Even though we hear about hackers who steal information and profit from it, many of us still think to ourselves, “Why would any hacker want to steal information from me? I don’t have anything that interesting to steal. I’m sure I’m safe.”
Unfortunately, usually the first indication we get that we are a victim of identity theft is when we get our bank statement.
Malware has evolved, specifically the kind designed to steal personal bank account information. According to Panda Security, a company that specializes in cybercrime, five years ago there were 92,000 kinds of malware that had been identified.
That number has since risen to 14 million in 2008, and 60 million in 2010. Each day, sophisticated malware such as Trojan horses (malware that appears to perform a desirable function for the user but instead facilitates unauthorized access of the user’s computer system) is released that evades the security measures created by banks and online marketplaces.
While several organizations have tried to counter the efforts of these cybercriminals, it’s not clear this is a war we can win.
But how does this black market work? Who are the chief operators? What happens after a Trojan horse or other type of malware is created, and how is money obtained and laundered?
Step 1: Creating Malware and Finding Victims
First, hackers launch indiscriminate attacks by phishing, creating bots and spam, and creating fake web pages to be indexed on search engines. These hackers contact potential victims via email, fake websites, or social media (Facebook, YouTube, Twitter, etc.).
The free and international nature of the Internet makes this very easy. New malware can be created and distributed in a matter of minutes. While the most common target is Window users, Apple platforms are becoming more attractive to hackers over the last few years due to the launch of iPads and iPhones.
Once victims have fallen for the trap and their bank or credit care information has been stolen, this information is stored on a server which these hackers can access and use.
Step 2: Selling Data and Laundering Money
Much of a user’s stolen data ends up on the black market or is distributed to others who sell it to end users. This is less risky than stealing data directly. Often, the crime is committed in a different country from the one where the money ends up. This is because it is much more difficult to track down the criminals if there are many intermediaries.
Once the stolen information is on the black market, “resellers” sell it. Offers are posted on underground sites, and people who want to use this information can clone cards to withdraw money from ATMs, steal money directly through money transfers, or simply use them to purchase goods.
Criminals who want to steal money through money transfers need “mules” in order to launder the money. To recruit potential mules, these criminals post false job offers promising a high commission just for receiving wired money in a bank account and then forwarding it via a service such as Western Union. These mules are often themselves victims and don’t know that they are being used to launder money and simply see an easy way to make money. For the criminals, using these mules covers their tracks and leaves the mules as scapegoats in the event of any police investigation.
Mules are seldom active for very long. When victims report the theft from their account, it is very easy to track down the account where the money has been forwarded, but at that point, the trail is cold.
How to Minimize Your Risk
The best way to protect yourself is to simply use common sense. Below are some things you can do to help protect yourself:
- Keep all of your personal information in a secure place. Never save passwords on your computer.
- If you detect any suspicious activity, immediately inform your bank or credit card issuer.
- Destroy any letters or invoices that contain your name, address, Social Security numbers, account numbers, etc.
- If you have any doubt about the validity of email messages received from your bank or online stores, contact the customer services department from the bank or online store directly.
- Never give out any personal information over the telephone or Internet if you do not know the company or website.
- Install good antivirus software and a good firewall on your computer; install the latest upgrades as well.
- Never include your Social Security number or telephone number on checks.
What to Do If You Are the Victim of Identity Theft
- Most banks and credit card issuers will bear the cost if you have been the victim of fraud if you detect it and report it as quickly as possible.
- Contact the bank or financial institution with which you have the account or card that has been targeted for fraud.
- Cancel all cards and stop all payments.
- Change your bank and card passwords.
- Report the crime to the police.