In a recent report in the Wired by Yudhijit Bhattacharjee titled “How a town in Romania has become CyberCrime Central”. He wrote “Among law enforcement officials around the world, the city of 120,000 has a nickname: Hackerville. It’s something of a misnomer; the town is indeed full of online crooks, but only a small percentage of them are actual hackers. Most specialize in ecommerce scams and malware attacks on businesses. According to authorities, these schemes have brought tens of millions of dollars into the area over the past decade, fueling the development of new apartment buildings, nightclubs, and shopping centers. Râmnicu Vâlcea is a town whose business is cybercrime, and business is booming”.
In another article written in Fortune about the scam industry in Lagos in 2006 titled “” quotes “ teenagers like Akin working for a "chairman" who buys the computer time and hires them to extract e-mail addresses and credit card information from the thin air of cyberspace. Akin's chairman, who is computer illiterate, gets a 60 percent cut and reserves another 20 percent to pay off law enforcement officials who come around or teachers who complain when the boys cut school. “.
- When confidence is won through a clever story and the victim actively participates by transferring money to procure goods or to a friend in need. These stories prey on greed, emotions, are believable and so well tested that the same stereotyped themes are used over and over again with minor variations. My earlier post titled “Online Email Scams a multibillion dollar business or not? You decide” highlights samples of these stories and methods to detect them.
- When the victim procures items from valid auction sites from another legitimate account holder whose account has earlier been compromised or from a fake account. In either case, once the money is collected the goods are not delivered as promised.
- When the user has fallen victim to an online phishing attacks and provided information about a valid eBay, bank or credit card account which is then used by the scammer to withdraw funds. Phishing attacks, of late have become more sophisticated and hard to detect due to the quality of impersonated sites and the ability to obscure fudged web addresses under images.
- When the victims desktop has been compromised by one or more technical means such as key loggers. Keystrokes which include credentials are captured and emailed to the hacker. In many of these cases users do not understand the complexity of the underlying software, and are unaware that their desktop may have been compromised.