Cyber Fraud Online: The Fraud Examiner

CYBER FRAUD: THE WORSENING THREAT
Looking back at the recent history of technological innovations, the mid-1990s is generally
considered the period of time during which the Internet revolutionized the way we do
business. The ability to sell goods and services across vast distances and international
borders with just the tap of the keyboard or a click of a mouse created almost endless
opportunities for businesses large and small.
With this new frontier also came new opportunities for fraud – no surprise, perhaps, in a
world where fraudsters follow the money and look for the latest scheme to help them
increase their haul. What some might find surprising, though, is the level to which cyber
fraud/cyber crime continues to flourish today, roughly 20 years after the beginning of the
Internet revolution. In fact, if many experts are correct, it is actually increasing
considerably.
In February, online protection firm iovation identified the top continents for online fraud
during 2012. Those statistics are based on billions of transactions that were analyzed for
geographic trends, and they reveal that credit card fraud, identity theft, and account
takeover or hijacking attempts were the leading cyber crime schemes in 2012. Fraud
examiners working with corporations who do business across international borders should
take heed of this current landscape to better understand the threats most likely to surface:
Africa — Seven percent of all transactions were fraudulent, with the highest percentages
from Nigeria and Ghana. The majority of fraudulent transactions originating from Africa

targeted online dating and retail websites. The continent’s top offenses included credit card
fraud, identity theft, profile misrepresentation, and online scams and solicitations.
Asia — Five percent of all transactions were fraudulent, with higher than normal
percentages from Bangladesh, Vietnam and India. Nearly half of all fraudulent transactions
targeted retail websites, with online dating and massively multiplayer online gaming fraud
making up a solid third. Major offenses in retail included credit card fraud, identity theft
and shipping fraud, while gaming offenses included gold farming, chargebacks, chat spam
and theft of virtual goods through account hijackings.
South America — Four percent of all transactions were fraudulent, with Chile and Brazil
recording the highest percentages for the region. Seventy percent of fraudulent
transactions targeted retail websites, with credit card fraud and identity theft once again
topping the list. The majority of fraudulent transactions targeted gaming and online dating,
followed by financial services.
Europe — Two percent of all transactions were fraudulent, with the highest percentages
from Poland, Romania and Portugal. Transactions originating from Europe that were
deemed fraudulent were more evenly spread across various industries including retail,
dating, gaming, gambling, financial services, travel and telecommunications.
North America — One percent of all transactions were fraudulent, with Mexico leading the
list. Like Europe, fraudulent transactions from North America were spread across a diverse
group of industries including retail, gaming, financial services, travel and logistics. Credit
card fraud, identity theft, spam and solicitations, and account takeover attempts were most
prominent.
Small Businesses in the Crosshairs
In his remarks to more than 2,500 anti-fraud professionals at the 24th Annual ACFE Global
Fraud Conference in June, ACFE founder and Chairman Dr. Joseph T. Wells, CFE, CPA,
discussed the increasing cyber crime threat.
“We all know, or should know, that there is really no such thing as a secure computer —
one that can’t be eventually hacked,” Wells said. “We’ve all read of data thefts of millions
upon millions of individual records. Most of these are committed by international gangs,
which makes them exceedingly difficult to stop and even more difficult to prosecute.
“But what is not as well known is that small business has been increasingly made a target,”
Wells added. “As large organizations develop stronger controls over their networks and
digital data, attacks on small enterprises have mushroomed. What this means is that
antifraud experts serving small businesses must educate them of the threat and encourage
them to invest in the proper resources to reduce their vulnerabilities.”
Public Enemies: “Cyber’s Most Wanted”
The FBI hosts a resource page on FBI.gov focused on cyber crime. The site includes a link to
report an incident, and also includes the “Cyber’s Most Wanted” list. Reading about the top

