Understanding Cybercrime

Cybercrime

Who are Cyber Criminals and what do they do?

Cyber Criminal is a term used for a person who commits crime over Internet.

Cyber Criminals are basically fraudsters who use social engineering tricks on the Internet and some harmful software to pry on your important personal and financial information. They steal important information like bank logins, credit cards or your identity and then use it like their own.

Cyber Criminal Psychology

An insight into the fraudsters mind will reveal that not all of the criminals do it for money. There are some who do it because they think it is fun. Some others do it because they get a kick out of it. Find below the common characteristic traits of these fraudsters.

• They mostly fall under the age group of 15 to 30.
• They are easily susceptible to online crime because of easy access to internet and also because of the negative environment they grow up in.
• They do not fear being caught or their identity being revealed because it is on the internet and there is no physical appearance at any point of time.
• Most of them wish to make big money in short time.
• They think it is fun. Some start with having fun then get into serious crime.
• Mostly the fraudsters are from poor nations or developing countries.
• They hardly bother about victims’ emotions and feelings.
• For most of them, it’s their job to make a living.
• They have unlimited access to technology and have extremely good technical expertise.
• They are smart and often think of innovative ways to cheat people.

Target

The most favourite target for the fraudsters is innocent people who are not aware of the various kinds of technology frauds that are prevalent. Also among the target are people who are not so savvy with the computer and who are usually lured with the prospect of making easy money or dating.

When it comes to targeting large organizations, these fraudsters usually target the financial organizations because these organizations do a lot of financial transactions everyday and all of their work and information is dependent on technology.

Communication

Even in the world of cyber crime there are specialists who are experts in a particular area of crime. Some are experts in hacking, some in setting up fake websites, some in stealing credit card information etc. Though these guys are located at different parts of the world they usually meet at a common place to communicate with each other and sell each other’s expertise.

There are various means by which these guys communicate. The most common are vouched member only underground forums which are not accessible to common public. They also meet in private IRC chat rooms, instant messenger chat sessions or email conversations to share their services for a price and few of them go to an extent of hosting websites to sell stolen cards.

Who’s who?

Bot Herders

Bot Herders are those tech savvy individuals who hack into novice user computers using stealthy malware and exploit kits. They can use the victim’s personal and financial information for their own purpose like

Identity Theft
Steal Bank Accounts
Steal Credit and Debit cards
Steal Social Network Logins
Steal E-commerce logins
Steal email logins
Social Security benefits
Medical benefits
Steal Corporate logins

They might use the victims computers as bots (a chain of computers which can be controlled simultaneously) to commit numerous crimes like

Send millions of spam emails
DDOS websites
SEO Fraud
Pay per Click (PPC) aka Click Fraud
Fast Flux hosting
Use them as Proxies
Install Scare ware aka rogue security software
Pay per Install (PPI) – Sell these zombies to other fraudsters who will install new malware

Dump Vendors

A dump (criminal slang) is the information of your cards magnetic strip which includes track1 and track2. These guys sell magnetic strip data of credit cards which is either stolen at ATMs using ATM skimmers, POS scams, hacked from merchant Websites and phishing scams. They usually sell each card ranging from 10 USD to 150 USD depending on the cards credit limit.

Credit Card Vendors

These fraudsters hack in to online shops or using Phishing scams steal credit card information including cvv code and billing details. Using search-able public records, they also gather SSN, DOB and DL information. They sell these credit cards to other fraudsters via online shops or through Instant Messenger chat sessions.

Pin Cashiers

The PIN cashiers are a group of fraudsters who specialize in making a replica of the ATM cards and then cash them at ATMs using the theft data got by ATM skimming , Point of sale skimming or phishing.

Bank Drops

The role of these guys is to provide bank accounts by making common people victims of dating scams or money transferring agents so that other fraudsters can make bank transfers or bill pays using the stolen data.

Drops

These guys provide legitimate address to ship goods which are bought using the theft credit cards or collect money made from auctions fraud or other frauds.

Impersonators

These guys take all the stolen data of a cardholder and contact the banks posing as the cardholder. With that information they might change the billing address to receive goods, order for a credit card, obtain a bank loan, or use the card holder’s identity to commit crime.

Cashing your information

Have you ever wondered how others would use your personal and financial information after they have stolen it from you? Below are some of the common ways how they are used:

Identity Theft- Your identity can be used to impersonate you and commit hideous crimes.
Credit Cards – can be used to shop online or create a counterfeit card to shop in stores.
Bank Login Credentials- can be used to transfer funds, pay bills or obtain loans and cards.
Debit Cards – to create duplicate debit cards and withdraw amounts at ATM and Point of Sale transactions
ebay Logins – to bid auctions
PayPal Logins- transfer your money to other PayPal accounts
Trading Accounts – to trade stocks
SSN, DOB, MMN and DL – get social benefits in your name or commit other crimes.

What’s worse is that you could lose all this without you even knowing that you lost it and by the time you realize, it is too late to make amends and you are probably bankrupt. This is exactly what happens when you disclose your personal details at unknown sources on the Internet.

Money Transactions

These guys are located around the globe and they usually use e-currencies to transact.

