Fraud examples news timeline

Cyber criminals sell credit card details for 70p

Fraudsters are selling the card details of up to 100,000 people at a time for the same price as a bag of carrots, according to government intelligence.

Iain Lobham, the director of Britain's biggest intelligence agency, GCHQ, said that there are more than 150 website selling illegally obtained data relating to consumer's credit cards.

Lobham also revealed that cyber-attacks on businesses, consumers and the government have reached what he describes as 'disturbing' levels that pose a direct threat to the 'UK's continued economic well-being'.

"We are witnessing the development of a global criminal market place - a parallel black economy where cyber dollars are traded in exchanged for UK citizens' credit card details," he said.

'Fearless' cyber criminals

In February this year, the government warned that cyber crime was costing the UK economy £27bn a year. This figure, it said at the time, was a 'mid-range' estimate, with the real cost potentially far higher.

While the brunt of these costs were born by business (£21bn), consumers were still thought to be saddled with losses amounting to £3.1bn.

The government's security minister, Baroness Neville-Jones, said that cyber criminals were "fearless because they do not think they will be caught".

The new revelations will no doubt be embarrassing for the government, which just eight months ago said that it was not at 'panic stations' regarding levels of cyber crime.

Martin Sutherland, the chief executive of security consultants, Detica, said that the cost of cyber crime to business was more than twice the Home Office's annual budget.

Worldwide crime

It's not just the UK that is being hit by the tide of cyber crime.

According to a 2011 Norton Cybercrime report, the global cost amounts to £242bn a year - more than the cost of the entire global trade in heroin, cocaine and marijuana.

More than one million adults become victims of cyber crime every day. In the UK, an average 51% of people reported being attacked but that's 76% of Poles and Germans.

At the recent London Conference on Cyberspace, UK Prime Minister, David Cameron, called for global collaboration to help fight cyber crime.

"This is a cross-border problem that needs cross a cross-border solution," he said.

"International cyber security is a real and pressing concern with daily attempts on an industrial scale to steal corporate and government secrets."

The UK government has invested £650m in increasing cyber-security and is hoping other countries will follow suit.

For consumers, then, staying safe from fraud is an ever-growing concern, see our guide on what to do if you ever become a victim of fraud here.

Credit card fraud falls 9%, but low-tech increases

Credit card fraud has fallen by 9% over the last year according to figures released by the National Fraud Authority (NFA) this week.

Fraud losses on UK cards totalled £169.8 million in the first half of 2011, significantly lower than over the same period in 2010 and marking the lowest recorded amount lost in card fraud for 11 years.

Online banking fraud also witnessed a decrease, losses plummeting by 32% to £16.9 million for the half year.

However, lost and stolen card fraud, cheque fraud and phone banking fraud losses all increased, suggesting that fraudsters are taking a different tact and resorting back to low-tech scams.

Common frauds reported included distracting the victim while they are making a card transaction and posing as a representative of the victim's bank.

Falling high-tech crimes

A number of factors contributed to the fall in card fraud, the researchers said.

First, updated chip and PIN cards have been distributed to consumers, which are harder to fool.

More advanced chip and PIN technology has also been introduced abroad to make foreign transactions more secure.

There has also been an increase in the use of fraud detection software.

For the decrease of online banking fraud losses, the NFA site the customers' increased awareness of computer security and the advancing fraud detection software of banks.

These advances are apparently too much for fraudsters to handle and are the reason so many criminals have changed their tactics.

Martin Warwick, fraud expert at analytics firm FICO Card welcomed the news.

"Fraud is declining as banks and card issuers are using more analytics-based fraud systems and increasing the sophistication of their fraud management operations," he said.

Rising low-tech crimes

The £4.4 million rise in lost and stolen card frauds, the 48% rise in phone banking fraud and the 17% rise in cheque fraud are all indicative of these significant changes within the world of financial scams.

More simple crimes such as persuading people to divulge personal information like passwords and login details have been carried out, fraudsters then using the phone-in service to access the account.

Fraudsters have also increasingly found ways to separate unsuspecting customers from their cards, such as fooling them into handing over their details or the cards themselves from their own doorsteps.

They are also frequently posing as police officials or members of the bank in order to gain access to sensitive information.

Head of the Dedicated Cheque and Plastic Crime Unit (DCPCU) DCI Paul Barnard commented, "There has been an increase in old fashioned scams - criminals using distraction techniques and social engineering methods to get hold of people's cards or phone banking details."

