Forensics Journal - Stevenson University 2013 | Page 24

FORENSICS JOURNAL E-scams: Catching Fraudsters in a Technical World Katherine Massey Technology has allowed fraudsters to communicate with each other worldwide. Whether it is the single email sent to a personal email address requesting help to transport goods, or even a spear phishing fraudster claiming to be the vice president of a widely known company, e-scams are becoming more creative. Although e-scam mitigation is not an easy task, the right education and tools can assist to reduce the risk of widespread damage. victim to access his account and update information due to an unexpected system loss. The fraudster may go on to entrap the victim by informing him that his account will no longer be functional if he does not take immediate action to rectify the problem. (See Figure 1.) By the time officials become aware of what has transpired, the fraudsters have usually removed and relocated their fraud scheme somewhere else within the Internet. The introduction of computers and the Internet has not changed the basic concept of a scam, it has just made it easier for the perpetrators to carry out their fraudulent activities (Easttom and Taylor, 20). The Internet Crime Complaint Center (IC3) has been established to help Internet users report Internet crimes, and offer tips to help users reduce the chance of being caught in an e-scam. In partnership with the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), the IC3’s primary objective is to, “leverage both intelligence and subject matter expert resources” to effectively combat cyber crime (Internet Crime Compliant Center). Other organizations such as Canada’s Anti Fraud Centre have been established to help combat cyber criminal activity and reduce the risk of further exploitation. FIGURE 1: eBay Phishing Scam With the willingness of fraudsters to carry out their crimes on the Internet, it is important for Internet Service Providers (ISPs) and E-mail Service Providers (ESPs) alike to have ways to report the suspected fraudulent activity. Microsoft’s Internet Explorer browser has a “Safety” icon which may be used to report a suspicious site, as well as, a specialized email address to report potentially fraudulent email communications. Many large-scale ISPs such as Yahoo and AOL have established Feedback Loops (FBL) to segment out suspected spam or scam-ridden communications that have plagued email systems (Getting Into the Feedback Loop). FBL connects as a bridge from a recipient’s inbox, outward to the source where the email originated. If the recipient elects to report the email communication as spam, then the complaint is documented. A feedback loop may also relay the complaint to the sender, provided it is a trusted email sender such as a large-scale ESP. As spam reports accumulate, the ISPs protect their customers by placing the offending sender’s information on a blacklist (Getting Into the Feedback Loop). If a sender’s information is blacklisted, it will be blocked and unable to deliver emails until the sender’s credentials have been removed from the blacklist or filter. However, different types of scams may require different types of tools based on the attributes that the scams exhibit. Gongol, Brian. “How to Recognize Phishing.” Online Image. 11 Mar. 2005. GONGOL.com. Web. 15 Apr. 2012. http://www. gongol.com/howto/recognizephishing/ When analyzing a phishing scam, reviewing the grammatical composition of the email may reveal numerous spelling errors (Gongol). This is attributed to the fact that fraudsters may not be native speakers of the language they are using to write the email. The links within the emails themselves also can indicate a problem. If a link in an email appears to redirect to a different site, then it could mean that the communication is fraudulent. By placing a mouse over the URL listed in an email, the user can review the actual link information. In Phishing is the impersonation of a seemingly legitimate organization. It is an Internet fraud technique that leads to the theft of personal login credentials, bank account information, credit cards, and countless other bits of confidential information (What is Phishing?). A phishing communication such as an email usually assumes the identity of a real financial institution, auction site, or other familiar Internet organization. The scam is predicated on an urgent requirement for a 23