tag:theconversation.com,2011:/id/topics/online-fraud-18765/articlesOnline fraud – The Conversation2024-02-09T00:56:45Ztag:theconversation.com,2011:article/2230862024-02-09T00:56:45Z2024-02-09T00:56:45ZDesperate for Taylor Swift tickets? Here are cybersecurity tips to stay safe from scams<p>The global superstar Taylor Swift is bringing her Eras tour to Australia later this month, with sold-out shows in Sydney and Melbourne. With Swifties numbering in the thousands, fans who didn’t initially secure tickets are understandably desperate to find some. </p>
<p>Enter the many fraudsters seizing this opportunity. Sadly, the Australian Competition and Consumer Commission (ACCC) <a href="https://www.accc.gov.au/media-release/swifties-beware-scammers-are-in-their-cruel-summer-era">has reported over A$135,000</a> already lost to ticket fraud for the Swift concerts. The actual losses are likely to be much higher. </p>
<p>Hackers are also targeting the accounts of ticket holders in order to steal and resell legitimate tickets.</p>
<p>So how can you protect yourself if you are looking to buy or sell Eras tickets, or just want to keep your Ticketek account safe?</p>
<h2>The problem is ticket fraud</h2>
<p>In recent years, there has been a shift to electronic ticketing for events. This uses a unique barcode (or QR code) which can be dynamic. In the case of Ticketek, electronic tickets are linked to the purchaser’s phone number to reduce fraud.</p>
<p>Electronic ticketing aims to overcome a range of problems, such as counterfeit tickets, duplicate tickets and ticket scalping. Unsurprisingly, scammers have updated their techniques, too. </p>
<p>When purchasing tickets, it can be difficult to know if it is an authentic website, a genuine ticket and a legitimate transaction. </p>
<p>For example, scammers are selling <a href="https://www.scamwatch.gov.au/news-alerts/scam-alert-taylor-swift-tickets">non-existent tickets</a> across a range of social media platforms. They are also creating fake, legitimate-looking websites that lure in unsuspecting victims to hand over their personal details and money in return for heartache. </p>
<p>Many fraudsters are also tricking people with ticket sales on Facebook. Excited fans send the requested payment (usually a cash transfer), but will not receive their promised tickets and are not likely to recover the money.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="An example Facebook post advertising a " src="https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=486&fit=crop&dpr=1 600w, https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=486&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=486&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=610&fit=crop&dpr=1 754w, https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=610&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/574515/original/file-20240208-26-e030ed.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=610&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Facebook has many groups where Taylor Swift fans are on the lookout for tickets, making them vulnerable to scammers.</span>
<span class="attribution"><span class="source">Facebook</span></span>
</figcaption>
</figure>
<h2>Hacked accounts</h2>
<p>The prevalence of hacking drives a lot of the ticket fraud. This is particularly evident through the only official reseller of Eras tickets (and many other events) – Ticketek Marketplace. </p>
<p>Some people have had their Ticketek accounts <a href="https://au.news.yahoo.com/taylor-swift-fans-see-tickets-disappear-ticketek-works-to-curb-scammers-203020815.html">hacked</a>, and offenders have been able to make transactions without the owner’s consent. By the time they realise, it is too late – the owner may have lost their tickets with nothing in return. </p>
<p>There are also many <a href="https://www.9news.com.au/national/taylor-swift-ticket-scammers-hunt-victims-on-facebook-for-australia-eras-tour/d1776810-154e-4f52-aa40-6375eb4285d8">reports</a> of victims whose known contacts (family or friends) message them on social media offering the chance to buy tickets. This approach reduces red flags or suspicions, as it uses existing trust and relationships to get a payment.</p>
<p>However, victims soon find their family member or friend has had their account hacked. Again, there is no ticket and no chance of recovering funds. </p>
<p>Hacking genuine accounts to perpetrate fraud is common. Recently, <a href="https://www.abc.net.au/news/2024-01-31/booking-com-scams-surge-phishing-australians-thousands-dollars/103390292">hackers gained unauthorised access</a> to hotel provider accounts on the popular accommodation website Booking.com. They then communicated with guests to gain direct payments and financial details. </p>
<h2>If I’d only played it safe</h2>
<p>There are no foolproof guarantees when trying to buy resold tickets. But you can look out for warning signs and take steps to reduce the risk of fraud or being hacked.</p>
<p><strong>Only buy tickets through the authorised seller website.</strong> In the case of Swift, that’s Ticketek Marketplace. While customers are reporting <a href="https://www.smh.com.au/culture/music/look-what-you-made-me-do-desperate-swifties-abandon-ticketek-in-risky-hunt-for-tickets-20240118-p5ey6b.html">long wait times</a> and less than satisfactory user experiences right now, it is still the most likely place to have genuine tickets. </p>
<hr>
<hr>
<p><strong>Do not, under any circumstances, buy tickets on social media such as Facebook.</strong> This includes from known contacts. There is no guarantee that the ticket exists or the person is genuine. There is also no recourse for lost payment. </p>
<p><strong>Never provide or confirm your payment details outside of Ticketek.</strong> Do not transfer any cash via a bank transfer to a seller. There are no seller fees on Ticketek Marketplace, and no reason to pay outside of the regulated system. </p>
<p><strong>Ensure you have strong passwords on all your accounts.</strong> Do not use the same password on several accounts. This is vitally important to protect yourself against many types of harm, not just ticket fraud. </p>
<p><strong>Enable two-factor authentication on any accounts you can.</strong> This provides an additional layer of protection should your password be compromised.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/what-is-multi-factor-authentication-and-how-should-i-be-using-it-191591">What is multi-factor authentication, and how should I be using it?</a>
</strong>
</em>
</p>
<hr>
<p><strong>Use a credit card where possible</strong> rather than debit card or cash transfers. You may be able to dispute a transaction or charge if you have used your credit card and may be able to recover any lost funds.</p>
<p><strong>Take screenshots of any communications and transactions</strong> when purchasing tickets online. While this will not prevent fraud, it does make it easier to report an incident or figure out what happened. </p>
<p><strong>Always confirm in person or over the phone with any known contacts</strong> who have messaged an offer or requested funds. With the prevalence of hacking into accounts, you may not be communicating with the person you think you are. </p>