characters on this list, and the scope of their crimes, gives one an idea of how serious the
cyber threat issue has become. To note just a few:
Alexsey Belan — Between January 2012 and April 2013, Belan allegedly intruded the
computer networks of three major U.S.-based e-commerce companies in Nevada and
California. He is alleged to have stolen their user databases which he then exported and
made readily accessible on his server. Belan allegedly stole the user data and the encrypted
passwords of millions of accounts and then negotiated the sales of the databases.
Peteris Sahurovs — Wanted for his alleged involvement in an international cyber crime
scheme that took place from February 2010 to September 2010. The scheme used a
computer virus that involved the online sale of fraudulent computer security programs that
defrauded Internet users of more than $2 million.
Artem Semenov — Wanted for his alleged participation in an Eastern European cyber
crime ring, operating out of New York, which is known for recruiting money mules to open
bank accounts, cashing out money received through unauthorized money transfers, and
then transferring the money overseas. An arrest warrant was issued for Semenov in the
Southern District of New York on Sept. 29, 2010, after he was charged with conspiracy to
commit bank fraud; conspiracy to possess false identification documents; and false use of
passport.
Shaileshkumar P. Jain — Along with his co-conspirator, Bjorn Daniel Sundin, is wanted
for his alleged involvement in an international cyber crime scheme that caused internet
users in more than 60 countries to purchase more than one million bogus software
products, resulting in consumer loss of more than $100 million. It is alleged that from
December 2006 to October 2008, through fake advertisements placed on legitimate
companies’ websites, Jain and his accomplices deceived Internet users into believing that
their computers were infected with “malware” or had other critical errors in order to
encourage them to purchase “scareware” software products that had limited or no ability
to remedy the purported defects.
Carlos Enrique Perez-Melara — Perez-Melara is wanted for his alleged involvement in
manufacturing spyware which was used to intercept the private communications of
hundreds, if not thousands, of victims. As part of the scheme, Perez-Melara ran a website
offering customers a way to “catch a cheating lover” by sending spyware masqueraded as
an electronic greeting card. Victims who opened the greeting card would unwittingly install
a program onto their computers. The program collected keystrokes and other incoming
and outgoing electronic communications on the victims’ computers. The program would
periodically send email messages back to the purchasers of the service containing the
acquired communications, including the victims’ passwords, lists of visited websites,
intercepted email messages and keystroke logs.
Global Losses
It would be hard to guess at a number to represent cyber crime and computer fraud losses
on a global scale. Eugene Kaspersky, the Russian co-founder of anti-virus software maker

Kaspersky Labs, told an audience at a Dublin technology conference last month that he
believes such a number ranges in the hundreds of billions of dollars. As reported by The
Guardian, Kaspersky believes that a previous, widely cited estimate of $100 billion is far
too low, and the truth is likely “many times more” than that amount. Kaspersky's projection
is probably more accurate and may even be conservative, considering that the latest ACFE
Report to the Nations estimate of fraud (all fraud, not just online) points to more than a
trillion dollars in global loss.
Even more serious to consider is the fact that Kaspersky believes the security lapses
affecting organizations, and the sophisticated methods of exploiting them, create an
environment where fraud might be the lesser of two major concerns. It is actually the
threat of a cyber terrorist attack – one affecting infrastructure, financial centers or military
targets, that Kaspersky says is most troubling of all.
New Methods to Fight Cyber Crime
For fraud examiners, the fight against online fraud might feel like an uphill battle. With
every new and changing facet of technology, those who commit fraud through the Internet
tend to innovate and remain ahead of investigators trying to catch them. On the road ahead,
increased training and knowledge for anti-fraud professionals will be critical — mixed with
a healthy dose of innovation of their own. Dr. Wells noted that one technical innovation,
biometric technology (which includes concepts such as face and voice recognition) could be
a key to stemming the tide of online fraud.
“This science (of biometrics) is already quite well developed but currently under-utilized,”
Wells said. “I can envision a day in the not-too-distant future where, in order to claim
money or other resources, you’ll have to prove scientifically that you are who you say you
are.
“That system, had it been employed, would have prevented billions of dollars in recent tax
refund scams,” Wells added. “And that’s just one example. Credit card and benefit frauds
could be greatly reduced, too. As a matter of fact, nearly any fraud employing identity theft
could all but be wiped out through the proper application of biometric resources. But using
this technology must be balanced to protect the privacy of citizens.”
No method of prevention is foolproof — and fraudsters will be no doubt look for methods
to overcome biometrics or other key controls that can hinder their efforts. But in the race
to curb cyber crime, any efforts that can slow the criminals down is a valuable — and
necessary — endeavor.