Stolen credit card details on sale for as little as £1
Confidential data on tens of thousands of people is being sold by criminal gangs for as little as a £1, allowing fraudsters to steal money from on-line bank and credit accounts, according to a new report.
The past six months have seen an "alarming" increase in coordinated online criminal activity, according to the six-monthly internet security threat report, by Symantec, an independent software company published today.
Organised gangs are increasingly turning to on-line fraud against the public, with a fifth of Londoners having had their bank details stolen and used illegally, say researchers. The fraudsters are taking advantage of the boom in on-line shopping and banking, eBay sales, and general internet use.
Drawing on a study of over 40,000 world-wide computer users, Symantec has drawn up a "menu" of confidential information for sale in a hidden underground economy.
Details of a stolen credit card can be bought for as little as £1.03p - if bought in bulk - while access to an on-line bank account costs on average £154, according to the report.
The cyber criminals also offer passwords and details of home computer users for as little as £3.09; while a full identity theft, including national insurance and credit details, cost less than £10 a person. This type of personal on-line identity fraud is one of the fastest-growing areas of criminality.
An example of the huge amounts of money available were illustrated by the case of David Levi, who in November 2005 was jailed for three years for duping almost £200,000 from eBay customers.
Levi, 29, from Lytham, Lancashire, used a "phishing" scam, in which he tricked eBay traders into giving away their passwords and account details. These were then used to access the accounts of vendors with a reliable sales history, assume their cyber identity and offer non-existent goods for sale in order to pocket the cash, Preston Crown Court heard.
Today's report identifies an increase in the theft of confidential information which is traded by organised cybercriminals.
The scams include criminals pretending to sell goods at amazing prices on fraudulent web sites. Buyers provide their credit card details, which are stolen, and never receive the goods they paid for.
Another trick is the growth in "phishing" emails. These have become increasingly sophisticated and vary from the basic Nigerian-based fraud letters to ones pretending to be from high street banks.
Customers are duped into logging onto an unsecured dummy banking site, where their credit details and passwords are stolen. These can be used to access their accounts or to pay for goods on-line.
Some of the personal identity material sold by the fraudsters can by used to obtain bank loans and mortgages, all in the name of the victim.
While the vast majority of material traded comes from computer owners in the United States - 86 per cent - Britain has the second-largest number of victims, making up 7 per cent of the fraud.
Research from Symantec found that 21 per cent of Londoners have fallen victim to having their bank details stolen and used by someone else.
The report also found that Londoners are at risk from having their computer taken over and controlled remotely, as 36 per cent of the world's so called "bot-infested" computers can be found in the capital.
Lee Sharrocks, Symantec's consumer sales director said: "When we think about the concept of organised crime it conjures up images of famous Sicilian mafia figures.
"Although not visible to the public eye, a new outlet for these activities has emerged in the form of online organised cybercrime."
He added: "Cybercriminals are using an increasingly sophisticated array of techniques to steal confidential information. The criminal fraternity has recognised that there's significant profit to be made by turning their attentions online, and is constantly evolving its techniques in an effort to outwit businesses and consumers."
'I don't trust online banking now'
One evening in August last year Nadia Guerirem, 25, went to a cashpoint to withdraw some money for a night out when she discovered she was one of a growing number of victims of on-line fraud.
The public relations worker recalled: "I was supposed to be going out for a meal with some friends, but when I went to the hole in the wall it said I was massively over-drawn. I thought it was ridiculous and must be a mistake."
She continued: "It was a Barclays current account and I discovered that someone had made a couple of withdrawals of £75, and then £198, and finally £320. Over two weeks they took a total of about £3,000.
"I rang Barclays and they said that it was on-line fraud that had happened from abroad. Someone from Amsterdam was able to get into my account and transfer money out of it.
"I had to wait about six weeks before Barclays paid me back the money, but I didn't get any compensation. They gave me a new credit card, but no-one could explain to me what had happened.
"I used to do a lot of my shopping on-line. But after what happened it has made me much more cautious and I prefer to use shops. I also don't bank on-line as much as I did. I don't trust it as much - I'd rather go into the bank in person."