<h2>No one teaches you what to do</h2>
<p>If you think you have been a victim of ticket fraud, contact your bank or financial institution immediately. The quicker you can do this, the better. </p>
<p>You should also contact the platform through which you made the transaction (such as Ticketek Marketplace). </p>
<p>You can report any financial losses to <a href="https://www.cyber.gov.au/report-and-recover/report">ReportCyber</a>, which is an online police reporting portal for cyber incidents, as well as <a href="https://www.scamwatch.gov.au/report-a-scam">Scamwatch</a>, to assist with education and awareness activities.</p>
<p>If you need support or assistance for any compromise of your identity, contact <a href="https://www.idcare.org/">iDcare</a>.</p><img src="https://counter.theconversation.com/content/223086/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Cassandra Cross has previously received funding from the Australian Institute of Criminology and the Cybersecurity Cooperative Research Centre.</span></em></p>Australian fans who didn’t manage to snag Eras tickets are on the hunt – and scammers are capitalising on this. Here’s everything you need to know to protect yourself.Cassandra Cross, Associate Dean (Learning & Teaching) Faculty of Creative Industries, Education and Social Justice, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2182942023-12-08T16:14:45Z2023-12-08T16:14:45ZHow to protect yourself from cyber-scammers over the festive period<figure><img src="https://images.theconversation.com/files/562490/original/file-20231129-26-z85wnz.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C6134%2C3228&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">As online shopping increases over the festive period, so does the risk of cyber-scams. </span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/merry-xmas-eve-online-shopping-store-2089436578">Chay Tee/Shutterstock</a></span></figcaption></figure><p>The festive season is a time for joy, family and festive cheer. However, it’s also a prime target for cybercriminals. As online shopping ramps up, so does the risk of falling prey to cyber-attacks. That’s why it’s crucial to be extra vigilant about your <a href="https://blog.tctg.co.uk/12-cyber-security-tips-of-christmas">cybersecurity</a> during this time. </p>
<p>Here are some essential tips to safeguard yourself and your data during the festive period:</p>
<h2>Phishing</h2>
<p>Phishing is when criminals use scam emails, text messages or phone calls to trick their victims. Their <a href="https://www.ncsc.gov.uk/collection/phishing-scams">goal</a> is often to make you visit a certain website, which may download a virus on to your computer, or steal bank details or other personal data. </p>
<p>This type of scam tends to <a href="https://www.egress.com/blog/phishing/holiday-phishing-scam-guide">increase</a> at this time due to the amount of people having bought or received new gadgets and technology. </p>
<p>Look out for there being no direct reference to your name in any communications, with wording such as “Dear Sir/Madam” or other terms such as “valued customer” being used instead. Grammar and spelling mistakes are also often present. </p>
<p>Be wary of any suspicious links or attachments within emails too, and don’t click them. It’s better to contact the company directly to check if the message is genuine. You can also <a href="https://www.ncsc.gov.uk/collection/phishing-scams">report</a> suspicious messages and phishing scams to the government’s National Cyber Security Centre. </p>
<h2>Shopping safely online</h2>
<p>The convenience of online shopping is undeniable, especially during the festive season. However, it’s crucial to prioritise your security when buying online. </p>
<p>Before entering your personal and financial information on any website, ensure it’s legitimate and secure. Look for the “https” in the address bar and a <a href="https://theconversation.com/the-vast-majority-of-us-have-no-idea-what-the-padlock-icon-on-our-internet-browser-is-and-its-putting-us-at-risk-216581">padlock</a> icon, which indicates a secure and encrypted connection. </p>
<p>When creating passwords for online shopping accounts, use strong, unique combinations of letters, numbers and symbols. Avoid using the same password for multiple accounts, as a breach on one site could compromise all your others.</p>
<p>As with shopping in the real world, be cautious when encountering offers that are significantly below usual prices or which make extravagant promises. Always conduct thorough research on the seller and product before making a purchase. If a deal seems too good to be true, it probably is. </p>
<p>And if you are out shopping in towns or city centres, there will often be a large number of public wifi options available to you. However, criminals can intercept the data that is transferred across such open and unsecured wifi. So, avoid using public wifi where possible, especially when conducting any financial transactions. </p>
<figure class="align-center ">
<img alt="A person sits at a laptop with a coffee surrounded by festive packages." src="https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/562672/original/file-20231130-21-u6r9en.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Stay vigilant, exercise caution and don’t let your excitement for gifts and deliveries compromise your cybersecurity.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/christmas-online-shopping-top-view-female-520279837">Prostock-studio/Shutterstock</a></span>
</figcaption>
</figure>
<h2>Social media</h2>
<p>While social media platforms provide people with a means to keep in touch with family and friends over the festive period, they are often a goldmine for <a href="https://www.which.co.uk/consumer-rights/advice/how-to-spot-a-social-media-scam-aMtwF3u1XKGt">scams</a> and malware (software designed to disrupt, damage or gain unauthorised access to a computer). In the spirit of the festive season, people often share an abundance of personal information on social media, often without considering the potential consequences. </p>
<p>This trove of data can make people vulnerable to cyber-attacks. Scammers can exploit this information to gain unauthorised access to social media accounts, steal personal information, or even commit identity theft. To protect yourself, be mindful of what you share. </p>
<p>Be wary when interacting with posts and direct messages, especially if they contain suspicious links or attachments. Before clicking on anything, hover over the link to verify its destination. If it shows a website you don’t recognise or seems unrelated to the message, do not click on it. If you receive a message from someone you know but the content seems strange or out of character, contact them directly through a trusted channel to verify its authenticity. </p>
<p>Likewise, be wary of messages containing urgent requests for money or personal information from businesses. Genuine organisations will never solicit sensitive details through social media.</p>