Covering the tracks

One of the reasons why cyber crimes are difficult to fight is because of the anonymity and fraudsters location around the globe. Since everything happens on cyber space there is no physical existence or evidence of the fraud. This makes them difficult to track. Thanks to technology, fraudsters find ways to cover the IP address from which they are operating. They use proxy servers, socks chains, Virtual Private Networks and dedicated servers to cover their IP addresses.

In fact things are so worse that the fraudster does not have to be tech savvy to do all this. There are many websites that provide this kind of service. For those fraudsters who want to play it really safe they turn to underground sources where other fraudsters provide this service.

Identity Theft

What is Identity theft?

Imagine you waking up one day and realizing that all your important personal and financial information has been compromised and it is in the hands of unscrupulous elements. All the information that signifies your very existence is being misused.

What we are talking about here is your IDENTITY.

If you loose your identity, you stand a chance of loosing everything that you have built so far in your life like:

• Your name
• Your bank accounts
• Your credit cards
• Your Social Security Number
• Your personal information (like your email ID’s)

Whats worse is that you could lose all this without you even knowing that you lost it and by the time you realize, it is too late to make amends and you are probably bankrupt. This is exactly what happens when you disclose your personal details at unknown sources on the Internet. You are opening a Pandora Box and there is no looking back.

What can someone do by using your Identity?

To answer that put your self in the criminals shoes for a minute. What would you do if you had all the personal and financial information of somebody? You could wreck havoc and there is no John McClane coming to the rescue as in Die Hard Movie. So what exactly can someone do with your Identity? Well for starters they can make you go bankrupt. Here are some of the other things that can happen. They can

• Impersonate you
• Obtain loans, funds, credit cards using your personal details
• Acquire Social Security Number or Driver License
• Perform other crimes for which you would be held responsible
• Acquire fake passports (which if in the hands of terrorist can be a national threat)

What information do fraudsters need to perform Identity theft?

Unfortunately most of the information that they need for ID theft is documents that we usually are not very protective about like: Your name and address combined with

1. Utility bills and credit card statements
2. Bank account documents
2.1. Bank statements
2.2. ATM transaction slips
3. Your birth certificates
4. Drivers License Number
5. Acquire fake passports

There are two types of identity frauds that can be done to cards:

Application fraud – A criminal uses your personal details to apply for and obtain a card or any kind of a bank product (for example, a loan).

Account take-over – A criminal uses key personal information to totally takeover and start operating your account.

How can you protect your Identity?

The best approach to prevent yourself from being a victim of ID theft is to be cautious when it comes to letting out your personal and financial information. All have your antennas switched on. Following are some of the tips to help keep your identity safe:

• Never disclose personal information to anyone you do not trust.
• Do not provide your information until and unless you are sure about the caller. Fraudsters setup fake call centers using VOIP; this is known as Vishing. If in case of doubt you call the bank directly using the bank phone number listed on the bank website.
• Remember that banks always ask for specific characters like last 4 digits of your card or SSN not your entire card number or SSN for verification.
• Ensure that your personal documents are always secure. Your personal documents include your birth certificate, bank account details, passport, credit cards, driving license, SSN, card receipts, financial statements and even utility bills.
• Periodically peruse your bank statements to check for any transactions that have occurred without your knowledge.
• Dispose of financial statements, card receipts and other personal documents with utmost care. Tear or cut into pieces any such documents before trashing them.
• Keep the authorities informed if you have lost any personal item. For example, report a stolen credit card.
• Raise an alarm if you receive a telephone call or letter saying you have been approved or denied credit for accounts you know nothing about, or you receive a credit card statement for an account that you never opened.
• While paying by credit card, never let it out of your sight. Raise an alarm if the card is being swiped more than required, or if it is being scanned.
• In case of a change in address, ensure to notify the correct address to all recipients who send you statements to your address.
• Check that the Internet connection you are using is secure. Look for the lock at the bottom or HTTPS in the address field of your browser. These indicate that the connection is a secure one
• Make sure that you have automatic updates / firewall turned on and regularly download the security patches if you are a windows user.

All said and done, even after taking all the precautions in case there was a slight slip from your end and you have mistakenly disclosed your personal details then, to re-trace your steps you can approach the following methods:

1. If you have given out bank related information, inform bank authorities to watch out for transactions and change all the related passwords to gain control over your bank account.

2. If your driving license or any cards are stolen, then, contact the agencies that issued the documents and follow their procedures to cancel a document and get a replacement. Ask the agency to flag your file to keep anyone else from getting a license or another identification document in your name.

3. Keep an eye on your regular statements or bills that you receive. A missing bill or statement could mean that the fraudster is making use of your personal information.

Malware

What is Malware?

Imagine if somebody installs a software on your computer without your knowledge that lets them steal your bank account log-in ID and password. Scared to imagine the results?

Well it is not fiction that we are talking about here but what is happening with people around the world-and malware is to blame.

Malware is a broader term where this stealing of the personal information is done in myriad ways. Key loggers and Trojans are the common software applications that are used to spy computers.

