OSF - 2.20 - scams - organized
Now, at this point, I want to fulfill my promise to talk about how criminal enterprises, in terms of online scams and frauds operate.
First of all, all the stuff all the movies and TV shows that you have seen about rum runners during the Twenties and the Great Depression, and all the movies that you have seen about drug traffickers in the more modern age, will not be particularly helpful. This is not about Vinny and his gang walking into a shop, and saying to the owner, "Nice bridal salon you got 'ere gov'n'r. Be a pi'y if somebody stampeded an herd of cattle through it."
Criminal gangs of all sorts tend to have contacts with each other. And, of course, some of them will specialize in certain areas, and can sell this expertise to other criminal gangs, who may need that particular service, while operating in a related sort of business. So, it is entirely possible, and even probable, that gangs who are in the business of drug trafficking, human trafficking, and other elicit activities of that type maybe using the services of specialists in online crime. For one thing, human traffickers will probably turn to scammers and spammers in order to identify targets that they will want to kidnap, or to advertise false recruiting services.
However, in terms of protecting yourself, it is probably more useful to know that the tasks involved in committing a fraud, and then stealing from someone, laundering the proceeds, or extracting a value from a credit card or a gift card involve a number of different specialties, with different specialized specialists performing different functions in the overall theft.
In the case of the theft of credit card information, your credit card is probably not simply going to be duplicated. Once you realize that false charges are being made on your credit card, you will probably simply call the bank and cancel that credit card, and be reissued a new one. Therefore, the credit card will only have value for a short time. Instead, the organization, which may not be completely under one body, but may be an amalgamation of a number of different groups, each specializing in a different task, may have some people who specialize in social engineering, and therefore handle the fraudulent calls made to you, the people who take the credit card information, and, fairly quickly, make purchases of resaleable items, and have them shipped to people to hold for resale. The people holding the goods, the people to whom the goods are shipped, and therefore the people who are identifiable in the fraudulent transactions, are, in all likelihood, not criminals at all. They are, themselves, victims of fraud, recruited by yet other specialists, who have convinced them that they are a part of a legitimate home based business, receiving merchandise, which has been purchased off the Internet, and then reselling and reshipping the merchandise to people who want to buy it. The management of these holding and reshipping parties, is yet another criminal specialty.
Similar things may happen with regard to gift cards. If the gift cards are from shops, once again, holding parties, and reshippers, may be dispatched, with the gift card numbers, to purchase resellable items from those shops. Other types of gift cards will have different means of extracting the value from the card, and laundering the financial benefits.
(These are not the only processes, functions, or specialties that are used in the commission of online frauds. But these things happen behind the scenes, and knowing about them doesn't help you very much in taking precautions or protecting you against fraud. The most important point to take away from this is that you are not only up against the person on the phone with you, but a number of others, whom they may not even know.)
As I said, the old movies about rum runners, and the newer movies about drug smugglers, are not very helpful in this in regard to understanding these systems. However, there is one movie that I can recommend: "The Beekeeper." Yes, for most of the run of the movie, it's your standard shoot-'em-up. But, right at the beginning of the movie, there is a five minute segment that really does explain how some of these online fraud organizations work. The scene has the leader of one such group training conducting a training session for the actual call takers, and goes, step by step, through one particular way of getting someone to install malware onto their computer, and allowing the organization to get access to bank accounts. (Here ae two versions of video clips from that scene in the movie.)
There are a couple of points that I need to make, but need to be very careful about making. The first is in regard to theft from bank accounts, and banks. I am quite sure that just about everybody who works in any banking and financial institution that you will ever encounter are nice people. However, The Bank, as an entity, is not run by those people. The Bank, as an entity, is run by the owners of the bank, and by policies and procedures. The people that you will meet, at the front lines, are subject to those policies and procedures. And The Bank, as an entity, and the people who own The Bank, hire lawyers, and pay other lawyers on retainer, to stay up nights, writing those policies in order to ensure that, if it is a matter of The Bank losing money, or you losing money, The Bank is not going to be the one who loses money. While the people that you deal with on a daily basis at the bank may very well be very nice people, when it comes to you losing money The Bank, as an entity, very profoundly, does not care. When The Bank talks about security, it is *their* security that they are talking about. Yes, I know, The Bank, even as an entity, will make all kinds of statements about keeping your money safe. And, The Bank, even as an entity, is trying to do that. But, as I say, if it is a matter of you losing money, or The Bank losing money, The Bank is not going to lose money.
