If Bonnie and Clyde had lived in our times, would they have still robbed a bank the way they did? Probably not. From a criminology perspective, the Internet has provided new ways of committing crimes without physical risks. These types of crimes include identity theft, fraud, virtual scams, virtual theft, and cyber-piracy. Following the classification of David S. Wall’s ‘Cybercrime’, here’s an overview of virtual robbery crimes.
What are computer-enabled crimes?
- Computer-enabled crimes are traditional criminal activities that are enhanced in scale, reach, or method through the use of computers, computer networks, or other forms of information and communications technology (ICT).
These crimes leverage digital technology to facilitate or amplify existing illegal acts.
What is virtual robbery?
Starting from 2007, online banking became very popular. With more and more people managing their finances online, a new window of criminal opportunity appeared. That was the start of “virtual bank robbery” crimes, consisting of stealing from banking and financial systems either directly or through the user’s own account.
Financial criminals are skilled at defrauding banking systems, stealing real identities and building false identities, opening accounts and then running them to build up credit ratings to obtain personal loans or launder money. And while banking systems are (or should be) secure and hard to crack, criminals will go wherever the easiest target is, whether that weakness is a system or a person.
Electronic input frauds
For years, software like CreditMaster 4.0 and similar were available from vendors online. This type of software made it possible to generate strings of valid credit card numbers to be used in financial transactions and purchases (like mobile phone airtime). Before the introduction of the CVC2 code (the three-digit security code at the back of a card), this type of software opened the door to electronic input fraud.
Another fertile ground for fraudsters is e-commerce. The goal is often to obtain goods by deception, either by supplying false payment details or using false addresses for the goods to be sent to.
Identity theft
- Identity theft happens when someone uses your personal or financial information without your permission. This information can include names and addresses, credit card or social security numbers, bank account numbers, or medical insurance account numbers.
Currently, there are four main ways to steal someone’s identity:
Emails are sent out to thousands of potential victims, relying on their potential inability to distinguish a real sender or request from a fake one with different mechanisms to have them disclose personal or access information. This technique follow the “spray and pray” approach, even if more targeted techniques are sometimes used for selected targets of high importance.
- Pharming
Pharming, also known as DNS cache poisoning (or spoofing), consists of emails containing code that, once the email is opened, redirects the recipient to a fake website. A variation of this technique is the MITM (Man-In-The-Middle) attack, which involves a piece of malware placed between the computer and the browser that verifies the access to the victim’s financial systems.
- Tabnapping
Tabnapping is a computer exploit that kidnaps inactive tabs so that when the user reactivates them the page has been redirected. It exploits the user’s trust and their inattention to detail by impersonating well-known websites and tricking users into submitting their credentials from the fake page and capturing them.
- Spyware involves the illegal use of surveillance software to find passwords or access to financial information. This software can keep logs of user activities, take screenshots of their screens, and capture keyboard strokes. Spyware can be sent via email or downloads.
Identity theft is often the first stage of more complex fraud.
Output frauds
Output frauds happen when stolen identity details (like credentials) are used to access credit cards and banking payment systems to fraudulently obtain goods, services, or money. They are often referred to as identity fraud.
Offenders may open bank accounts, obtain credit or loan benefits, or open contracts in someone else’s name with their stolen credentials. However, the most significant form of virtual bank robbery is the cryptocurrency exchange robbery. These are not necessarily identity-related crimes; rather, they’re stings or scams.
Card-not-present and other payment frauds
With the adoption of contactless payments and online transactions, card-not-present transactions have become the main method of payment in modern e-commerce. Card-not-present fraud is a type of scam where the offender makes a transaction with credit details relating to a card they don’t have.
This type of fraud causes high losses, so much so that it has been described as a threat to national security.
Next, we will continue to explore computer-enabled crimes with virtual stings, deceptions, fraud, and extortion crimes.