Security Warning

DCI Barnard went on to warn of the still potent potential danger of financial scams.

"We are urging everyone to be on their guard," said the DCPCU head.

"Your bank or the police will never cold call you or email you and ask you for your login details, cards or PIN numbers. If anyone does, they are probably a criminal, so hang up the phone or delete the email."

Mr Warwick also voiced his concerns about the rise of basic fraud.

"Criminals will try harder to find new ways as well as resorting to old methods for scams and banks will be required to keep pace with the new developments and lock down the old gaps," he said.

CIFAS report credit card fraud fell 37% in 2010

Credit card fraud has dropped by a third over the past year, according to CIFAS.

The not-for-profit fraud prevention service published its annual 'Fraudscape' report this week.

The results showed that fraud decreased by 7% in the past year though, over the past five years, cases still rose by 25%.

Card fraud

Credit card fraud saw one of the biggest drops, decreasing by 37%. Only insurance scams saw a larger decrease.

The total number of credit card fraud cases reported in 2010 was 39,651 - down from 63,396 in 2009.

Experts have suggested a number of reasons for this significant dip.

First, lenders are now much more cautious nowadays, only giving credit to those with exemplary credit scores.

It is certainly true that a great deal of financial organisations continue to turn down the majority of applications.

This acts as a deterrent to fraudsters as they can't be sure if they will be successful in securing credit - whether in their own or someone else's name.

The difficult economic environment also means that people are less willing to try to obtain credit and are generally being more careful and stringent with their financial dealings - fraudulent or not.

The report also shows that even though overall fraud in this area has decreased, the success rate remains at a steady constant with previous years, standing at 51%.

Online plastic fraud accounted for 70% of the recorded cases - up 10% since 2009.

Application fraud

Breaking the report down even further, 'Fraudscape' showed a 35% decrease in plastic application fraud.

70% of those committing this type of fraud were aiming to mask a poor credit score and 13% were providing false employment details in order to try and secure credit.

This, again, shows evidence of the stricter application process of more cautious lenders. Increasing unemployment levels also probably played a part in this.

Identity fraud

Plastic identity fraud levels fell most drastically, down 40% since 2009.

However, although there has been less identity fraud, it was noted that methods of fraud have been more effective and more cleverly organised.

Current address fraud, the type of identity fraud where both the victim's name and current address are used, was up 13% since 2009.

Current address fraud is particularly hard to detect and the effects are often very serious.

Other fraud types

Misuse of facility fraud also dropped by 40% and facility takeover fraud dropped by the least, down 29% since 2009.

CIFAS' 260 members share information with the organisation in order to aid them to identify the main problem areas and prevent further cases of fraud.

The report covers fraud by product - including card, bank account, mail order, loan, insurance and several others - as well as by type of fraud - e.g. identity fraud.

MBNA criticised for 'phishing-like' emails

A consumer website has criticised MBNA for inviting consumers to log into their accounts via email.

Scam-detectives.co.uk said that MBNA were breaking industry rules by including links in emails promoting their newly designed website.

According to the UK Cards Association, banks are committed to never cold calling or emailing customers to ask them for login details and passwords.

Consumer groups also advise that credit card users don't click through to their provider's online banking services through emails since the links could lead to cleverly designed mirror sites designed to harvest credit card login information.

Scam Detectives editor Charles Conway said today "I was utterly gobsmacked to find a genuine email from MBNA in my inbox announcing the launch of their 'improved online card services' website.

"This email undermines everything that the online safety community has been telling Internet users about protecting themselves from phishing scams by including three separate links inviting users to log in to their accounts from the email."

The UK Payment Association's fraud site Bank Safe Online lists examples of phishing emails which mimic all of the major banks and building societies.

Consumer Direct advises forwarding suspected phishing emails to your bank and then deleting them.

All MBNA credit cardholders are covered by the company's fraud guarantee - it means that if a card is used without the holders knowledge or consent they will not be liable for fraudulent use.

MBNA advise that cardholders that suspect fraud contact them as soon as they notice a problem (e.g. unusual transactions on their account).

MBNA is also a member of CIFAS which is the UK's fraud protection service. Members share information about fraud and work on industry wide fraud prevention measures.

LV= reports direct debit fraud increase

Fraudsters are more likely than ever to set up direct debits to siphon money out of accounts, according to insurer LV=.

Consumers often don't realise that they're making regular payments to a fraudsters bank account, or paying for services the fraudster is using, for months.