This comes into play in some very interesting ways. I frequently tell people, in my seminars on online fraud, to prefer using credit cards, to debit cards. Many people don't even know what the difference is between a credit card and a debit card. And, the differences in charges to the merchants, have ensured that merchants are making every effort that they can to encourage people to use debit cards, rather than credit cards. I am on the boards of enough charitable organizations to know that the differences in fees charged, when somebody pays their annual dues with a credit card, versus when they pay their annual fees with a debit card, to understand why merchants do this. The thing is that credit cards, in Canada at least, provide you with an extra layer of protection. If somebody makes a fraudulent charge on your credit card, the law in Canada ensures that your liability for that fraudulent loss is limited. If somebody makes a fraudulent withdrawal using your debit card, that money is gone. You will not get it back.
The other point that I have to make with regard to the organization of online fraud, is with regard to nation state actors. Yes, we have had the idea that hackers, and we tend to believe that the online fraud is committed by hackers, are loners, living in a basement somewhere. With the organization of online frauds and scams, that tends to not be the case any longer. These are businesses, even if illegal and illegitimate, and tend not to be conducted by loners, but by groups. Some of the groups may be quite small. But some of the groups may be quite large. And, in some cases, there are various nations which have come to terms with this, and even employ these groups that are involved in frauds and scams.
And this is where I have to be careful, because every time I talk about this, somebody thinks that I am making political statements, and blaming certain countries. I am not trying to be political about this. Yes, I do identify certain countries, because that is where the facts point.
The facts are that, because of the organized nature of online frauds, and the variety of specialties that are in use, and the extra layers of protection that communicating across jurisdictional boundaries provides to the groups who are operating in this criminal area, groups of criminals involved in the various specialties of online fraud exist around the world, and pretty much every country. But there are certain countries where the governmental authorities have seen benefits in making connections with these groups.
How do I know this? Well, I work in information security. A lot of the technologies that we use are either used by, or of great interest to, people who are working in the intelligence communities. No, nobody has ever been foolish enough to give me any kind of security clearance. After all, I'm a teacher. It would probably be a bad idea to give me actual classified information. But, I have an awful lot of colleagues, who are working in the intelligence communities, and I've even taught some of them. Let's face it, a lot of my friends are spies. No, they are not going to give me classified information. However, we do discuss related issues, and, while they are not going to give away any secrets to me, you can pick up an awful lot by listening, and, when you make observations about these kinds of things, in that kind of world, sometimes your friends are good enough to let you know when you are right (or, when you are wrong).
Like I said, this is organized. But the functions may be organized in a variety of ways. We know that there are camps in places like Bangladesh, Cambodia, and Myanmar, where people who have been recruited and trafficked, are, basically, kidnapped, and held in boiler room type situations, where they are given scripts, and forced to make fraudulent calls. This is one type of group that can exist in a variety of places. But sometimes the government takes a more direct hand.
Of these two buildings, one is in Moscow, and one is in St. Petersburg. Both of them are office buildings and home to a variety of companies. Both of them are home to a variety of specialized types of businesses. Businesses involving hacking and online fraud. The Russian government is happy to contract services from these organizations, and the businesses registered in these buildings. The Russians may use the hacking services to attempt to gain access to secured information systems for espionage purposes, or they may be probing using hacking services to probe into infrastructure control systems, in order to see if such services can be disrupted. And, of course, some of the businesses in these buildings are also specialists in certain functions with regard to online fraud.
This picture is of a type of concentration camp in China, in the Uyghur area. This particular camp is believed to be a center for forcing the conscripted workers to perform hacking and online fraud functions.
China has an interesting, and somewhat schizophrenic, relationship with hackers. More than two decades ago, we started to realize that China saw hackers in two different ways. There were the black guests, as the Chinese called them, who were the standard types of hackers that we always considered to be the case in the West: loners, not connected with anyone in particular, and not particularly important. But there were also the red guests, as they were referred to, who had connections in Chinese business, academia, and even the government and military. These people would be used by the Chinese government in various espionage operations, and the connections, and uses of these specialists, have only increased over the years. Therefore, the people who say that dealing with Chinese technology companies is fraught with peril do have significant evidence for their position.
I should say that acting as a hacker, or a fraud operator, in connection with the Chinese government does have its own difficulties. Recently, a series of operations, that were conducted primarily in Myanmar, had had connections to official Chinese government operations over the years. However, even more recently, these operations had been conducting attacks against Chinese citizens, and the Chinese authorities finally got fed up with it. A number of the leaders of this organization were arrested, and the Chinese conducted a number of show trials in bringing these people to justice.
North Korea has been involved in online scams of various types, but has specialized in the theft of cryptocurrency. At this point, a significant proportion of the countries gross domestic product results from that activity.
Introduction and ToC: https://fibrecookery.blogspot.com/2026/02/online-scams-frauds-and-other-attacks.html
No comments:
Post a Comment