<p>There are many buy and sell platforms available on social media. But while such platforms can be a great place to find a unique gift, it is also important to remember that not all sellers may be legitimate. So, it’s vital that you don’t share your bank details. If the seller sends a link to purchase the item, do not use it. When meeting to collect an item, it’s generally safer to use cash rather than transferring funds electronically.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/aO858HyFbKI?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Advice for staying safe online.</span></figcaption>
</figure>
<h2>Package delivery scams</h2>
<p>As well as being a time for giving and receiving gifts, the festive season is also ripe for cybercriminals to exploit the excitement surrounding <a href="https://www.citizensadvice.org.uk/about-us/about-us1/media/press-releases/scams-linked-to-parcel-deliveries-come-top-in-2023/">package deliveries</a>. </p>
<p>Scammers often pose as legitimate delivery companies, sending emails or text messages claiming that a delivery attempt was unsuccessful or requiring additional fees for processing, or even customs clearance. Typically, these messages contain links or phone numbers that, when clicked or called, lead to fake websites or automated phone systems designed to collect personal information or payments.</p>
<p>To protect yourself, always verify the legitimacy of any delivery notifications you receive. Check the sender’s email address or phone number against the official contact information for the delivery company. If the information doesn’t match or seems suspicious, don’t click any links or provide personal details. </p>
<p>Legitimate delivery companies will never ask for upfront payment or sensitive information through unsolicited messages or calls. </p>
<p>Remember, cybercriminals are skilled at manipulating the festive spirit to their advantage. Stay vigilant, exercise caution, and don’t let your excitement for gifts and deliveries compromise your cybersecurity.</p><img src="https://counter.theconversation.com/content/218294/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Rachael Medhurst does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Cyber-scams tend to ramp up at this time of year, with criminals and scammers eager to exploit people’s generosity and excitement.Rachael Medhurst, Course Leader and Senior Lecturer in Cyber Security NCSA, University of South WalesLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2106632023-08-10T12:25:02Z2023-08-10T12:25:02ZAI threatens to add to the growing wave of fraud but is also helping tackle it<figure><img src="https://images.theconversation.com/files/541723/original/file-20230808-19-q8t3ng.jpg?ixlib=rb-1.1.0&rect=0%2C24%2C5452%2C3812&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">The government, banks and other financial organisations are now dealing with fraud by using increasingly sophisticated detection methods.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/internet-fraud-darknet-data-thiefs-cybercrime-1716862513">Maksim Shmeljov/Shutterstock</a></span></figcaption></figure><p>There were <a href="https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/articles/natureoffraudandcomputermisuseinenglandandwales/yearendingmarch2022">4.5 million</a> reported incidents of fraud in the UK in 2021/22, up 25% on the year before. It is a growing problem which costs billions of pounds every year. </p>
<p>The COVID pandemic and the cost of living crisis have created <a href="https://www.bbc.co.uk/news/business-55769991">ideal conditions</a> for fraudsters to exploit the vulnerability and desperation of many households and businesses. And with the use of AI increasing in general, we will likely see a further increase in <a href="https://www2.deloitte.com/uk/en/blog/auditandassurance/2023/generative-ai-and-fraud-what-are-the-risks-that-firms-face.html">new types of fraud</a> and is probably contributing to the increased frequency of fraud we are seeing today. </p>
<p>Already, the ability of AI to absorb personal data, such as emails, photographs, videos and <a href="https://www.cbsnews.com/news/scammers-ai-mimic-voices-loved-ones-in-distress/#:%7E:text=Artificial%20intelligence%20is%20making%20phone,mounting%20losses%20due%20to%20fraud.">voice recordings</a> to imitate people is proving to be a new and unprecedented challenge. </p>
<p>But there is also an upside. The government, banks and other financial organisations are now fighting back with increasingly sophisticated fraud-detection methods. AI and machine learning models could be a <a href="https://www.weforum.org/agenda/2023/04/as-generative-ai-gains-pace-industry-leaders-explain-how-to-make-it-a-force-for-good/">part of the solution</a> to deal with the increasing complexity, sophistication and prevalence of such scams.</p>
<p>The rising gap between prices and people’s incomes appears to have made people more <a href="https://www.citizensadvice.org.uk/about-us/about-us1/media/press-releases/over-40-million-targeted-by-scammers-as-the-cost-of-living-crisis-bites/">receptive</a> to scams which offer grants, rebates and support payments. </p>
<p>Fraudsters often target individuals by posing as genuine organisations. Examples include pretending to be your bank or posing as the government telling you that you are eligible for a lucrative scheme, in order to steal your identity details and then money. </p>
<p>This follows a dramatic rise in recent years of fraudulent applications to government and regional support packages, mainly implemented in response to the pandemic. Here fraudsters often pose as fake businesses to secure multiple loans or grants. </p>
<p>One of the <a href="https://www.manchestereveningnews.co.uk/news/greater-manchester-news/man-who-pretended-greggs-bakery-27251086">most outlandish examples</a> of this was a Luton man who posed as a Greggs bakery to swindle three local authorities in England out of almost £200,000 worth of COVID small business grants.</p>
<p>The hurried roll out of such schemes for faster economic impact made it difficult for officials to effectively review applications. The UK government’s Department for Business and Trade now <a href="https://www.bbc.co.uk/news/business-59504943">estimates</a> that 11% of such loans, roughly £5 billion, were fraudulent. By March 2022 only £762 million <a href="https://www.gov.uk/government/publications/hmrc-issue-briefing-tackling-error-and-fraud-in-the-covid-19-support-schemes/tackling-error-and-fraud-in-the-covid-19-support-schemes">had been recovered</a>.</p>
<h2>Fraud detection</h2>
<p>Over the past few years, complex mathematical models combining traditional statistical techniques and machine learning analysis have shown promise in the <a href="https://onlinelibrary.wiley.com/doi/abs/10.1111/acfi.12742">early detection</a> of financial statement fraud. This is when companies typically misrepresent or deceive investors into believing they are more profitable than they really are.</p>