LV='s research shows that victims of the fraud often end up paying for the mobile phone contracts, TV subscriptions or gym memberships of criminals.

The average victim of Direct Debit fraud loses £540 before they notice what's happened and stop the direct debit.

6200 consumers reported cases of Direct Debit fraud in 2006. The number of cases has since risen by 288%.

Direct Debit payment fraud now accounts for around 10.6% of all identity fraud incidents.

Bacs hit back

Apparently fearing that reports of fraud will harm the good name of direct debit, Bacs, the industry body responsible for payments, hit back at the research, denying that there was a widespread problem.

A Bacs spokesperson said: "We are aware of media reports claiming an increase in Direct Debit fraud... our own research shows that only 1% of British businesses have experienced Direct Debit fraud, and we have no evidence that this has changed markedly since that was carried out in July 2008.

"Direct Debit is a highly reliable, safe and cost effective method for organisations to collect regular payments."

Bacs were unable to provide any figures on the number of consumers affected by Direct Debit fraud, however.

Staying vigilant

Keeping details safe and then keeping tabs on statements are the best ways to combat Direct Debit fraud.

Unfortunately, LV='s research shows, we're so bad at checking our accounts that we're often failing to stop the payments we set up ourselves, never mind the ones we didn't know about at all.

One in five people who took part in the survey said they checked their balance once a month.

On average, those 'forgotten' regular payments take account holders four months to notice and cost £190 before they're stopped.

Typically those who check their statements less regularly than once a month lose £611 as result of direct debit fraud, those who check more lost less on average: £540.

John O'Roarke, managing director of LV= home insurance, said: "While most of us are aware of the need to protect our card details, the increase in fraudsters setting up direct debits in victims' names proves the need for everyone to regularly check their banks statements and ensure they're not paying out for someone else's mobile phone account or gym membership or any other direct debit they don't recognise.

"And with the number of direct debits being paid unnecessarily at an all time high, we'd urge account holders to check they're not making duplicate or out of date payments.

The payment method is protected under the direct debit guarantee.

Section 75 exploited by fraudsters

Credit card users are falling prey to scams which exploit consumer protection laws such as section 75, according to a BBC report.

Fraudsters set up websites selling non-existent tickets for big name acts, take payments and then tell their 'customers' that the tickets are no longer available but they can get the cash back using consumer legislation.

Security specialists the Iridium Consultancy told the BBC that they estimate that the scam has already been worth £12m for fraudsters this year and cases have escalated in the past few months.

Reg Walker, director at Iridium, told the BBC that it's because the scam is primarily hurting credit card providers rather than consumers, who could presumably never realise that they never had a chance of getting their tickets, that the sites can continue to flourish.

"The customer is a bit miffed at not getting their tickets, but because they tend to get their money back, they don't see themselves as victims and so a lot of it goes unreported," he said.

As potentially damaging as the scam is, it does at least show that consumer protection legislation is doing its job - making sure that shoppers don't lose out as a result of unscrupulous merchants.

In law, section 75 of the Consumer Credit Act 1974 states that credit card providers are equally liable, with merchants, for the delivery of goods when the transaction is between £100 and £30,000.

Fake ticket websites are notoriously difficult to spot and many invest in advertising space on Google to make themselves seem more legitimate.

The Safe Concerts site publishes a list of ticket websites to watch out for but even this isn't definitive.

The bigger the act or even the bigger the draw for fraudsters: if you've bought tickets for Take That, The Foo Fighters or Kings of Leon online in the past two weeks are being urged to check bank statements to see if they have been charged for the tickets.

Six arrested in phishing scam case

AUTHORITIES triumphed in the fight against fraud this week as seven alleged online con artists were taken into custody.

The arrests of five men and one woman between the ages of 25-40 were made earlier this week.

Five individuals were apprehended in London and the final fraudster was tracked to Navan in County Meath, Ireland.

Those in question are suspected of establishing a large-scale phishing scam and using this to steal millions of pounds across thousands of credit cards and bank accounts.

The arrested parties face charges for crimes against the Computer Misuse Act as well as conspiracy to commit online banking fraud.

The big scam

The scam in question aimed to trick customers into surrendering sensitive information, including card numbers and personal passwords.

Emails mimicking legitimate online banking firms were sent to victims, who were then directed to fake websites, similarly designed to represent their banks and credit providers.

Forms requesting information were then used to wrestle very intimate details off customers and this information was employed to breach personal credit cards and bank accounts.

It has been calculated that roughly £3 million was stolen from 10,000 unfortunate credit card holders.

