Fraud Websites

From Blindside

Jump to: navigation, search

Contents

[edit] What is it

Government agencies could do more to combat the problem of “fraud websites” targeting English speaking internet users, including UK citizens. These sites are set up to give credibility to many types of internet scams - they pretend to be banks, barristers, couriers, escrow companies, secure storage facilities, etc (different identities are needed for different types of scam). Often they will clone and lightly edit legitimate websites, such as the Matrix Chambers site belonging to Cherie Booth and her colleagues.

Although fraud sites are easy to recognise, the owners cannot usually be prosecuted under current UK legislation, unless they are “passing off” [example: fake “Barclays Bank”. The proposed anti-fraud legislation will fare little better, given the difficulty of tracing the offenders (most operate from overseas, routinely hiding behind false identities).

Given the problems faced by traditional law enforcement methods, volunteer groups such as AA419.org have taken the lead in the fight against the fraudsters. Every year, thousands of fraud sites are closed by AA419 (including the Matrix Chambers clone mentioned above).

AA419 succeeds by highlighting blatant falsehoods (e.g., “banks” claiming to operate in the UK but not registered with the FSA), then persuading webhosts to terminate on the grounds of TOS (Terms Of Service) violation. A further incentive for webhosts to act is the likelihood that fraud victim support groups such as scampatrol.org will assist victims to sue webhosts that fail to take effective action after receiving an “internet abuse” report.

However, although AA419 closes thousands of fraud websites each year, there are some areas where the support of UK government agencies may be needed, such as:

1) Fraudsters are increasingly turning to foreign webhosts with poor records for closing fraud sites. Representations by the UK government, perhaps in conjunction with US and European counterparts, could encourage other governments to require their webhosts to take effective action when internet abuse reports are received. Example: fake "Bohai Trust Bank" in netblock owned by China Telecom [source AA419].

2) Some registrars appear to have no effective process for closing fraudulently registered domains. Registrars have no responsibility for website content, but should be encouraged by government to take effective action against fraud sites when it can be shown they were registered using false information. Example: fake "Bank Of China" in the .uk domain controlled by Nominet UK source: AA419.

[edit] Impact & Maturity assessment

[See definition of levels]

Impact: 1 We have downgraded the Impact level of this from 2 to 1, our lowest level. The reasons are as follows: First, regulatory bodies such as ICANN and the UK's Office of Fair Trading exist and have powers to combat imposter websites. Second, companies have a powerful interest in defeating imposters and can be trusted to act against them once they are aware of their existece. As yet, there are no reports of imposter goverment sites. Maturity: 2. We are leaving our assessment of Maturity at 2, pending review of literature and a systematic search for imposter sites. The related threat of fraudulent sites advertised by spam indicates that such sites are prevalent and use state of the art mechanisms to look legitimate and carry out fraudulent transactions.

[edit] Information Assurance issues

Answer: what seem to be the likely information assurance issues of the emerging technology under discussion

[edit] Timescale

Is the impact of this emerging technology felt - now (less than 18 months) - in 2-5 years? - in 5-25 years - longer-term than that even

[edit] Examples

US Securities and Exchange Commission

Societies’ websites fraud alert!

£30m fraud hits UK Tax Credit website

[edit] Comments (attributed)

"The Internet's like a big city, with good neighborhoods and bad neighborhoods, so you've got to be careful," says Joseph Borg, NASAA President and Director of the Alabama Securities Commission.

[edit] Organisations

Computer Crime Research Center

Comodo

BB&T

US Department of State

[edit] Documents & research papers

Very brief abstracts or links to informative documents, presentations or academic research papers about this emerging technology

[edit] Experts (academic, practitioner)

Sir Timothy John Berners-Lee / Ross Anderson

Retrieved from "http://www.blindside.org.uk/wiki/Fraud_Websites"
Personal tools

Blindside wiki is the place to collect issues and opinions on future technologies that may have implications for information assurance. Opinions are fine, but need to be clearly shown as such, and referenced to the person or people who holds those views.