<p>One of the breakthroughs has been the incorporation of both financial and non-financial information into data analysis systems. For example, the risk of fraud decreases if there is <a href="https://onlinelibrary.wiley.com/doi/abs/10.1111/acfi.12742">better corporate governance</a> and a lower proportion of directors who are also executives. </p>
<p>In a small business context, we can think about this as promoting transparency and making sure that important positions do not have sole authority to make significant decisions. </p>
<p>Such data analytics models can be used to rank applications in terms of potential fraud risk, so that the riskiest applications get additional scrutiny by government officials. We are now starting to see implementations of such systems to tackle <a href="https://www.theguardian.com/society/2023/jul/11/use-of-artificial-intelligence-widened-to-assess-universal-credit-applications-and-tackle">universal credit</a> fraud, for example.</p>
<p><a href="https://www.ft.com/content/0dca8946-05c8-11e8-9e12-af73e8db3c71">Banks, financial services providers</a> and <a href="https://www.ft.com/content/d3bd46cb-75d4-40ff-a0cd-6d7f33d58d7f">insurers</a> are developing machine-learning models to detect financial fraud too. A Bank of England survey published in October 2022 <a href="https://www.bankofengland.co.uk/report/2022/machine-learning-in-uk-financial-services">revealed</a> that 72% of financial services firms are already testing and implementing them. </p>
<p>We are also seeing new collaborations in the industry, with the likes of Deutsche Bank partnering with chip maker Nvidia to <a href="https://www.db.com/news/detail/20221207-deutsche-bank-partners-with-nvidia-to-embed-ai-into-financial-services">embed AI</a> into their fraud detection systems.</p>
<h2>Risks of AI systems</h2>
<p>However, the advent of new automated AI systems bring with it worries of potential unintended biases within them. In a <a href="https://www.bbc.co.uk/news/uk-politics-66133665">recent trial</a> of a new AI fraud detection system by the Department of Work and Pensions, campaign groups were worried about potential biases. </p>
<p>A common issue that needs to be overcome with such systems is that they work for the majority of people, but are often biased against minority groups. This means if left unadjusted they are disproportionately more likely to flag applications from ethnic minorities as risky.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/scams-deepfake-porn-and-romance-bots-advanced-ai-is-exciting-but-incredibly-dangerous-in-criminals-hands-199004">Scams, deepfake porn and romance bots: advanced AI is exciting, but incredibly dangerous in criminals' hands</a>
</strong>
</em>
</p>
<hr>
<p>But AI systems should not be used as a fully automated process to detect and accuse fraud but rather <a href="https://www.ft.com/content/2df33fc5-981a-4952-8dc6-d4eee7343acc">as a tool</a> to assist assessors. They can help auditors and civil servants, for example, to identify cases where greater scrutiny is required and to reduce processing time.</p><img src="https://counter.theconversation.com/content/210663/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Adrian Gepp has received funding from the Accounting and Finance Association of Australia and New Zealand. He is also affiliated with the Association of Certified Fraud Examiners. </span></em></p><p class="fine-print"><em><span>Laurence Jones does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Fraud was up 25% in the UK in 2021/22.Laurence Jones, Lecturer in Finance, Bangor UniversityAdrian Gepp, Professor of Data Analytics, Bangor UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2040182023-04-21T03:39:42Z2023-04-21T03:39:42ZAustralians lost more than $3bn to scammers in 2022. Here are 5 emerging scams to look out for<figure><img src="https://images.theconversation.com/files/522269/original/file-20230421-15-jncq5b.png?ixlib=rb-1.1.0&rect=228%2C213%2C1377%2C1003&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Facebook</span></span></figcaption></figure><p>The Australian Competition and Consumer Commission’s latest <a href="https://www.accc.gov.au/system/files/Targeting%20scams%202022.pdf">Targeting Scams report</a> indicates Australians reported more than A$3 billion lost to fraud in 2022. This is about a $1 billion increase on <a href="https://theconversation.com/australians-lost-2b-to-fraud-in-2021-this-figure-should-sound-alarm-bells-for-the-future-186459">reported losses from 2021</a>. </p>
<p>Year upon year, we’re witnessing a rise in monetary losses to fraud. Behind these figures sit millions of Australians who experience a range of financial and non-financial <a href="https://www.aic.gov.au/sites/default/files/2020-05/29-1314-FinalReport.pdf">harms</a>. </p>
<p>Here’s what we’ve learned from the latest report – and some advice on what to look out for in the year ahead. </p>
<h2>2022 at a glance</h2>
<p>Of the reported $3 billion lost, about half was stolen as part of investment schemes – more than double the $701 million figure from 2021. A desire to invest in cryptocurrency has driven up these losses, with potential investors inadvertently transferring money to offenders advertising a range of falsehoods. </p>
<p>Remote access schemes – in which a scammer convinces the victim to grant them access to their computer – jumped into second place, with $229 million in reported losses. This was followed by payment redirection scams (also known as business email compromise fraud). </p>
<p>Those who reported directly to Scamwatch lost an average of $19,654 – an increase of 54% from the $12,742 reported in 2021. </p>
<p>The report also shows not all victims are targeted equally; people aged 65 years and older reported the highest losses across all demographics. Indigenous Australians, people with a disability, and those from culturally and linguistically diverse backgrounds were also overrepresented.</p>
<p>For the first time in many years, text message was the most popular method for offenders to target victims. And while bank transfers were the most popular way to send funds to offenders, <a href="https://theconversation.com/crypto-theft-is-on-the-rise-heres-how-the-crimes-are-committed-and-how-you-can-protect-yourself-176027">cryptocurrency transfers</a> continue to increase in popularity – rising 162.4% in one year. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=286&fit=crop&dpr=1 600w, https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=286&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=286&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=360&fit=crop&dpr=1 754w, https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=360&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/522276/original/file-20230421-2632-p8wwc0.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=360&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Scammers are always looking for new ways to deceive people, and this often involves trying to build rapport.</span>
<span class="attribution"><span class="source">Michael Lucy</span></span>
</figcaption>
</figure>
