The recession and economic slowdown have been tough on just about everybody, except maybe cybercriminals. As businesses cut back on security budgets and people lose jobs, cybercriminals have been busy preying on those looking for jobs.
Though going after those who are down on their luck is not a new tactic, I found the latest news surrounding the different methods cybercriminals use to target the unemployed rather striking.
Cisco released its 2010 Annual Security Report on Jan. 20 and one of the findings involves new information on money mules and the overall exploitation of trust. The report states:
When trust is exploited, more damage can be done with fewer intrusions – the criminal essentially has been given permission to wreak havoc on compromised systems and software.
One way that will be achieved is through
improving the success and expanding the number of cash-out services.
Or as Matthew Schwartz explained in InformationWeek:
The barrier is simple: “cash-out” operations are labor-intensive and risky, and may result in arrest. To lower the risk to themselves, cybercriminals often farm out this part to money mules — teams of criminals who use fake ATM or credit cards loaded with stolen account credentials. Money mules typically withdraw money from a different country than the one in which the target account is located, and outside the other country’s banking hours. Criminals’ goal is to maximize their haul before financial service organization’s fraud departments get suspicious, block withdrawals, or alert law enforcement.
The cybercriminals take advantage of those who aren’t working or who would like to work at home. People are given the opportunity to receive shipments, repackage and then resend them, helping the cybercriminals with money laundering and theft.
The Cisco findings fit in with the second tidbit I found today. The Internet Crime Complaint Center (IC3) Annual Report details how Internet scams exploit the unemployed or underemployed. It is done through work-at-home scams or through survey scams. In both cases, the report states that cybercriminals look for personal information to steal identities and money from bank accounts. I do need to point out that the latest survey from IC3 is from 2009; however, based on Cisco’s findings, I suspect cybercrime through exploiting the unemployed will remain a serious issue.