Web Fraud 2.0: Digital Forgeries


E-mail Facebook VKontakte Google Digg del.icio.us BlinkList NewsVine Reddit YahooMyWeb LiveJournal Blogmarks TwitThis Live News2.ru BobrDobr.ru Memori.ru MoeMesto.ru

[ Replies ] [ Leave reply ] [ Proxy list bulletin board ] [ New Message ]

Posted by Brian Krebs 87.252.242.43 August 23, 2008 at 10:56:07:

In reply:
Web Fraud 2.0: Distributing Your Malware posted by Brian Krebs 87.252.242.43 August 23, 2008 at 10:51:35:

Original text: The allure of cyber crime lies in its promise of quick riches, much like that of the illegal drug trade. But building a network of hacked personal computers that can distribute ..

For businesses, positively identifying someone online - by name, or physical location - is extremely difficult. Many Internet firms seek to verify the identity of customers by requesting scanned copies of their driver's licenses, passports, or utility bills. But what if services aimed at creating counterfeit versions of these documents became widespread? How long would businesses continue to rely on this method of identification?


Unfortunately, there are several such services. Among the most active is a site called scanlab.name. For roughly $35 USD, you provide the site with the type of document or credential you're seeking and the identifying information you want to appear on it and scanlab will produce a very authentic-looking digital image that appears to be a scanned copy of said item.

For example, let's say I'm a scammer and I've just gained access to someone's online account and I want to move their funds to my own account. The victim's institution says, "Hold on there, cowboy. In order to prove you are who you say you are, we'll need to see a scanned copy of your driver's license and a utility bill with your name and address on it." At scanlab, those images would cost me about $60 total (albeit payable only through Webmoney, a virtual currency unknown to most Americans but quite popular in Russia and many parts of Eastern Europe.)


From the chatter about this service on certain online criminal forums, it appears scanlab does a fairly brisk business. Security Fix was able to register an account at the service and take a few screen shots of the options available to scanlab members. Here's a shot of some of the prices, broken down by document type, country and U.S. state.

Why would someone need to use this service? In most cases, companies request scanned documents when they're trying to combat fraudulent activity. PayPal has been known to freeze users' accounts if it suspects them of being used for fraud, often demanding a copy of the user's utility bill to unfreeze them.

Online gambling sites often will try to prevent money laundering (a scammer depositing funds from a stolen credit or debit card and then trying to withdrawal said funds to a cash account a few days later) by requesting scanned documents. In other cases, scanned documents can allow foreigners to create official U.S. corporations http://www2.valisinternational.com/ complete with U.S. based bank accounts protected by the FDIC. All that is required are certain scanned documents.




Replies:



Leave reply:

Name:

E-Mail:

Subject: Re: Web Fraud 2.0: Digital Forgeries

Message:

Optional link, URL:

Link description:

Optional picture URL:



[ Replies ] [ Leave reply ] [ Proxy list bulletin board ] [ New Message ]