Key logger

Key logger is the name for any software application that spies and logs each of the key that you type on the keyboard. Then the creator of the key logger can easily view all the keys entered, sneaking into your personal details.

Trojan Program

A Trojan is kind of spy software installed in a victim’s computer using spyware or by sending email as an attachment masqueraded with safe software (to avoid doubt) . A Trojan is capable of recording keystrokes, copying recently visited website URL and copy stored passwords of the browser. The Trojan then sends keystroke logs to the hacker at regular intervals. Some advanced Trojans send messages to intimate the hacker when you are online thus providing them complete remote access to your computer.

How does malware work?

As soon as the software is installed into your system, it starts recording all the keystrokes which include your personal information, credit card numbers and Pins, log-in IDs, passwords etc. and send keystroke logs to the criminal from your computer. In order to install these crime loggers, the fraudsters may use spam emails with attachment, browser exploits, drive by downloads, pop-up ads, applications with malicious codes, free game cracks, pirated music, movies and porn sites.

To add to it, the user will never know that something is settling on his system as the malware is generally hidden and proclaims themselves as safe at the Anti-virus software applications and firewalls.

Identifying Malware Invasion

The following are some of the most common sources:

• An e-mail with office documents or PDF as an attachment is sent to you. When you open the attachment, malware can be installed using the unknown vulnerability of the application.
• An e-mail with a web link is sent to grab your attention. This malicious URL leads to a rogue or hacked website where your browser will be exploited for known vulnerabilities thus dropping the malware. This dropper might download some additional malware later.
• You might receive an email or social network message to watch a video. This video site further asks you to download codec’s to watch the video. These codec’s can install malware.
• An e-mail from an unknown or untrustworthy source (spam email) can contain a website link. Clicking this link can exploit your browser and thus install the malware.
• An e-mail with an .exe file as an attachment is sent to you. When you open or download the attachment, the spyware is installed.
• While browsing the internet many pop-up screens appear which prompt you to click them for a free software download. The moment you click it the spyware will be installed.

So how do you identify if your computer is already under the influence of malware? Well here some of the common symptoms of a computer that has a malware installed:

• You realize that suddenly your computer is not as fast as it normally is.
• You experience unexplained erratic behavior from the computer.
• You notice that there are some new unknown icons on your computer screen.
• You notice that your search engine results are wrong.
• You notice weird pop-up windows showing up every time you open a new browser window.

  • You notice that your outgoing traffic is more when compared to incoming.

Prevention from Malware

As most of the advanced malware are not detected by the anti-virus software, due to the varying signatures of the loggers from the regular virus, its best to prevent than to cure as it becomes extremely difficult for the normal user to detect them. Here are some of the things that you can do for protection against malware specifically and computer fraud in general.

• As a common practice do not open suspicious or unsolicited emails (spam emails). Delete them from your inbox.
• Even if you do open a spam email, under any circumstances do not click on any links, or open/download any files attached to them.
• Make sure that you have very good anti-virus software installed on your computer that not only protects your computer from viruses but also from unwanted programs. And make sure you update any latest versions to that software.
• Make sure that you have automatic updates; firewall turned on and regularly download the security patches if you are a windows user.
• Make sure that you have automatic updates for all the applications you regularly use on your computer including browsers, flash, java, music and movie related programs.
• Be very wary when you access websites that provide free downloads (such as music, serial keys, adult content, games, movies etc). They may install harmful programs without your knowledge.
• Do not use software on your computer that auto-completes online forms. This can give internet fraudsters easy access to your personal and credit card details.
• While downloading files from the internet make sure it is from a known or reputed source. If the file is an executable application (for example, if the file name ends with .exe), make sure you know exactly what it will do.

Phishing

Fraudsters on the Internet do not stop at installing key loggers and spy ware on your computer to ruin your day. They go a step further-they pry on your bank accounts, gather account information, and then use it like its their own. And how do they do it?

By Phishing (pronounced as Fishing)

So what is phishing? You always admired how convenient it is for you to access your bank account online and transact. What if someone (else) could transact using that little piece of information in your head-your account password? Worse, what if you were to give it to a fraudster yourself without you knowing it? Before you dismiss that thought, let us tell you that they know of a way to make you do that.

How is it done?

Your bank website is where you will most always use your account details and password without worrying about it much. Thats secure alright, but if you were displayed a Web interface which so closely resembles that of your bank, you are subconsciously programmed to assume it to be your bank and provide your login details, which may include your account number, your credit card number, and a password. This is what the fraudster wants.

The fraudster uses a Web design and a URL which closely resembles that of your bank. The fraudster then sends emails at random, asking you to verify or update your account details along with a link embedded in the email. This is a URL to the fraudulent Web site made to look real with information and other details closely resembling the original. In the world of Internet fraud, this trick of sending emails to gather personal and banking information leading to identity theft is called phishing.

For example, a fraudster designs a website that very closely resembles that of your bank and hosts it at a URL, which is also similar to that of the bank (for example, www.your-ownbank.com instead of the original www.your-bank.com). The fraudster then sends emails (seem to be coming from legitimate sources) at random, asking you to verify or update your account details.

