Defending The Kingdom

Straight from the “how cool is that?” department:

You are the victim of identity theft and the fraudster calls your bank to transfer money into their own account. But instead of asking them for your personal details, the bank assistant simply presses a button that causes the phone to produce a brief series of clicks in the fraudster’s ear. A message immediately alerts the bank that the person is not who they are claiming to be, and the call is ended.

But there are still a few hurdles before the technique can be used, including this one:

“It has to be able to reliably recognise people over long time periods,” he says. “For example, a fingerprint taken from a 20-year-old is still valid when they are 60.”

The Nigerian scam (also called “419″ or “advance fee fraud”) is, I was surprised to discover via Snopes, a very old one:

The Nigerian Scam has been emptying the pockets of victims for decades, first through letters, then with faxes, and now via e-mail. In its earliest incarnation, which dates to the 1920s, it was known as ‘The Spanish Prisoner’ con. In that long-ago version, businessmen were contacted by someone trying to smuggle the scion of a wealthy family out of a prison in Spain. But of course the wealthy family would shower with riches those who helped secure the release of the boy. Those who were suckered into this paid for one failed rescue attempt after another, with the fictitious prisoner continuing to languish in his non-existent dungeon, always just one more bribe, one more scheme, one more try, away from being released.

The typso are intentional

Who is falling for these scams? The website for London’s Metropolitan Police says it’s not who you might expect:

The letters are often littered with spelling mistakes and bad grammar. This is a deliberate ploy by the fraudsters to induce the potential victim to believe that he is dealing with uneducated people who would not have the ability to defraud him/her. Nothing could be further from the truth! The majority of victims prove to be professional business people, doctors and lawyers.

Low success, high yield

The 2006 Internet Crime Report, prepared by the National White Collar Crime Center and the FBI, shows that the Nigerian scam accounts for a small percentage – just 1.7% – of reported total dollar losses due to cybercrime, but that seems to be a function of a few people losing a lot of money. The median loss for someone tricked by a Nigerian scam is $5,100, seven times greater than the median dollar loss for other referred cases of fraud, including auction fraud, failure to deliver merchandise or payment, and check fraud.

Spin-offs

The Nigerian scam is so popular it has engendered a new cyber-sport called scambaiting. The goal is to “enter into a dialogue with scammers, simply to waste their time and resources”, as well as to entertain fellow scambaiters with the resulting correspondence, photos, and recorded phone conversations.

A Recent Parody

I AM MINISTRY OF THE TREASURY OF THE REPUBLIC OF AMERICA. MY COUNTRY HAS HAD CRISIS THAT HAS CAUSED THE NEED FOR LARGE TRANSFER OF FUNDS OF 800 BILLION DOLLARS US. IF YOU WOULD ASSIST ME IN THIS TRANSFER, IT WOULD BE MOST PROFITABLE TO YOU.

Read the rest of the spoof here.

The Economist, reporting research by Symantec, has an interesting chart of the most common goods and services offered by cybercriminals.

You can use the prices on the right of the chart as a sort of risk indicator: if a criminal steals your bank account details, you can expect to lose the amount another criminal is willing to pay (plus the value of the second criminal’s time) to get those details. Keep in mind that these values represent the average (mean) amounts victims will lose and criminals will gain – in reality, some victims will lose a lot more and some a lot less.

Most interesting feature of the chart: email passwords sell for more than full identities. If you think your email password isn’t very valuable, you should know that cybercriminals think otherwise!

From Wired:

A Chinese-language version of Skype scans users’ chat messages for keywords such as “democracy,” and sends a copy of the offending message to the company’s servers, according to a report released Thursday by a Canadian online human rights group.

That’s despite adamant claims by the Ebay-owned company that its software offers encrypted, safe communication.

Emails, too, often prove less than private. The hacking of Governor Sarah Palin’s Yahoo account is only the most recent example.

Bottom line

if you would be unable to bear the consequences of your communication getting intercepted, you probably shouldn’t send it by Skype, email, or any other electronic medium. Of course, even snail mail can be intercepted, face-to-face conversations recorded. No communication method is perfectly secure, and, as always, you must make make tradeoffs between security and convenience. Few of us would be satisfied to go the tin foil hat route.

Bulletproof fashion in Mexico:

There are bulletproof leather jackets and bulletproof polo shirts. Armored guayabera shirts hang next to protective windbreakers, parkas and even white ruffled tuxedo shirts. Every member of the sales staff has had to take a turn being shot while wearing one of the products, which range from a few hundred dollars to as much as $7,000, so they can attest to the efficacy of the secret fabric.

This is a nice touch: if you get shot and live while wearing one of the garments, you can join the company’s Survivor’s Club.

Part of the protective value of bulletproof clothing is its scarcity, which is why the company screens customers to keep criminals from buying. A world where innocents wear protective gear and bad guys don’t is the safest of all for the innocents, since criminals can stick to low-powered weaponry.

If, on the other hand, criminals start using the bullet-proof clothing, their foes will probably upgrade their shooters. That’s already happening to some extent. “In some parts of Mexico,” the New York Times points out, “drug assassins have used rocket launchers and grenades to wipe out rivals.” That could become more common if criminals stop dying from pistol shots.