Posted by Brian Krebs 184.108.40.206 August 23, 2008 at 10:56:07:
Web Fraud 2.0: Distributing Your Malware posted by Brian Krebs 220.127.116.11 August 23, 2008 at 10:51:35:
Original text: The allure of cyber crime lies in its promise of quick riches, much like that of the illegal drug trade. But building a network of hacked personal computers that can distribute ..
For businesses, positively identifying someone online - by name, or physical location - is extremely difficult. Many Internet firms seek to verify the identity of customers by requesting scanned copies of their driver's licenses, passports, or utility bills. But what if services aimed at creating counterfeit versions of these documents became widespread? How long would businesses continue to rely on this method of identification?
For example, let's say I'm a scammer and I've just gained access to someone's online account and I want to move their funds to my own account. The victim's institution says, "Hold on there, cowboy. In order to prove you are who you say you are, we'll need to see a scanned copy of your driver's license and a utility bill with your name and address on it." At scanlab, those images would cost me about $60 total (albeit payable only through Webmoney, a virtual currency unknown to most Americans but quite popular in Russia and many parts of Eastern Europe.)
Why would someone need to use this service? In most cases, companies request scanned documents when they're trying to combat fraudulent activity. PayPal has been known to freeze users' accounts if it suspects them of being used for fraud, often demanding a copy of the user's utility bill to unfreeze them.
Online gambling sites often will try to prevent money laundering (a scammer depositing funds from a stolen credit or debit card and then trying to withdrawal said funds to a cash account a few days later) by requesting scanned documents. In other cases, scanned documents can allow foreigners to create official U.S. corporations http://www2.valisinternational.com/ complete with U.S. based bank accounts protected by the FDIC. All that is required are certain scanned documents.