£358,000 was extracted across another 10,000 bank accounts, but as the gang were trying to obtain £1.4 million here, the damage could have been far worse.

Operation Dynaphone

Operation Dynaphone was the name the Metropolitan Police gave to their investigation into this intimidating scam.

The operation is being led by officers from the Central e-crime unit - PCeU - and their efforts finally came to fruition this week after six London addresses were raided.

The Irish Garda Siochana Fraud Investigation Bureau as well as the MPS Territorial Support Group helped the PCeU serve warrants to the suspected seven.

Two of those arrested appeared in court on Thursday, two others are still in custody and the final three have been released on bail.

The Met hope that others involved in the scam will soon also be apprehended.

"We have taken this action to shut down an organised criminal network running an online phishing and account takeover operation," said Detective Inspector Colin Wetherill of PCeU. "A great deal of personal information was compromised and cleverly exploited for substantial profit. By disrupting the operation we have hopefully prevented further loss to individuals and institutions across the UK."

Each year, thousands fall victim to fraud - increasingly online banking and credit card fraud.

The Metropolitan Police remind customers to be on their guard, especially when giving out sensitive financial information.

Any peculiar correspondence, suspicious emails or unexplainable account transactions should be reported immediately.

Zeus malware mimics Visa and MasterCard 3D secure

Zeus Malware - the God of online financial fraud - has created a new and uncomfortably convincing way of persuading people to reveal their most delicate banking details.

The leading security cooperation for financial browsing, Trusteer, announced just last week that customers from 15 leading financial institutions could be at risk from this new scam.

It appears that the malware is mimicking two prevalent online validation systems: Verified by Visa and MasterCard SecureCode.

As so many online shoppers now pass through these systems on a daily basis, even the most cautious browsers could be in danger.

Verified by Visa and MasterCard SecureCode

With fraud - particularly online fraud - now increasingly common all over the world, Verified by Visa and MasterCard SecureCode have been introduced to add an extra layer of protection for online card users.

Customers can sign up by visiting their financial institution's website, registering their card for the service and carefully choosing a password.

From then on, after any online transaction with this card a screen will come up and request the chosen password.

If the password is wrong, the transaction will fail to be authorised.

The scam

However, the criminal masterminds behind Zeus Malware will now be able to bypass even this layer of protection.

The malware infects PCs and monitors the browsing of the user.

When the unsuspecting online shopper completes a banking transaction, Zeus will inject a facsimile of an enrolment screen into the browser.

It will tell the customer that new FDIC rules require them to register for the Verified by Visa or MasterCard SecureCode service and will ask them for sensitive information.

Personal passwords, card numbers and social security numbers are all among the fields requested by this falsified form.

Trusteer's CTO Amit Klein is particularly concerned about this new financial threat.

"While some users may become suspicious when prompted to enter their credit/debit card information as part of the online banking login process, this attack uses the familiar Visa and MasterCard online fraud prevention programs to make the request appear legitimate," he commented.

With the acquired information, the fraudster would have the full credentials to carry out any 'card not present' transactions.

They would even be able to fool the very system which was designed to protect the card.

Zeus Financial Malware

Zeus Malware commonly infects PCs and waits for users to log on to important sites.

It can monitor any online transaction and is an increasing menace for many people across the world.

After a survey of 3 million American and British desktops in 2009, Trusteer revealed that a staggering 1 in 100 PCs are infected.

More worrying still, 55% of these PCs were running up-to-date and functional anti-virus software which Zeus can evidently outsmart.

Trusteer Rapport

Trusteer has come up with a solution to this problem, however.

They advise that any customers who suspect they have been hit by this new scam should take pains to disinfect their PC.

Trusteer's Rapport browser plug-in is also advised for credit card holders shopping online.

This piece of security software is free and several leading UK banks have a version tailored to their customers available to download from their sites.

RBS, First Direct and HSBC all have a version to download.

The software actively prevents HTML injection, such as practised by Zeus in this month's hoax.

Hopefully, with precaution and the efforts of companies such as Trusteer, one day online bankers will cease to fear fraudsters.

68% of holidaymakers unaware of fake sites

Booking holidays online rather than through traditional high street vendors has long been considered the holy grail of holiday money-saving.

Unfortunately, internet scammers have picked up on the rashness of bargain-seeking holidaymakers and are using it to a profitable advantage.

Up to a third of internet users are blindly ignoring even the most basic fraud protection measures in their online booking activity, says the government-backed security website Get Safe Online and the Travel Association Abta.