Here is what the fraudster wishes will occur: you believe the urgent need to update your information and as mentioned in the email, you click on the link. The link takes you to the website the fraudster created (www.your-ownbank.com or www.fraudster-website.com/your-bank/login). You then enter your account details and password (sadly, it is for the fraudster and not for your bank.). The fraudster would then see your account details and password in clear characters (encryption is his enemy, remember!). This is when your account becomes susceptible to use by the fraudster in any way as he pleases.

What is the impact?

Phishing has been around for a few years now and growing in strength. Once your account details are gathered, you are at the mercy of the fraudster as to how they would be used-withdrawals, transfers, checks, to name a few common usages.

What can you do to avoid it?

Here are some ways of Identity theft prevention and protection from internet fraud:

1. When you receive emails claiming to be sent by financial institution asking you to enter your account details, DO NOT do so! Your institution already has your details and clearly would not want them again.

2. DO NOT respond to emails that seem like they are sent from your bank. Some of the claims made in these emails may be the following:

2.1. The bank is trying to protect you from a fraud.
2.2. The bank needs some security and maintenance update on your account as asks for your account details.
2.3. You are to receive a refund.
2.4. You are to receive a prize

3. Check the email to see if it is addressed to your name. Fraudsters never personalize emails, they will refer you as Dear Customer or Dear Valued Customer because they send emails randomly to a million email addresses and they even do not know that you have an account with the bank. Your bank or e-commerce company on the other hand will refer you with your name.

4. If you receive such email always check back with your bank directly or speak to the customer service representative of the bank.

5. NEVER enter your credit card details and password in a website which you suspect is not genuine.

6. DO NOT share your account details, password, or credit card details with anyone who you do not know or trust.

7. DO NOT open unsolicited emails.

8. It is a good practice to type in the URL of your bank yourself, or bookmark it if the URL is difficult to remember. DO NOT follow links to a banking website from another website or email.

9. Verify the website URL carefully before you provide your login details on any web page. Fraudsters create fake websites that have URLs closely resembling the original.

10. Log in to your accounts regularly and look for account transactions that you do not recognize.

11. DO NOT send your account details and/or password over an email to anyone.

12. Check that the Internet connection you are using is secure. Look for the lock at the bottom or HTTPS in the address field of your browser. These indicate that the connection is a secure one.

13. Make sure that you have automatic updates / firewall turned on and regularly download the security patches if you are a windows user.

Money Mules

 Easy money coming your way…Time to be cautious!

 

Who are money transferring agents (MTA)?

Money Transferring Agents or Money Mules are those individuals who help international cyber criminals transfer illegal money (made from Identity theft, Phishing scams etc.) from one country to another using their bank account.

Most of the times these individuals are not aware that they are part of an international cyber crime ring because the fraudsters who want money to be transferred usually approach prospective MTA with innocuous motives (like an internet job, winning a lottery, dating, and large sum of money in an overseas bank account or other such things). Though it may sound legal and lucrative, as a MTA you are made a pawn in the international cyber crime scene where the only person against whom the law will have any evidence is YOU.

How? Imagine this –

You are looking for a job and spot an advertisement that looks like your dream job where you can make big money without having to work a lot and they usually ask for the following requirements:

• Internet connection at home
• A bank account
• Ability to spend some (very few) hours everyday on Internet

In addition, the job profile quotes that you will be designated as a Financial Manager or Representative or Advisor and makes a job offering on commission basis or as a monthly salary/income. If you are impressed by such advertisements then, you are being conned by the international cyber criminals. And by partnering with these criminals, you are paving your way into a deep, deep trap, which might have severe repercussions for years together in your life including becoming a victim of imprisonment.

Why do fraudsters need money transferring agents?

International cyber criminals usually stay in overseas countries from where they operate their phishing scams. Therefore, it is essential for them to use your account as a middle-man to transfer stolen money and finally into their hands.

How is fraud money transferred?

Fraudsters transfer stolen money which is obtained by phishing scams or online scams to the victims bank accounts in the following methods:

Online Bank Account Transfer

Online Bank Billpay Feature

Money transferring agents or money mules are asked to transfer or forward money (transferred from stolen accounts) from their accounts to fraudsters minus a commission payment or salary. Fraudsters ask the victims to send money using a wire transfer or using services like Western Union and Money Gram.

In this entire game of money transfer, YOU and your bank account plays the key role of transferring illegal money.

Protection from becoming a Money Transferring Agent (MTA)

You can take the following steps for identity theft protection and also to protect yourself from becoming an MTA are as follows:

• Do not be tempted by job profiles that promise easy money and avoid online identity theft scams. Such job profiles are not trustworthy though they boast illustrious designations and do not demand any specific skill set.
• Pay attention to advertisements that are written using incorrect spellings and grammatical errors–these are definitely avoidable emails and it is not right for you to get way laid by them.
• Be cautious of offers where you are requested to transfer money overseas using western union and money gram services
• Never disclose your bank details to any suspicious emails that you receive in your email account.
• Beware of dating scams, especially if the partner is located overseas. Do not fall for pictures and videos sent by them. Try to verify their credentials by calling them apart from online dating and chatting.
• Beware of unsolicited offers or job opportunities, especially if the company is based overseas. Make an attempt to verify the credentials of overseas companies that make any easy money offers to you
• Contact your bank immediately if you think your bank account is being subjected to huge money transactions that you have not initiated
• Money laundering is a crime in which you should not be involved at all (with or without knowledge). Take steps to protect your bank account thereby protecting your future!

