IT related fraud resources

Further resources supporting the latest NoticeBored Classic module on trust, integrity & fraud

This page last updated on Tuesday, April 29, 2008

The following websites and other Web resources proved useful in our research for this month’s NoticeBored Classic awareness module on trust, integrity and fraud. Hover over the blobs below to see when new links were added, and be sure to visit the pick of the bunch, the sites. Do let us know if your favorite resources are not yet listed here. Hit <F5> to refresh the page for recent updates and keep up with relevant entries on the NoticeBored Blog.

General IT fraud resources

The Fraud Advisory Panel was set up in 1998 by the Institute of Chartered Accountants in England and Wales to lobby government and advise businesses on fraud. They publish an excellent set of free advisories on topics such as identifying the signs of fraud and fighting fraud in SMEs, credit card fraud etc.

The UK DTI-sponsored Consumer Direct website offers advice on all sorts of current frauds/scams, as does the US National Consumer League’s Internet Fraud Watch.

The UK’s Fraud Act 2006 created a general offence of fraud with three ways of committing it - fraud by false representation, by failing to disclose information or by abuse of position.

KPMG’s report into 300 frauds provides data generally supporting common knowledge about fraud risks and controls. Profiling indicates that fraudsters are commonly men who have been at the company for more than a year or two, work in Finance or as the CEO, and have both greed and the opportunity to commit fraud. The most effective fraud controls are management reviews and whistleblowers’ hotlines. From the IT Compliance Institute come 10 tips for fighting fraud including setting up a whistleblowers’ hotline, educating managers and 8 more. The FBI’s whistleblowers’ hotline encourages confidential reporting of corporate fraud. [Do you have a corporate whistleblowers’ hotline for your own employees, business partners and customers to alert management?]

A fraud involving the theft of customer details by call-center operators in an Indian company discredited the whole Indian off-shore/outsourcing market, according to rediff.com. The truth is that IT fraud is a risk in ALL countries. India is not inherently more risky than anywhere else.

419s (advance fee frauds) and similar scams

A global self-help initiative to counteract the 419 scammers is run by the South African police. It’s a name-and-shame deal, with police and community backing lending some weight to their efforts to get scammer sites and services closed down. Awareness/education is a primary and very worthy aim.

A BBC World broadcast gives an account of the 419 and “black money” scams committed by Nigerian (and other) fraudsters, and the UK police investigating corruption and money laundering.

A list of around 130 websites fighting 419 scams is maintained by the 419 Coalition

A gallery contains around 500 examples of 419 emails. If you are fed up dealing with wave after wave of 419 scammers, EbolaMonkeyMan may be just the antidote you need [site contains adult material and juvenile humor]. And there’s more: sweet chilli sauce includes a succinct scam test.

Yale University’s page on 419 scams is a good example of the proactive use of information security awareness to help reduce risks.

Internet auction fraud

In 25 Ways to Avoid Auction Fraud, blogger Ted Richardson highlights a suite of ‘things to be wary of’ if using PayPal and similar auction sites. Despite the claim that the original blogged article was written by a fraudulent vendor and so might be suspect, the advice looks sound to me and well worth a read if you don’t fancy the idea of you, your relatives and friends being scammed. Do you know how to spot shill bidding, for example? Do you even know what it is?

Eight eBay sellers were ordered to pay $90,000 in fines and restitution after admitting to auction rigging. Over a five year period, the gang bid on each others auctions (a practice known as “shill bidding”) using a number of eBay IDs to bump up the prices artificially.

Some eBay customers are taking matters into their own hands as a response to the level of fraud and, they claim, the lack of adequate support from eBay. eBay’s security center offers advice to buyers and sellers on its Internet auctions.

Fans of British sitcom Only Fools and Horses should be aware that Delboy has spawned a raft of imitators on Amazon.co.uk’s “marketplace”. Amazon seems quite happy to promote new and used marketplace goods alongside Amazon’s own goods but they are merely acting as go-betweens for lovely jubbly third party transactions. If your deal turns out not to be cushty and the third party gives you the ’ump, the triffic Amazon money-back guarantee (with caveats) comes into play 30 days afterwards: meanwhile, you are left without the goods and the money, feeling like a right plonker, Rodney.

Escrow is one way to reduce the risks of on-line auctions, but as this story shows, it is vital that the escrow agent is trustworthy. A savvy Internet user trying to purchase a flash car from abroad through an on-line auction lost $55k through a fraud involving a fake escrow agent. He was certainly not the only one.

Financial & other forms of fraud

The ‘Lectric Law Library has a detailed and useful definition of fraud.

A helpful British website with consumer advice on phishing and other financial frauds included information on money mules - no, it’s nothing to do with Trojan horses. Money mules are accomplices who help criminals launder the proceeds of crime by transferring dirty money in return for commission (oh and perhaps a criminal record). The site invites people to submit phisher and similar emails.

Coupons are negotiable instruments exchangeable for something of value from the organization that issued them. Unlike money, however, coupons seldom have anything remotely approaching adequate protection against counterfeiting and fraud.

The 2006 Corruption Perceptions Index makes fascinating reading if you are a world traveler or a global business. Bribery, corruption and fraud are endemic in many countries.

Hot on the tail of the shocking massacre at VA Tech came news of spammers and probably other scamsters using the incident as a lure for their evil deeds. According to SANS Internet Storm Center, spammers sent emails inviting recipients to follow a link for video of the shooting ... Much the same trick was used after Hurricane Katrina: even as the flood waters were still rising in New Orleans at the end of August 2005, the American Red Cross had already spotted at least one fraudulent email and website soliciting donations for victims of hurricane Katrina. Dozens of domain names containing Katrina were registered around the same time. Phishers and fraudsters evidently have no qualms about preying on the kind-hearted to siphon off funds intended for the needy.

Tennessee authorities arrested two couples for replacing legitimate bar codes on goods in retail shops with bogus codes scanned and copied from low-price items. One of the accused, according to the police complaint, would remove the bogus tag and return the item to the store for a full refund, hoping to obtain cash or gift tokens. The team is alleged to have stolen a staggering $1.5 million from hundreds of stores through this simple ruse.

CSO magazine carried a cautionary tale about a straightforward financial fraud by a bookkeeper. The story ended with not just the fraudster in court.

Cardwatch is a UK site with information about the state of credit card fraud in the UK.

Miscellaneous IT frauds

Color laser printers and copiers from many companies quietly print tiny identifying marks on their output with information such as the printer serial number. The marks are yellow ink, making them virtually invisible to the naked eye on white paper. Law enforcement officials can evidently use the marks to trace counterfeit materials to the specific machines that printed them.

Identity theft, one form of fraud, is made much easier if one can obtain false identity documents to add credibility. A study by the US General Accounting Office reportedly achieved a 100% success rate in obtaining false IDs using undercover investigators.

An amazing set of counterfeit Nigerian papers allegedly produced by a Russian fraudster are shown here.

Phone fraudsters have been known to send SMS messages announcing lottery wins, or using other tricks to get victims to call a premium rate ’response number’, sometimes with an auto-answer message that sounds like the ring tone so callers pay for the privilege of waiting.