"In the worst cases," they say, "holiday makers could be handing over their hard-earned cash for 'dream holidays' that do not exist".

One recognised scam is where fraudsters create websites that masquerade as genuine travel operators in an attempt to gain people's credit card details. They often feature images and content copied directly from more reputable sites.

Other scams make use of fake links from real travel sites that can be activated when users have multiple tabs open in their browser and have failed to update their computer's anti-virus security software.

"Many people will be looking for last-minute holidays at this time of year and the internet can provide a great way of shopping around for bargains," says Security Minister, Dame Pauline Neville-Jones.

"However, in your rush to book a holiday you should make sure you are not falling victim to online crime by taking some basic steps to protect yourself," she added.

A common mistake made by the possibly over-excited holidaymakers identified by Dame Pauline is failing to confirm that the online travel provider is authentic (easily done by checking if they're members of a recognised trade association).

Over a fifth of people also enter their payment details without first checking that the web page is secure and therefore unable to be intercepted by fraudsters.

"When things don't start to add up, that's when you really need to do your research," says Tony Neate, managing director of GetSafeOnline.org.

"For example, if you decide to rent a villa or holiday home from an individual and they don't provide a contact telephone number or don't respond to calls, and they ask for full payment upfront to be made by a cheque in the post or wire transfer, then you need to be very careful."

68% unaware

Somewhat surprisingly, most holidaymakers seem unaware of even the most common scams in operation.

Sixty-eight percent of people surveyed by Get Safe Online say that they've never heard of fake holiday sites. Sixty-seven percent claim ignorance regarding the existence of holiday rental scams with a whopping eight-one percent unaware of fraud involving gap years.

Get Safe Online provides a variety of tips to help holiday-seekers organize their trip safely. These include not responding to pop-up adverts or random information requests, remembering to log out of sites which have asked you to register details, keeping receipts of all online holiday orders, monitoring payments and notifying the bank as soon as possible if anything goes wrong

CIFAS report credit card fraud fell in 2009

RECENT figures released by CIFAS, the UK's fraud prevention service, have revealed that cases of credit card fraud fell in 2009, despite an overall increase in fraud rates.

It appears that the economic slump caused an upswing in identity theft and similar instances of fraud.

Although credit cards fell out of favour somewhat amongst fraudsters figures show that bank account fraud rose by a shocking 10% in 2009.

There were 80,105 reported cases last year, compared to 2008's 72,988.

The Credit Card Fraudscape

The most recent CIFAS report 'Fraudscape' reproduced fraud figures from 2008 and 2009 in order to compare and examine them.

The report includes every type of fraud from both years and it has therefore proved very useful in assessing the changing shape of this criminal landscape.

As well as the 10% overall rise, the study revealed a 32% increase in identity fraud.

Identity fraud or theft is where a fraudster applies for credit under a false name, or by using someone else's details.

These cases consistently target males in their forties, although increased numbers of female victims in the 2009 statistics suggest that anyone can be caught out by fraudsters.

The study also identified bank accounts, mail order and communications as the highest increasing areas for fraud.

Fraud Crunch

In surprising contrast to the other fraud statistics, credit card fraud has actually decreased since 2008.

Whilst trends show that bank account fraud has risen by 9.75%, recorded plastic fraud cases have decreased by nearly the same sum, 9.98%.

Identity fraud is usually the most popular type of fraud within this category but the study has shown a decrease in cases even here.

This is particularly surprising considering that identity fraud has seen a significant rise across all other categories.

CIFAS suspects that these unprecedented figures may be a result of the credit crunch and the extra scrutiny of applications that this has caused.

Currently, two in three credit card applications are rejected and in the past year the number of attractive credit card deals declined.

Therefore, fraudsters may be finding it harder to dupe suppliers and are turning to other areas on which to focus their fraudulent activities.

This is evidenced also in the fact that application fraud has seen the largest decline in this category with 36% fewer cases than in 2008.

The introduction of added internet protection on many cards, such as the Verified for Visa scheme, is another possible explanation for the decrease in the category's percentage of fraud cases.

The identity frauds that have been identified within this field show a higher percentage of current address frauds.

This means that the fraudster actually uses the current address of the people they are impersonating, rather than the once popular previous address.

Worryingly, this has been said to signify a more organised and wily fraudster who is coming up with new tricks.

It has also been conjectured that some of these figures are not genuine cases but could be consumers, severely in debt and unable to meet payments who are only claiming to have been victims of fraud.