ATM Skimmer and POS

What is ATM Skimming?

Skimming is the process where original data from your cards magnetic strip is electronically copied to create a duplicate card without your knowledge. Most cases of counterfeit fraud involve skimming.

Types of skimming

Here are the two most common ways of how fraudsters can duplicate ATM and credit cards:

Card skimming

A scanning device (skimmer) is used here that copies the information present in the magnetic strip of your ATM card when u insert it in an ATM machine. When you perform your transaction, the skimmer copies all the details of your card on to the device and an overhead tiny camera records your PIN. The fraudsters can access the skimmer and camera using the laptops wireless feature sitting near by ATM machine or pull the skimmer and camera from the ATM and then copy the skimmer data into a computer. Now they make a duplicate magnetic strip using a device called MSR (Magnetic Stripe Recorder) and withdraw large sums of money from your account using the PIN number.

Card trapping

A device attached inside the ATM machine traps your card as soon as you insert it. Well meaning people around you will request you to make a couple of attempts to perform transactions to observe and make a note of your PIN number. And, when you get frustrated, give up, and move out of the ATM center to report the same to the bank, miscreants would remove the trapping device, take your card from it, and as they are already aware of the PIN, they would have performed huge transactions within no time.

Now that you have learnt some information about ATM Skimming, its time you knew about Point of Sale (POS) skimming.

Point of Sale (POS) Skimming

ATM skimming is limited to just ATMs so you know you have to be careful when you are at an ATM, but Point of Sale scams /skimming can happen at the most unassuming and innocuous seeming places like bars, restaurants, supermarkets or gas stations. When you offer your card to make a payment all that the corrupt employee has to do is to skim your card with a small, hand-held electronic device before handing your card back. This device captures all details about your card and the sales person observe and make a mental note of your pin number while you enter it, this is known as shoulder surfing.

Once the corrupt employee has your card details and PIN number, he can create a duplicate card and with draw cash at an ATM or go on a shopping spree.

Safety tips to protect yourself against card skimming frauds

Here are few steps you can take to protect your ATM and credit cards:

• Safeguard your credit cards and ATM cards at all times.
• Never let these cards out of your sight
• You see a shop assistant swipe the card through a different machine to the one you used. You need to question this action.
• If you notice something suspicious about the card slot on an ATM (like an attached device), do not use it and report it to the responsible authorities.
• Never trust your ATM card and credit card PIN numbers to strangers.
• Be aware of your surroundings while withdrawing money at ATM centers. Do not crumple and throw away the transaction slips or credit card memos: read them, make a mental note of the details and then, either tear them or shred them to trash them.
• Periodically check your account balances on Internet or by requesting your bank or credit agency to send you statements to ensure that no transactions are happening behind your back.
• While entering any personal identification numbers (PIN), use your discretion to shield the keypad so that your hand movements are not very visible and you enter your passwords secretly.

Well armed with this knowledge about ATM skimming and POS skimming we hope that you will be more careful the next time you are at an ATM or while making transactions with your card.

Credit Card Fraud

Everyone of us likes online shopping due to its convenience and easiness. It is not only the customers who love it but cyber thieves too. Yes, the online shopping, where credit card is one of the most favorite ways of transaction, is highly susceptible to frauds. These frauds are the results of your Identity theft. Identity theft is where your personal information such as your Social Security Number, Drivers License, Credit card information, on-line bank accounts are stolen without your notice and are used for criminal purposes.

According to recent surveys, every 15th credit card user is a fraud victim. The worst part is that day by day the frauds are rapidly increasing. According to Federal Trade Commission (FTC) the credit card fraud is on the top of all the identity thefts as you are completely ignorant of the fraud.

How does Credit Card Fraud happen?

The credit card fraud can hit you in number of ways.

• It can be Skimming, where your credit card information is manually copied by a fraudulent employee of a pub or a restaurant OR using malware at POS locations. Example – Target stores.
• It can be an Identity theft fraud, facilitated by the financial documents (ATM transaction slips, bank statements etc) dugout from the garbage.
• It can be by a hacker, hacked in to a merchants database.
• They can use a key logger to steal all the important information you type on your PC.
• They can copy the magnetic strip of your card obtrusively, and if they know your PIN number, with that cloned card, they can withdraw money from the ATM.
• It can be a mail-not-receipt fraud where your card is lost during the transit from the bank.

Among all the types, Card Not Present (CNP) fraud is most admired by the fraudsters as neither the customer nor the merchant are present at that time. When the card is not present, it is hard to determine the genuineness of the transaction as the physical security features of the card are not visible. If fraudsters gain access to your personal information along with the credit card details, they can call the bank and change the billing address to receive goods or services in your name.

