Subscribe with Bloglines The Privacy Lawyer: Cybercrimes, identity theft and phishing...Oh! My!!

Saturday, September 25, 2004

Cybercrimes, identity theft and phishing...Oh! My!!

I was recently asked to speak at a quarterly meeting of the San Francisco electronic crimes task force. They presented a pre-release briefing of their upcoming report on phishing and financial crimes online. While I was well acquainted with standard phishing schemes (where you are asked to log into your account to check it for security breaches, and the site is spoofed and designed just to steal your logins information and money), as well as the Nigerian schemes (my husband, father, brother, etc. Had billions and I just need you, the only trustworthy person in the world to help me get out the billions, just send me $5000), but a few new ones surprised me.

I found it was even more surprising to find out that I had been a victim of one of these.

The scheme goes this way:
You are searching for popular and expensive software (Microsoft's Office Pro, or Macromedia Studio, or Adobe illustrator) and find a site that promises you full legal copies for a mere fraction of their normal price. You give them your credit card information, and the product never arrives. Your account is never charged either, so you don't panic.

Then your account information is sold by the criminals to others who do charge your account or otherwise steal your identity.

In the work I do on preventing cybercrimes and helping people stay safe and use the Internet responsibly, I investigate sites all the time. The former head of our security team gave me a URL to a website that promised full length pre-release or recent release motion pictures. The website claimed you could download them from the subscriber section. I joined to investigate their service for our program to prevent motion picture piracy. No videos were there, or none could be downloaded. I couldn't even report it, since they weren't facilitating piracy. I shrugged it off and contacted my credit card company to stop the charge. They did. But I didn't know to tell them to stop the hundreds of other charges that were placed on my account when the account information was sold by the criminals from the site.

It took months to get it all to stop. And while Citibank (my creditcard company) was incredible in this, it was a serious problem and major inconvenience changing all accounts and watching for more fraud. Luckily, I have a policy of only using one of my cards for all e-transactions to make it easier to watch for fraud, so only one account was stolen.

At the meeting I learned that piracy is very often used as an inducement to financial fraud. These fake sites induce you to buy motion pictures, videos, music, software and other trademarked goods (such as designer luxury watches, electronics and pocketbooks, etc.) by giving you a price you can't refuse. Then they sell your information to others.

Some offer you credit cards or mortgages online, and when you complete the application they get everything they need to steal your entire financial identity.

Fortunately, while stopping the phishing itself isn't very easy (different technologies require a myriad of solutions), avoiding becoming a victim of cybercrime is much easier than you think.

It's all a matter of knowing whom to trust and making sure that you are really at the site you wanted to visit. It may take an extra click or two to get ther or confirm things are okay, but in the scheme of things, it's well worth the finger motion. :-)