Security Experts:

Get Rich Quick On The Internet: Learn Online Fraud

Get Rich on the Internet - Learn Online Fraud

Abbie Hoffman, social and political activist of the 1960s and 70s once said “a modern revolutionary group heads for the television station.” If Hoffman were alive he would surely advise today’s modern revolutionaries to get online. Before Youtube, Twitter and WordPress if you wanted to start a revolution your options for telling the world what you had in mind were fairly limited to the physical realm like break down the doors of the TV station or taking a hostage to draw attention to your cause. Hoffman’s 1970’s classic Steal This Book—a manual for then-wanna-be revolutionaries, offered detailed instructions on how to scam your way to freeloading, including how to steal (plastic) credit cards. Hoffman would be pleased that stolen credit cards are available in bulk today as cheap commodities starting at $1.50 each according to the latest Online Fraud Report from RSA.

Cybercrime Stats

The new report describes a thriving “cybercriminal underground” where accomplished or wanna-be-fraudsters can buy anything from a Zeus Trojan Kit ($3K - $4K) to Online Banking Logins ($50 - $1,000 per account) to build a fraud business. The report even uses standard business terms like “fraud business plan” and “fraud supply chain” to drive the point home that a fraud business is a real business—that also happens to be a criminal enterprise.

The RSA report makes painfully clear that there is a dynamic global fraud ecosystem that anyone can plug into. Maybe you start small, and then expand your criminal enterprise with the proceeds from your cybercrimes. Who knows, if you play your cards right you might hit break-even in a few months and achieve an operational scale that’s the envy of the cybercriminal underworld.

Abbie Hoffman’s Steal This Book sold 200,000 copies, making it a bit of a hit for its time—not bad for a book aimed at a narrow audience in a pre-Amazon.com book selling era. The cybercriminal underground has much better means to more efficiently share and distribute information that leaves book publishing in the dust. Fraud tools, techniques and stolen valuable personal data flow in underground online forums where cybercriminals buy, sell and trade their wares twenty four hours a day, seven days a week.

When you consider how quickly a cybercriminal new to the fraud ecosystem can grow his business, the numbers we see from various fraud reports probably under report the true extent of online fraud losses by a sizeable margin. Consider these fraud statistics:

• Internet Crime Complaint Center (IC3): $559 million

• CyberSource 11th Annual Fraud Report: $3.3 billion (352 US and Canadian Merchants)

• Javelin Strategy & Research 2009 Identity Fraud Survey Report: $48 billion

• Deloitte Airline Fraud Report 2010: $2.4 million (Average fraud loss per airline)

Those are certainly some big numbers, but not as big when you consider the global flow of money for all kinds of transactions. In order to know the true fraud loss number, all victims (individuals and companies) would have to accurately and honestly report all instances of fraud. Let’s just say there’s not a lot of motivation to make that data available. Even if we had all the truth data, it would only account for failed attempts at fraud—what about all of the successful attempts that go undetected? Given what we know about the nature of the fraud business, it wouldn’t surprise me if far more dollars are lost to fraud than we will never know about or hear about.

Who loses more sleep at night worrying about online fraud: consumers or businesses? Consumers worry a lot more than they used to a few years ago, but for the most part they’re shielded from taking the hit for financial losses from fraud. Businesses, on the other hand have plenty to worry about in terms of hard dollar losses and damage to their reputation. They wrestle with the tradeoff between the costs to manage the risk of online fraud with the benefit.

How can businesses defend against such a well organized and connected underworld? In a word: intelligence. The more you know about the origin of the transactions attempted on your website—logins, purchases, new accounts before they occur—the better equipped you are to discern and control fraud risk. When you’re up against globally connected cybercriminals who collaborate to thwart your anti-fraud systems, it pays to have some intelligence of your own. Fraudsters aren’t typically out to change the world, but any connected fraudster would agree with Abbie Hoffman: “the first duty of a revolutionary is to get away with it.”

view counter
Tom Grubb has over 20 years of experience in the technology industry. He is currently Vice President of Marketing at Nimsoft, a provider of Unified Monitoring solutions for virtualized data centers, hosted and managed services, cloud platforms, and SaaS resources. Most recently Tom was VP of Marketing at ThreatMetrix, a provider of online fraud prevention software. Tom has held marketing and product leadership positions at Sybase, Intuit, Vormetric and Embarcadero Technologies. Mr. Grubb co-founded Bluecurve, a systems monitoring and performance management software company that was acquired by Red Hat in 2000. He began his technology industry career as an analyst and product reviewer for Ziff-Davis and IDG’s PC World Magazine