

It's hot! Recommended resource. A helpful British website with consumer advice on phishing and other financial frauds included information on money mules - no, it’s nothing to do with Trojan horses.  Money mules are accomplices who help criminals launder the proceeds of crime by transferring dirty money in return for commission (oh and perhaps a criminal record).  The site invites people to submit phisher and similar emails.

The 2006 Corruption Perceptions Index makes fascinating reading if you are a world traveler or a global business.  Bribery, corruption and fraud are endemic in many  countries.

After Hurricane Katrina, the American Red Cross spotted at least one fraudulent email and website soliciting donations for victims of hurricane Katrina even as the flood waters were still rising in New Orleans at the end of August 2005.  Dozens of domain names containing Katrina were registered around the same time.  Phishers and fraudsters evidently have no qualms about preying on the kind-hearted to siphon off funds intended for the needy.

Tennessee authorities arrested two couples for replacing legitimate bar codes on goods in retail shops with bogus codes scanned and copied from low-price items.  One of the accused, according to the police complaint, would remove the bogus tag and return the item to the store for a full refund, hoping to obtain cash or gift tokens.  The team is alleged to have stolen a staggering $1.5 million from hundreds of stores through this simple ruse.

CSO magazine carried a cautionary tale about a straightforward financial fraud by a bookkeeper.  The story ended with not just the fraudster in court.

Cardwatch is a UK site with information about the state of credit card fraud in the UK.

Miscellaneous fraud resources

The Association of Fraud Examiners is a professional body representing ~40,000 fraud and forensics experts worldwide, including Certified Fraud Examiners.  They publish a number of fraud-related articles.

Color laser printers and copiers from many companies quietly print tiny identifying marks on their output with information such as the printer serial number.  The marks are yellow ink, making them virtually invisible to the naked eye on white paper.  Law enforcement officials can evidently use the marks to trace counterfeit materials to the specific machines that printed them.

Identity theft, one form of fraud, is made much easier if one can obtain false identity documents to add credibility.  A study by the US General Accounting Office reportedly achieved a 100% success rate in obtaining false IDs using undercover investigators.

An amazing set of counterfeit Nigerian papers allegedly produced by a Russian fraudster are shown here.

Phone fraudsters have been known to send SMS messages announcing lottery wins, or using other tricks to get victims to call a premium rate ’response number’, sometimes with an auto-answer message that sounds like the ring tone so callers pay for the privilege of waiting.

Related NoticeBored links collections

Trust, integrity, information security management and accountability.

NB: we do not necessarily endorse or agree with the third party websites accessible through the links. Use at your own risk.  Please let us know about new or broken links.

HomeLinks collection > IT Fraud >

Copyright © 2010  IsecT Ltd.