<p>There was, however, a reduction in fraudulent phone calls. This is likely attributable to the introduction of <a href="https://www.commsalliance.com.au/__data/assets/pdf_file/0015/72150/C661_2022.pdf">regulatory action</a> to block known scam calls. It’s a bright spot in an otherwise dark report.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/scammers-can-slip-fake-texts-into-legitimate-sms-threads-will-a-government-crackdown-stop-them-200644">Scammers can slip fake texts into legitimate SMS threads. Will a government crackdown stop them?</a>
</strong>
</em>
</p>
<hr>
<h2>Trends to look out for</h2>
<p>The Targeting Scams report demonstrates the many ways offenders seek to defraud victims. On one hand, people are becoming more aware of common scam tactics. On the other, criminals are adjusting their methods to gain the upper hand. </p>
<p>Here are five types of relatively lesser-known frauds everyone should be aware of.</p>
<p><strong>1. Romance baiting</strong></p>
<p>Also known as “<a href="https://news.sophos.com/en-us/2021/05/12/fake-android-and-ios-apps-disguise-as-trading-and-cryptocurrency-apps/">cryptorom</a>” or “<a href="https://krebsonsecurity.com/2022/07/massive-losses-define-epidemic-of-pig-butchering/">pig butchering</a>”, this scam is a convergence of investment fraud and traditional romance fraud approaches. </p>
<p>The offender first initiates a relationship with the victim – through dating apps, websites or social media platforms. Once they’ve established trust, they encourage the victim to put their money into an “investment” opportunity, often cryptocurrency. The victim will then unknowingly transfer their money to the offender, who is under a different guise. </p>
<p>This kind of romance baiting raises fewer red flags than directly asking for money, and is targeting a younger demographic compared to more traditional romance fraud. </p>
<p>Such deceptions are coded under investment schemes. This is likely driving the surge in investment scheme losses reported in recent years, while also accounting for a lack of substantial increases in romance fraud.</p>
<p><strong>2. Online shopping fraud</strong></p>
<p>Offenders are skilled at creating fake websites and product advertisements that look genuine.</p>
<p>Often these fake sites will have only subtle differences from their real counterparts. Consumers may not be able to tell the difference. Criminals can directly access funds through victims’ credit card details obtained on these sites. </p>
<p>Online shopping fraud targets a range of demographics. It’s happening on stand-alone websites, social media platforms and online marketplaces.</p>
<p><strong>3. Jobs and employment fraud</strong></p>
<p><a href="https://research.qut.edu.au/centre-for-justice/wp-content/uploads/sites/304/2022/02/Briefing-Paper-Series-Feb2022-Issue21-17022022.pdf">Research</a> has indicated that working from home and flexible working conditions are strong indicators of a fraudulent job listing.</p>
<p>But in a post-COVID world, flexibility at work is often a key criterion for job seekers, if not a deal-breaker. Offenders have noticed this, and are responding by posting attractive job advertisements that offer flexibility and high incomes. </p>
<p>Victims submit their CVs and personal credentials (setting themselves up for identity crime), or may be required to pay upfront for training or materials costs for a job that doesn’t exist. </p>
<p>Employment scams are targeting younger people in particular, as they’re more likely to have <a href="https://australiainstitute.org.au/report/youth-unemployment-and-the-pandemic/">experienced job loss and insecurity</a> in the wake of the pandemic. </p>
<p><strong>4. Recovery schemes</strong></p>
<p>Many fraud victims will want to take whatever action possible to recover lost funds. </p>
<p>To exploit this, offenders will trade the details of victims with each other. They will then pose as authorities (often law enforcement, banks or private agencies) who are aware of the victim’s circumstances and promote their ability to regain the missing funds for a fee. </p>
<p>In this way, victims who are desperate to recover losses are manipulated into paying even more money to offenders.</p>
<p><strong>5. Remote access schemes</strong></p>
<p>Receiving a phone call from a computer technician advising of a problem with your computer and offering to fix it is a common experience for many. While this approach isn’t new, it made a strong resurgence in 2022 – particularly targeting older people. </p>
<p>These scam calls often come through landlines and prey on people’s fear for the security of their bank details and other personal data. The fraudsters often invoke a sense of urgency about needing to rectify the “problem”, and victims are persuaded to give the offender remote access to their computer. </p>
<p>The criminal can then access a wealth of personal information. They can gain direct entry to bank accounts to transfer funds, and can access identity credentials and other sensitive details to commit identity crime in the future. </p>
<h2>Change is needed to protect the public</h2>
<p>The threat of fraud will only increase alongside technological evolution. Experts are concerned about artificial intelligence tools such as <a href="https://www.theguardian.com/technology/2023/mar/08/darktrace-warns-of-rise-in-ai-enhanced-scams-since-chatgpt-release">ChatGPT</a> and image and video generators giving cybercriminals yet another tool to add to their arsenal.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/scams-deepfake-porn-and-romance-bots-advanced-ai-is-exciting-but-incredibly-dangerous-in-criminals-hands-199004">Scams, deepfake porn and romance bots: advanced AI is exciting, but incredibly dangerous in criminals' hands</a>
</strong>
</em>
</p>
<hr>
<p>The latest Scamwatch report is further evidence banks and financial institutions need to implement measures to help reduce fraud losses; among these, the checking of account names against BSB numbers for all transactions. The UK has a <a href="https://www.ukfinance.org.uk/policy-and-guidance/guidance/confirmation-payee">confirmation-of-payee</a> policy that does this. </p>
<p>The government is attempting to address the continued surge in fraud losses through the revision of its <a href="https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy/2023-2030-australian-cyber-security-strategy">cybersecurity strategy</a> and the potential establishment of a <a href="https://consultation.accc.gov.au/accc/national-anti-scams-centre-survey/">National Anti-Scams Centre</a>. </p>
<p>These are both positive steps but it’s clear there’s a need for more work to be done.</p>
