How Cyber Criminals Cover Their Tracks
Online crime is a major concern for society. Conventional crimes entail a great deal of risk on the part of the offender and entail low rewards; stealing cash is difficult and stealing property is traceable. In contrast, online crimes involve higher rewards and reduced risks. The Federal Bureau of Investigation investigates internet fraud but reacting to criminal activity will not stop it. Preventing online fraud requires customers and businesses to understand how criminals operate.
Common Types of Internet Fraud
- Credit Card Fraud: This is one of the biggest concerns for online retailers today. Criminal defense attorneys, Price Benowitz law, often deal with cases of credit card fraud, where a criminal receives the card details of a victim and then poses as that victim at an online store. The criminal can accrue charges on the victim’s credit card, leaving the victim cardholder to deal with the credit card company and the victim retailer to eat the loss.
- Phising: Another type of scam occurs where a scammer poses as a credible authority and solicits certain sensitive information. By surreptitiously posing as a bank, law enforcement agent, or other financial service provider, scammers hope that victims will input information into false web pages, thereby permitting the scammers to record the information. Phishing attempts are well known, and most financial institutions will instruct their customers never to provide information to any party soliciting it.
How Cyber Criminals Disguise their Location
Internet users are assigned a unique identifier, known as an I.P. address, by their internet service provider. Normally, this I.P. address can be used to trace a specific user to a specific location. When conducting a fraud or compromising a server, most cyber criminals will not expose their true location to the victim.
Concealing one’s I.P. address is a simple affair. The nature of the internet and the emergence of wireless networking means that even if the victim can trace the offending conduct back to a specific I.P. address, the legitimate holder of the I.P. address may be unaware of the conduct. With a directional antenna or vehicle parked on the street coupled with simple software to crack the wireless password, an offender can grant himself or herself access to an untraceable network. Police officers often have little power or interest in investigating internet crimes.
Offenders can also utilize proxy servers to commit fraud. Proxy servers can be public or privately purchased. Routing a connection through proxy servers can help conceal the offender’s source I.P. address. It is possible to trace the route in some cases, but not in others. Common software like TOR can encrypt the connections between specific nodes and route connections around on a massive network, making identification very challenging.
Some types of internet fraud require a more reliable connection and greater bandwidth than that offered by a normal proxy server. Phishing and spam messages are sent from virtual private servers purchased under a false name or with the assistance of computers compromised by malware. A network of compromised computers is called a botnet. Some criminals will also keep an open connection with a stable wireless network such as by leaving a computer in an inconspicuous location or vehicle. They will then connect to the network through that computer from another location.
Countering Internet Fraud
Combating internet fraud is challenging. Clearance rates for credit card fraud and other internet crimes are far lower than conventional crimes. With drop addresses, false identifications, prepaid phones, and proxy connections, identifying an online crook can be virtually impossible. As such, most conventional methods of countering internet crimes are aimed at preventing the offense in the first place.
Countering phishing attempts simply requires the victims to exercise common sense. Most financial service providers will never ask customers for sensitive information. Any time someone claims to be from a business and requests sensitive information, the customer should refuse to provide that information and contact the business through its standard communication methods. Refusing to provide details over the phone or online can help prevent sensitive information from leaking into the black market.
Avoiding credit card fraud is as simple as using authentication procedures. Credit card payment gateways already verify billing addresses, names, and security codes. These features are easy to circumvent. Businesses can do more to avoid losses. If the billing and shipping address do not match, require verification with the cardholder before shipping any amount over a specific sum. Verifying that I.P. addresses actually fall within the cardholder’s region should also be a part of any business’ plan. Requiring a signature can reduce the incidence of fraud, but not eliminate it.
Online crime is a massive business, and this article has only scratched the surface of it. Tracking these criminals is difficult, and recovering money and goods is nearly impossible. Businesses should target their efforts at securing their servers and verifying customers before sending valuable products. Customers should avoid handing out sensitive information to anyone who wants it. With a bit of common sense and a mindset favorable to security, businesses and customers can help secure their data.