Fraud in Social Networks: FBI Countercrime Initiatives is my notes and thoughts on Rachelle Barnette’s fascinating talk on the FBI’s anti-fraud initiatives.
Rachelle Barnette, Analyst, FBI Cyber Division
The FBI’s Internet Crime Complaint Center (IC3) receives and coordinates investigations of Internet crime, and it was fascinating to hear about how they work at the Social Networking Conference. Rachelle reported how criminals (“perpetrators”) use social networks, she outlined the major scams, and she provided numerous resources that I have linked below. Here I’ll share my notes and related thoughts.
[updated] The IC3 is part of the FBI’s Cyber Division and a partnership between the FBI and the National White Collar Crime Center (NWC3), which handles larger, more involved cases. Although the IC3 does not investigate cases of phishing, malware, offshore scams and many others, it refers them to all levels of law enforcement. One of the office’s most important functions is triage, coordination and supporting law enforcement. If they see a meme (a major crime wave) emerging, they will assign priorities based on its prevalence. They also connect the dots and share information among the legions of federal, state, local and international law enforcement agencies.
- If you experience an Internet crime, you can report it at the the IC3 site.
- The IC3 reports new crime trends here.
- The IC3 warns the public via news releases here. Check out the Haiti relief fraud; fraudsters mobilize quickly to take advantage of calamities. Katrina, 9/11, tsunamis, California fires, it is very predictable.
- The IC3 receives 27,000 complaints per month on average, and they use a proprietary system, Automatch, to look for trends and help prioritize investigations.
- They receive complaints from individuals and businesses, and complainants are often educated people; Rachelle cited three cases in which people were swindled out of $300,000 and $400,000 each, and one of the victims was a professor.
- Perpetrators use several tactics: Phishing, Vishing (voice mail phishing) and SMiShing (SMS phishing).
- Here is IC3’s glossary of various crimes.
- The FBI works with foreign governments on prevention and prosecution. Nigeria is classic. Show showed pictures of the “walking Walmart” in Nigeria.
- Also beware the animal activist ploy in which terribly graphic pictures are posted to compel victims to send money for the poor animals. Indeed.
- One crime she referenced was the “friend who gets mugged in London” fraud, which I actually experienced and blogged here. Sometimes, criminals withdraw money from ATMs 30 minutes after receiving the card numbers from successful phishing attacks.
- Notably, prepetrators recruit people in social networks; they usually post fraudulent links on your friends’ Walls.
- “Mule” is the term for the duped person; sometimes mules are innocent, but often they know something is wrong, but they play along for personal gain.
- Another resource: LooksTooGoodToBeTrue.com.
- Top spammers she cited: Alan Ralsky, Robert Soloway and Christopher William Rizler.
- The IC3 partners with retailers to prevent crimes; they broker cooperation among retail groups. They also work with Facebook, MySpace and other social networks and dating sites to prevent crime. They also partner with the IRS and myriad other agencies.
- Thanks to Rachelle’s overview, it’s more obvious than ever that the same crimes are committed (think “calamity,” not “Katrina”), but perpetrators switch interfaces. For example, my experience of the London scam happened via Facebook chat. Abstract up from the communications process or the subject and you’ll be more aware of the patterns. BTW, I didn’t get defrauded because my BS meter went off pretty quickly.
- Beware of people who try to befriend you on Facebook or MySpace because they will try to exploit your friends; many of my Facebook friends have been hacked; a clear sign is when conversative business people start talking with a lot of exclamation points!!! about some weight loss or vacation program. I usually drop them an email to warn them they’ve been hacked, and I post the warning on their Wall, so their friends see it (I’m on Facebook more often than many of my friends ,~)
- Scammers always exploit human frailties, so everyone has to keep educated to protect their business and personal identity; it’s pretty obvious to me that there will be no “solving” Internet crime. Never give any personal information to anyone you don’t know who requests it; investigate outside the contact to verify that it’s on the level (i.e. call/email your bank).
- Every individual can contribute to making scams less rewarding. Go out of your way to help others or tip them off; make scammers work harder.