<p><em>If you or someone you know has been a victim of fraud, you can report it to <a href="https://www.cyber.gov.au/report-and-recover/report">ReportCyber</a>. For support, contact <a href="https://www.idcare.org/">iDcare</a>. For prevention advice, consult <a href="https://www.scamwatch.gov.au/">Scamwatch</a>.</em></p><img src="https://counter.theconversation.com/content/204018/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Cassandra Cross has previously received funding from the Australian Institute of Criminology and the Cybersecurity Cooperative Research Centre.</span></em></p>Losses have surged, and change is needed to better protect Australians into the future.Cassandra Cross, Associate Dean (Learning & Teaching) Faculty of Creative Industries, Education and Social Justice, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1774192022-05-05T20:05:52Z2022-05-05T20:05:52ZTo keep people — and their money — safe online, regulate dating platforms<figure><img src="https://images.theconversation.com/files/461301/original/file-20220504-16-xbr9yf.jpg?ixlib=rb-1.1.0&rect=0%2C8%2C5472%2C3628&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">An increasing number of people are falling victim to cryptocurrency scams on dating websites.</span> <span class="attribution"><span class="source">(Shutterstock)</span></span></figcaption></figure><p>You meet an attractive stranger on a dating site. They live in your city and you hit it off right away. Soon, you’re texting with them frequently and making plans to meet in person. You’ve been lonely and isolated amid lockdowns, and this person relieves the anguish, so you seem to be spending all your time chatting with them. </p>
<p>What’s even better is that they’re doing great, financially. They got into the crypto investment boom at the right time and have seen their savings balloon. You really like them, so when they encourage you to take the dip together and put your own savings into crypto assets, it feels natural.</p>
<p>Like <a href="https://www.nytimes.com/2022/02/21/technology/crypto-scammers-new-target-dating-apps.html">thousands around the world</a>, you have been scammed. </p>
<p>The crypto exchange you’ve put your money in is fake, a front set up by the same scammers who created the persona of your online partner — who doesn’t exist. You can go to the authorities, but the money cannot be traced. It now makes up part of the <a href="https://time.com/nextadvisor/investing/cryptocurrency/common-crypto-scams/">US$14 billion estimated to have been stolen this way</a> during the COVID-19 pandemic.</p>
<h2>Online connections</h2>
<p>During a period when social distancing became synonymous with personal and public safety, online technologies have facilitated connection with other people. In my ongoing research on how Haitian gay migrants in North America and Europe develop romantic relationships with partners in Haiti, I have seen how dating and messaging apps enable and support connections across borders. </p>
<p>The past few years have seen constant hype surrounding cryptocurrencies — new forms of digital currency that promise to revolutionize the global economy through decentralization. </p>
<p>But their ease of use, together with a lack of government oversight and regulation, have created the perfect conditions for new kinds of cyber-financial crimes around the world. For example, the “pig-butchering” scam uses promises of love and financial gain to lure unsuspecting people into investing in bogus cryptocurrency trading platforms. And <a href="https://globalnews.ca/news/8707720/alberta-woman-conned-money-online-lothario/">the number of victims is on the rise</a>.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/organized-crime-has-infiltrated-online-dating-with-sophisticated-pig-butchering-scams-177445">Organized crime has infiltrated online dating with sophisticated 'pig-butchering' scams</a>
</strong>
</em>
</p>
<hr>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/BH5-rSxilxo?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">A crypto ad broadcast during the 2022 Super Bowl event.</span></figcaption>
</figure>
<p>Mainstream media reports of people making <a href="https://www.forbes.com/sites/johnhyatt/2022/04/05/the-richest-crypto-and-blockchain-billionaires-in-the-world-2022/?sh=4719577b580d">vast overnight fortunes through cryptocurrencies are frequent</a>. But this is only one side of the story — the media hype has drowned out stories about how cryptocurrencies have become the <a href="https://www.ft.com/content/4169ea4b-d6d7-4a2e-bc91-480550c2f539">top form of payment for criminal activity thanks to their anonymity and privacy</a>. </p>
<p>And criminal gangs have capitalized on the increased interest: posing online as successful crypto traders, they take advantage of their marks’ lack of experience.</p>
<h2>Keeping Canadians safe</h2>
<p>Online scams have major emotional and financial consequences for their victims. Some of them have seen their entire life savings vanish, leaving them to deal with <a href="https://www.straitstimes.com/singapore/courts-crime/she-lost-240000-in-pig-butchering-cryptocurrency-scam-after-fraudster-courted-her-for-months">insurmountable debts</a> in addition to <a href="https://montreal.ctvnews.ca/they-re-bloodsuckers-montreal-man-says-he-lost-nearly-400-000-in-cryptocurrency-scam-1.5671525">symptoms arising</a> from <a href="https://bc.ctvnews.ca/hugely-traumatizing-romance-scams-on-the-rise-in-metro-vancouver-police-warn-1.5678069">post-traumatic stress</a>, as well as <a href="https://www.theguardian.com/lifeandstyle/2022/jan/10/it-felt-like-losing-a-husband-the-fraudsters-breaking-hearts-and-emptying-bank-accounts">victim-blaming and shame</a>.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/461304/original/file-20220504-21-3qzxxx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="two women appear shocked as they look at a laptop screen" src="https://images.theconversation.com/files/461304/original/file-20220504-21-3qzxxx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/461304/original/file-20220504-21-3qzxxx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/461304/original/file-20220504-21-3qzxxx.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/461304/original/file-20220504-21-3qzxxx.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/461304/original/file-20220504-21-3qzxxx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/461304/original/file-20220504-21-3qzxxx.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/461304/original/file-20220504-21-3qzxxx.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Online scams can leave victims traumatized and ashamed.</span>
<span class="attribution"><span class="source">(Shutterstock)</span></span>
</figcaption>
</figure>
<p>Authorities are reacting, although late. The United Kingdom was the first country to introduce an Online Safety Bill to <a href="https://www.theguardian.com/money/2022/mar/08/internet-scams-now-included-in-uk-online-safety-bill">stop fraudsters using fake online adverts</a>. To force institutions to tackle online scams, such as romance scams, the bill will make <a href="https://www.pymnts.com/news/security-and-risk/2022/uk-online-safety-bill-can-reduce-authorized-push-payment-fraud/">reimbursements mandatory to victims</a>.</p>
<p>In the United States, the <a href="https://www.koin.com/top-stories/fbi-issues-new-warning-about-scam-using-dating-sites-crypto/">Federal Bureau of Investigation</a> has launched media campaigns to increase awareness about sophisticated scams. In the same vein, Biden signed <a href="https://time.com/nextadvisor/investing/cryptocurrency/biden-executive-order-crypto-expert-reaction/">an executive order to regulate the cryptocurrency industry</a>. </p>