By Jason Bennetto, Crime Correspondent
Published: 19 March 2007
© 2007 Independent News and Media Limited
Confidential data on tens of thousands of people is being sold by criminal gangs for as little as a £1, allowing fraudsters to steal money from on-line bank and credit accounts, according to a new report.
The past six months have seen an "alarming" increase in coordinated online criminal activity, according to the six-monthly internet security threat report, by Symantec, an independent software company published today.
Organised gangs are increasingly turning to on-line fraud against the public, with a fifth of Londoners having had their bank details stolen and used illegally, say researchers. The fraudsters are taking advantage of the boom in on-line shopping and banking, eBay sales, and general internet use.
Drawing on a study of over 40,000 world-wide computer users, Symantec has drawn up a "menu" of confidential information for sale in a hidden underground economy.
Details of a stolen credit card can be bought for as little as £1.03p - if bought in bulk - while access to an on-line bank account costs on average £154, according to the report.
The cyber criminals also offer passwords and details of home computer users for as little as £3.09; while a full identity theft, including national insurance and credit details, cost less than £10 a person. This type of personal on-line identity fraud is one of the fastest-growing areas of criminality.
An example of the huge amounts of money available were illustrated by the case of David Levi, who in November 2005 was jailed for three years for duping almost £200,000 from eBay customers.
Levi, 29, from Lytham, Lancashire, used a "phishing" scam, in which he tricked eBay traders into giving away their passwords and account details. These were then used to access the accounts of vendors with a reliable sales history, assume their cyber identity and offer non-existent goods for sale in order to pocket the cash, Preston Crown Court heard.
Today's report identifies an increase in the theft of confidential information which is traded by organised cybercriminals.
The scams include criminals pretending to sell goods at amazing prices on fraudulent web sites. Buyers provide their credit card details, which are stolen, and never receive the goods they paid for.
Another trick is the growth in "phishing" emails. These have become increasingly sophisticated and vary from the basic Nigerian-based fraud letters to ones pretending to be from high street banks.
Customers are duped into logging onto an unsecured dummy banking site, where their credit details and passwords are stolen. These can be used to access their accounts or to pay for goods on-line.
Some of the personal identity material sold by the fraudsters can by used to obtain bank loans and mortgages, all in the name of the victim.
While the vast majority of material traded comes from computer owners in the United States - 86 per cent - Britain has the second-largest number of victims, making up 7 per cent of the fraud.
Research from Symantec found that 21 per cent of Londoners have fallen victim to having their bank details stolen and used by someone else.
The report also found that Londoners are at risk from having their computer taken over and controlled remotely, as 36 per cent of the world's so called "bot-infested" computers can be found in the capital.
Lee Sharrocks, Symantec's consumer sales director said: "When we think about the concept of organised crime it conjures up images of famous Sicilian mafia figures.
"Although not visible to the public eye, a new outlet for these activities has emerged in the form of online organised cybercrime."
He added: "Cybercriminals are using an increasingly sophisticated array of techniques to steal confidential information. The criminal fraternity has recognised that there's significant profit to be made by turning their attentions online, and is constantly evolving its techniques in an effort to outwit businesses and consumers."
'I don't trust online banking now'
One evening in August last year Nadia Guerirem, 25, went to a cashpoint to withdraw some money for a night out when she discovered she was one of a growing number of victims of on-line fraud.
The public relations worker recalled: "I was supposed to be going out for a meal with some friends, but when I went to the hole in the wall it said I was massively over-drawn. I thought it was ridiculous and must be a mistake."
She continued: "It was a Barclays current account and I discovered that someone had made a couple of withdrawals of £75, and then £198, and finally £320. Over two weeks they took a total of about £3,000.
"I rang Barclays and they said that it was on-line fraud that had happened from abroad. Someone from Amsterdam was able to get into my account and transfer money out of it.
"I had to wait about six weeks before Barclays paid me back the money, but I didn't get any compensation. They gave me a new credit card, but no-one could explain to me what had happened.
"I used to do a lot of my shopping on-line. But after what happened it has made me much more cautious and I prefer to use shops. I also don't bank on-line as much as I did. I don't trust it as much - I'd rather go into the bank in person."
By Jason Bennetto, Crime Correspondent
Published: 19 March 2007
© 2007 Independent News and Media Limited