Identify Credit card Fraud

In order to prevent credit card fraud or even the identity fraud, check for some signals, which can take you a long way in preventing the scam. It can be:

• Some transactions that appear in your statement but you feel that you never made them
• Instances when you receive a telephone call or letter saying you have been approved or denied credit for accounts you know nothing about, or you receive a credit card statement for an account that you never opened
• Instances when the credit card details have been shared to an unknown or suspected person
• Instances when the documents containing the information of your credit cards have been stolen etc.
Instances like the above will open doors for the possible credit card scams. As mentioned earlier, the tragic factor about the credit card fraud is that neither the customer nor the merchant would be aware of the fraudulent transactions and you would realize only after the damage is done.

Preventing Internet Credit card Fraud

Luckily, online credit card fraud can be prevented by a little care and observation.

• Always check your bank statements for any suspicious transactions
• Shred the financial documents with care
• Do not store your credit card information on the computer
• Do not write the PIN number down.
• Never delay to report a lost credit card as the repercussions can be highly disastrous.
• Close the account that you suspect is being hit by the fraud.
• Thoroughly check the authenticity of the firm, the website, or any other transactional company where your money would be flowing through.
• Check that the Internet connection you are using is secure. Look for the lock at the bottom or HTTPS in the address field of your browser. These indicate that the connection is a secure one
• Never give away your personal information over the phone unless you are sure of the person the other end.
• Take a pause before venturing into any kind of online transaction and decide upon the authenticity of the transaction.

Credit card transactions in other words on-line shopping is simple, fun and can be secure if you follow the above precautions.

Online Banking Fraud

How is it done?

Phishing

One particularly common method is called phishing (pronounced the same as Fishing). The trick here is to make YOU give your account login details to the fraudster yourself. To do this, the fraudster creates a website that closely resembles that of your bank and hosts it at a URL, which also resembles that of your bank. He then sends a series of emails at random, asking you to verify or update your account details by logging in, presumably for security reasons. You oblige by clicking a link supplied in the email and are taken to a fraudulent website, which is a look-alike of your bank. To log in, you enter your account details and password. In this fake website, the fraudster has captured your account login details-just another way to get your account information.

Vishing

Fraudsters just do not stop installing key loggers, sending phishing emails to acquire your banking details; they also use more sophisticated techniques like Vishing (Phishing using Voice). Here fraudsters setup a fake call center using Voice over IP (VOIP). They will send you emails asking you to confirm your banking details as a security check at the phone number provided in the email. As you are not aware about this, you call the number believing it to be a bank phone number and end up giving your banking details and other personal information at the Interactive Voice Response (IVR) phone number. They record your calls and use it for fraudulent purpose.

Phone Banking

The means to make online banking frauds do not end at Internet banking. When you do not have access to the Internet and need to make transactions on-the-fly, banks give you the option of phone banking. In phone banking, you call up your bank, speak with an agent who would ask few questions to ascertain your identity, and then the agent performs transactions you request. How secure is this method?-It is safe as long as your personal details are secure. An impersonator who has access to your private information can call the bank on your name, prove identity based on your personal information, and ask for transactions.

Check Fraud

The fraudsters may use your Bank account number, Routing number and other personal details to issue checks at websites that accept online checks leading to online check fraud.

The methods listed above are some of the more common methods of committing online banking fraud, both on the Internet and phone banking.

What can you do to avoid it?

First, it is your knowledge that will help you. Here is a list of some not-so-difficult rules that you should follow to avoid being a victim of online banking fraud.

• DO NOT leave your personal documentation at places where it can either be picked up or viewed by anyone who do not need to see them.
• DO NOT log in to your online account from an insecure computer network.
• When accessing your bank Web site, check that the URL is correct and that you are not becoming a victim of phishing.
• DO NOT key in your online banking account login details at a website about which you are not sure. Look for the lock at the bottom or HTTPS in the address field of your browser.
• It is a good practice to type in the URL of your bank yourself, or bookmark it if the URL is difficult to remember. DO NOT follow links to a banking website from another website or email.
• When available, use alternative methods to enter account login details. For example, some banks allow you to click on an on-screen keyboard when logging in and avoid key presses altogether.<
• DO NOT give your account details over the phone, unless you have initiated the call to a bank service center and make sure that you are calling the correct number listed on the banks website.
• DO NOT print your Social Security Number on checks.
• Scan your computer periodically to ensure that no spy ware or key logger is installed. Keep your antivirus software regularly updated
• Make sure that you have automatic updates turned on and regularly download the security patches if you are a windows user.
• DO NOT respond to emails that ask you to enter your bank account details in any way.
• DO NOT send personal information and bank account details over email.