<p>In 2018, India considered <a href="https://www.medianama.com/2022/03/223-cryptocurrency-regulation-india-legal-anatomy/">banning cryptocurrencies altogether</a>, before imposing a tax as a form of regulation instead. And some banks and governmental institutions in France have sent out alerts to app users warning them about <a href="https://www.cafedelabourse.com/actualites/crypto-monnaie-gare-arnaques-sites-blacklistes">scams impersonating their organizations</a>. </p>
<h2>National regulation</h2>
<p>Given the <a href="https://www.antifraudcentre-centreantifraude.ca/features-vedette/2022/02/romance-rencontre-eng.htm">alarming number of victims of online dating scams in Canada</a>, the federal government should include strengthened safeguards against online scams in its <a href="https://www.canada.ca/en/canadian-heritage/campaigns/harmful-online-content.html">new commitment to keep Canadians safe online</a>. </p>
<p>The new regulatory framework for online safety that <a href="https://www.thestar.com/politics/political-opinion/2022/04/19/elon-musks-attempt-to-buy-twitter-should-be-setting-off-alarm-bells-in-ottawa.html">the Canadian government is currently developing</a> must include provisions to hold online services accountable. These services include cryptocurrency trading and exchange platforms, online banking, dating apps and social media.</p>
<p>As the government moves toward creating safer online experiences for Canadians, there should also be a concerted effort to combat growing dating and crypto investment scams.</p><img src="https://counter.theconversation.com/content/177419/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Carlo Handy Charles receives funding from the Social Sciences and Humanities Research Council of Canada as a Vanier Scholar. He is also a Pierre Elliott Trudeau Foundation Scholar. He is a fellow at the Convergence Migration Insitute in Paris.</span></em></p>Online dating scams are costing site users millions of dollars. Regulation needs to hold companies accountable for fraud committed on their platforms.Carlo Handy Charles, Ph.D. Candidate, Sociology and Geography, McMaster UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1737962022-01-05T13:47:38Z2022-01-05T13:47:38ZHow cybercriminals turn paper checks stolen from mailboxes into bitcoin<figure><img src="https://images.theconversation.com/files/439400/original/file-20220104-15-uf0yj.jpg?ixlib=rb-1.1.0&rect=78%2C47%2C3420%2C2281&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Mailboxes are increasingly becoming the scene of a crime. </span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/photo/getting-the-mail-royalty-free-image/182683036">GregAIT/E+ via Getty Images</a></span></figcaption></figure><p>While <a href="https://www.nist.gov/blogs/taking-measure/cybercrime-its-worse-we-thought">cybercrime gets a lot of attention</a> from law enforcement and the media these days, I’ve been documenting a less high-tech threat emerging in recent months: a <a href="https://www.fox29.com/news/suspect-found-with-checks-credit-cards-to-be-believed-stolen-from-mail-police-say">surge in stolen checks</a>. </p>
<p>Criminals are increasingly targeting U.S. Postal Service and personal mailboxes to pilfer filled-out checks and sell them over the internet using social media platforms. The buyers then alter the payee and amount listed on the checks to rob victims’ bank accounts of thousands of dollars. While the banks themselves <a href="https://www.bai.org/banking-strategies/article-detail/the-banking-industrys-multi-billion-dollar-problem/">typically bear the financial burden</a> and reimburse targeted accounts, criminals can use the checks to steal victims’ identities, which <a href="https://www.pcmag.com/news/5-ways-identity-theft-can-ruin-your-life">can have severe consequences</a>. </p>
<p>I founded and now direct Georgia State University’s <a href="https://ebcs.gsu.edu/">Evidence Based Cybersecurity Research Group</a>, which is aimed at learning what works and what doesn’t in preventing cybercrime. For the past two years, we’ve been surveilling 60 black market communication channels on the internet to learn more about the online fraud ecosystem and gather data on it in a systematic way in order to spot trends. </p>
<p>One thing we didn’t expect to see was a surge in purloined checks. </p>
<h2>An old threat returns</h2>
<p>In general, bank check theft is a type of fraud that involves the stealing and <a href="https://sqnbankingsystems.com/blog/types-of-check-fraud/">unauthorized cashing of a check</a>. </p>
<p>It’s hardly a new phenomenon. Criminals were committing check fraud as soon as the <a href="https://sqnbankingsystems.com/blog/history-of-check-fraud/">first modern checks were cut in the 18th century in England</a> – and the authorities <a href="https://www.econstor.eu/bitstream/10419/57670/1/602139635.pdf">were already looking for ways to prevent it</a>. </p>
<p>While there’s little historical data on this type of fraud, we do know it became <a href="https://books.google.com/books?id=TzJZXIoo4tIC&pg=PA78&lpg=PA78&dq=check+theft+from+mailboxes+in+the+1990s&source=bl&ots=u7SzV2GzYx&sig=ACfU3U2c5MiFGEQLiFiUPhMq9dEKzK_h0A&hl=en&sa=X&ved=2ahUKEwjkqurEmuv0AhUWTDABHbqBCNkQ6AF6BAgvEAM#v=onepage&q=check%20theft%20from%20mailboxes%20in%20the%201990s&f=false">particularly problematic in the 1990s</a> as the internet made finding willing buyers of illicit items easier than ever. For example, financial institutions <a href="https://www.occ.gov/publications-and-resources/publications/banker-education/files/check-fraud-a-guide-to-avoiding-losses.html">estimated they lost</a> about US$1 billion to check fraud from April 1996 to September 1997. </p>
<p>But what may seem a little surprising is that its resurgence now at a time when the <a href="https://www.statista.com/statistics/1111233/payment-method-usage-transaction-volume-share-worldwide/">vast majority of transactions are conducted electronically</a> and <a href="https://www.atlantafed.org/-/media/documents/banking/consumer-payments/research-data-reports/2020/02/13/us-consumers-use-of-personal-checks-evidence-from-a-diary-survey/rdr2001.pdf%27">check use continues to wane</a>. </p>
<h2>What check fraud looks like</h2>
<p>Broadly speaking, the check scams we’ve been tracking look something like this: </p>
<p>Someone breaks into a mailbox that stores letters waiting to be sent and <a href="https://www.nbcwashington.com/news/local/a-man-put-a-check-in-the-mail-it-was-stolen-altered-and-cashed-for-1900/2892470">grabs some of them</a> in hopes they’ll contain a check that’s been filled in. Often, the crime scene where the theft occurs is the victim’s own mailbox, but it can also be one of those <a href="https://newyork.cbslocal.com/2021/12/09/teaneck-checks-stolen-from-mail">blue USPS boxes</a> you pass on the street. </p>
<p>Criminals can access those with a <a href="https://www.fox5dc.com/news/montgomery-county-residents-claim-checks-were-stolen-from-usps-mailboxes">stolen or copied mailbox key</a>, which we have seen on sale for as much as $1,000.</p>
<figure class="align-right zoomable">