Safety Tips

1. Safety tips to avoid Identity Theft

Here are some safety tips to protect you from ID theft:

• Never disclose personal information to anyone you do not trust.
• Do not provide your information until and unless you are sure about the caller. If in case of doubt you call them using the bank phone number.
• Remember that banks always ask for specific characters like last 4 digits of your card or SSN not your entire card number or SSN for verification.
• Ensure that your personal documents are always secure. Your personal documents include your bank account details, credit cards, driving license, plastic cards, card receipts, financial statements and even utility bills.
• Periodically peruse your bank statements to check for any transactions that have occurred without your knowledge.
• Dispose of financial statements, card receipts and other personal documents with utmost care. Tear or cut into pieces any such documents before trashing them.
• Keep the authorities informed if you have lost any personal item. For example, report a stolen credit card.
• Raise an alarm if you receive a telephone call or letter saying you have been approved or denied credit for accounts you know nothing about, or you receive a credit card statement for an account that you never opened.
• While paying by credit card, never let it out of your sight. Raise an alarm if the card is being swiped more than required, or if it is being scanned.
• In case of a change in address, ensure to notify the correct address to all recipients who send you statements to your address.

 

2. Safety tips to avoid Phishing

Here are some safety tips to protect you from phishing:

• When you receive emails claiming to be sent by banking institution asking you to enter your account details, DO NOT do so! Your bank already has your details and clearly would not want them again.
• Check if the email that you receive has your name spelt correctly. Fraudsters simply try to guess your name by your email address. DO NOT open emails that have your name spelt incorrectly.
• Check the email to see if it is addressed to your name. Fraudsters never personalize emails, they will refer you as Dear Customer or Dear Valued Customer because they send emails randomly to a million email addresses and they even do not know that you have an account with the bank. Your bank or ecommerce company on the other hand will refer you with your name.
• DO NOT respond to emails that seem like they are sent from your bank. Some of the claims made in these emails may be the following:

– You are to receive a refund,
– The bank is trying to protect you from a fraud
– The bank needs some security and maintenance update on your account as asks for your account details.

• If you receive such email always check back with your bank directly or speak to the customer service representative of the bank.
• NEVER enter your credit card details and password in a website which you suspect is not genuine.
• DO NOT share your account details, password, or credit card details with anyone who you do not know or trust.
• DO NOT open unsolicited emails.
• It is a good practice to type in the URL of your bank yourself, or bookmark it if the URL is difficult to remember. DO NOT follow links to a banking website from another website or email.
• Verify the website URL carefully before you provide your login details on any web page. Fraudsters create fake websites that have URLs closely resembling the original.
• Log in to your accounts regularly and look for account transactions that you do not recognize.
• DO NOT send your account details and/or password over an email to anyone.

3.Safety tips to avoid Card Fraud

Here are some safety tips to protect you from credit card, debit card, and ATM skimming fraud:

Credit Card

• Always check your monthly bank statements for any suspicious transactions,
• Shred the financial documents with care
• Do not store your personal and credit card information on the computer
• Do not write the PIN number down.
• During the online transactions, check if the web address starts with HTTPS, which ensures the encryption of all important data.
• Never delay to report a lost credit card as the repercussions can be highly disastrous.
• Close the account that you suspect is being hit by the fraud.
• Thoroughly check the authenticity of the firm, the website, or any other transactional society where your money would be flowing through.
• Never give away your personal information over the phone unless you are sure of the person the other end.
• Take a pause before venturing into any kind of online transaction and decide upon the authenticity of the transaction.

Debit Card

• When you key in your PIN number at an ATM, make sure that you sufficiently obscure the keypad from being viewed by an onlooker.
• NEVER let the merchant take your debit card out of your sight. There is no need for him/her to do so, unless he/she intends to do something unlawful.
• Secure your debit card physically by storing it at a safe place.
• NEVER write your PIN number at a place where it can be seen by someone who you do not intend to show it to.
• ALWAYS shred the receipts from merchants that you no longer require, especially when you have paid for using your debit card.
• If you do not receive your debit card or PIN number from the bank within a reasonable amount of time after requesting one, check with the bank when it was sent and when you should expect to receive it. It may have been picked up by someone else in transit.
• When at an ATM, make sure that no external devices are attached to the ATM machine and no wires are hanging around.
• Check your account statements carefully for transactions that you may not have made.

Using ATM machine and Point of Sale

• Safeguard your credit cards and ATM cards at all times.
• Never let these cards out of your sight
• You swipe a credit card only once, if it is being swiped more than once, you need to question this action.
• If you notice something suspicious about the card slot on an ATM (like an attached device), do not use it and report it to the responsible authorities.
• Never trust your ATM card and credit card PIN numbers to strangers.
• Beware of your surroundings while withdrawing money at ATM centers. Do not crumple and throw away the transaction slips or credit card memos: read them, make a mental note of the details and then, either tear them or shred them to trash them.
• Periodically check your account balances on Internet or by requesting your bank or credit card company to send you statements to ensure that no transactions are happening behind your back.
• While entering any personal identification numbers, use your discretion to shield the keypad so that your hand movements are not very visible and you enter your passwords secretly.

4.Safety tips to avoid Online Fraud

Here are some safety tips to protect you from online banking fraud and online auctions fraud:

Online Banking

• DO NOT leave your personal documentation at places where it can either be picked up or viewed by anyone who does not need to see them.
• DO NOT log in to your online account from an insecure computer network.
• When accessing your bank Web site, check that the URL is correct and that you are not becoming a victim of phishing.
• DO NOT key in your online banking account login details at a website about which you are not sure.
• NEVER follow a link in an email which claim is from your bank. Type in your bank URL in the browser yourself. DO NOT open any attachments in those emails.
• When available, use alternative methods to enter account login details. For example, some banks allow you to click on an on-screen keyboard when logging in and avoid key presses altogether.
• DO NOT give your account details over the phone, unless you have initiated the call to the bank customer care center.
• Scan your computer periodically to ensure that no spy ware or key logger is installed. Keep your antivirus software regularly updated
• DO NOT respond to emails that ask you to enter your bank account details in any way.
• DO NOT send personal information and bank account details over email.

Online Auctions

• Be aware of phishing. Verify that you are receiving emails from the correct source and that you are logging in at the correct website.
• When making payment, prefer using your credit card over online transfer. Using a credit card give you the opportunity of a chargeback in case the transaction turns out a fraud. Use debit card, wire transfer, or money order only when you trust the seller.
• Use reputed escrow services. An escrow service mediates a buyer and a seller. They accept money from buyers and release them to a seller only when the buyer confirms that the product was received to his/her satisfaction. But be wary of sellers or buyers who themselves pose as an escrow service to cheat the other. A buyer posing as an escrow service gets a product released without making payment, or a seller poses as an escrow service to trick the buyer from making a payment.
• Check for feedback and rating of the buyer, which most online auction website provide.
• DO NOT entertain emails received from outside of the auction website mentioning that the highest bidder has withdrawn and you are now entitled for a product. They veer you off the auction website and you lose any protection that the website may provide.
• NEVER make a deal with a seller outside the auction. Although they sound lucrative, you are at a very high risk of being cheated.
• READ the auction website’s terms and conditions, buyer protection policy, refund policy before making a transaction. Here, they list in how many days the order will be fulfilled, what if the product you receive is not the same as what was advertised, and so on. Also check that the policies are fair on both buyers and sellers.
• Check if the product you are purchasing has appropriate warranty and documentation with it. If not, make sure that you intend to purchase it without that protection. Check if shipping and delivery is covered by the seller or if you have to bear those costs.
• Check that you are not purchasing a product that you are not allowed to possess lawfully.
• BE WARY of products that offer revolutionary results. In most cases, they are fraudulent claims.
• DO NOT respond to emails that ask for your personal information, such as your log in details or credit card details.
• READ the online auction website for feedback on the seller and a rating that they give to sellers and buyers. Most online auctions rate the sellers and buyers based on their transactions feedback.
• READ the product features and the model number that you intend to purchase. Verify these with what is being advertised by the seller.
• When giving your credit card details or your debit account details at a website, check that the Internet connection you are using is secure. Look for a lock at the bottom or HTTPS in the address field of your browser. These indicate that the connection is a secure one.
• Avoid making a transaction if anything in the auction seems suspicious to you.
• If you are cheated on any product purchase, be sure to post a note on the online auction website and let them know personally.

Romance Scams

Fraudsters pose as beautiful girls and enroll themselves in various dating and social networking sites. Novice users not aware of this ploy get attracted to them by seeing some fake pictures/videos and contact them. Fraudsters then exploit them to the maximum extent like:

• Claiming that they are in deep financial trouble and would like you to support them with some money.
• Claiming that they need money as he/she wants to come to US and marry her/him.
• Get bank accounts from them for transferring stolen money making them money mules.
• Use their address to send bill pay check (sent from compromised accounts) and asking them to cash the check at their bank account and forward the cash to them.
• Using their address to send purchased goods bought by stolen cards and then asks them to forward to their country as most of the online shops do not send goods overseas.

Users need to be careful when comes to dating scams because it is an emotional loss apart from a monetary loss. They might lose trust on the Internet and people altogether.

If you are interested in dating an online partner you need to verify the partner carefully before you begin the relationship. If the partner is based overseas, then make sure to call them and verify the phone number and address of the place given by the partner. Because most of the fraudsters even though use a US or UK phone number, they use the forwarding feature of these numbers and stay overseas.

5.Safety tips to protect your Computer

Here are some safety tips to protect you from Key loggers, Trojans, and spy ware:

• As a common practice do not open suspicious or unsolicited emails (spam emails). Delete them from your Inbox.
• Even if you do open a spam email, under any circumstances do not click on any links, or open/download any files attached to them.
• Make sure that you have very good anti-virus software installed on your computer that not only protects your computer from viruses but also from unwanted programs. And make sure you update any latest versions to that software.
• Make sure that you have automatic updates / firewall turned on and regularly download the security patches if you are a windows user.
• Be very wary when you access websites that provide free downloads (such as music, serial keys, adult content, games, movies etc). They may install harmful programs without your knowledge.
• Do not use software on your computer that auto-completes online forms. This can give internet scammers easy access to your personal and credit card details.
• While downloading files from the internet make sure it is from a known or reputed source. If the file is an executable application (for example, if the file name ends with .exe), make sure you know exactly what it will do.
• If a pop-up screen appears on your screen and prompts you for an action (for example if it asks you to Agree or Accept something), then be sure to read the text in the pop-up screen and any terms and conditions carefully and only when you are sure of the safety should you take an action.