<a href="https://images.theconversation.com/files/437642/original/file-20211214-21-1arvsvf.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="Three USPS mailbox keys lie on a gray surface" src="https://images.theconversation.com/files/437642/original/file-20211214-21-1arvsvf.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/437642/original/file-20211214-21-1arvsvf.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=870&fit=crop&dpr=1 600w, https://images.theconversation.com/files/437642/original/file-20211214-21-1arvsvf.jpeg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=870&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/437642/original/file-20211214-21-1arvsvf.jpeg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=870&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/437642/original/file-20211214-21-1arvsvf.jpeg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=1093&fit=crop&dpr=1 754w, https://images.theconversation.com/files/437642/original/file-20211214-21-1arvsvf.jpeg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=1093&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/437642/original/file-20211214-21-1arvsvf.jpeg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=1093&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">An image of USPS mailbox keys on sale.</span>
<span class="attribution"><span class="source">Screenshot from Telegram</span></span>
</figcaption>
</figure>
<p>Thieves may deposit or cash the checks themselves or sell them on to others via a marketplace of illicit items, such as fake IDs and credit cards. Prices are typically $175 for personal checks and $250 for business ones – payable in bitcoin – but always negotiable and cheaper in bulk, based on our observations and direct interactions with the sellers. </p>
<p>Buyers then use nail polish remover to erase the intended payee’s name and the amount displayed on the check, replacing those details with their own preferred payee – such as a retailer – and amount, usually a lot higher than the original check. A buyer might also simply cash the check at a location like Walmart using a fake ID. </p>
<p>In some cases we believe criminals are using the checks to steal the victim’s identity by using their name and address to manufacture fake driver’s licenses, passports and other legal documents. Upon taking over someone’s identity, a criminal may use it to submit false applications for loans and credit cards, <a href="https://www.justice.gov/criminal-fraud/identity-theft/identity-theft-and-identity-fraud">access the victim’s bank accounts</a> and engage in other types of online fraud.</p>
<h2>Tracking black market chat rooms</h2>
<p>To better understand how cybercriminals operate, my team of graduate students began monitoring 60 online chat room channels where we knew people were trafficking in fraudulent documents. Examples of these types of channels are group chats on messaging apps like WhatsApp, ICQ and Telegram, in which users post pictures of items they wish to sell. Some of the channels we are monitoring are public, while others required an invitation, which we managed to procure.</p>
<figure class="align-left zoomable">
<a href="https://images.theconversation.com/files/439422/original/file-20220104-25-a77y61.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A check sits in a bowl that was used to to remove pen ink, with other checks scattered on the table, with details blacked out." src="https://images.theconversation.com/files/439422/original/file-20220104-25-a77y61.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/439422/original/file-20220104-25-a77y61.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=800&fit=crop&dpr=1 600w, https://images.theconversation.com/files/439422/original/file-20220104-25-a77y61.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=800&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/439422/original/file-20220104-25-a77y61.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=800&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/439422/original/file-20220104-25-a77y61.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=1005&fit=crop&dpr=1 754w, https://images.theconversation.com/files/439422/original/file-20220104-25-a77y61.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=1005&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/439422/original/file-20220104-25-a77y61.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=1005&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">After stealing a check, criminals use nail polish remover to remove the pen ink used to fill them out. Criminals blacked out the check account and code numbers so they can’t be used without purchase. Names and addresses have been blacked out to protect victims’ identities.</span>
<span class="attribution"><span class="source">Screenshot from Telegram</span></span>
</figcaption>
</figure>
<p>After we noticed a rise in stolen checks on sale, we began systematically gathering data from those channels about six months ago in order to track the trend. We downloaded the images, coded them and then aggregated the data so we could spot trends in what was being sold. </p>
<p>In our observations, we came across an average of 1,325 stolen checks being sold every week in October 2021, up from 634 per week in September and 409 in August. Although little historical data on this practice exists, a one-week pilot study we conducted in October 2020 places these numbers in some perspective. Back then, we observed only 158 stolen checks during that period. </p>
<p>Furthermore, these figures likely only represent a small fraction of the number of checks actually being stolen and sold. We focused on only 60 markets, when in fact there are <a href="https://ieeexplore.ieee.org/abstract/document/9378229">thousands currently active</a>. </p>
<p>In dollar amounts, we found that the face value of the checks, as written, was $11.6 million in all of October and $10.2 million in September. But again, these values likely represent a small share of the actual amount of money being stolen from victims because criminals <a href="https://www.nbcwashington.com/news/local/a-man-put-a-check-in-the-mail-it-was-stolen-altered-and-cashed-for-1900/2892470">often rewrite the checks</a> for much higher amounts. </p>
<p><iframe id="yOHe0" class="tc-infographic-datawrapper" src="https://datawrapper.dwcdn.net/yOHe0/4/" height="400px" width="100%" style="border: none" frameborder="0"></iframe></p>
<p>Using the victims addresses, which <a href="https://www.nerdwallet.com/article/banking/understanding-the-parts-of-a-check">appeared on the left top corner of the checks</a>, and focusing on the data we collected in the month of October 2021, we found New York, Florida, Texas and California were the top sources. </p>
<figure class="align-right zoomable">
<a href="https://images.theconversation.com/files/439421/original/file-20220104-15-14vsyah.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A dozen filled-in checks are displayed and slightly overlapping one another, with the back of a $100 bill at the bottom. The names and addresses are blacked out to protect victims' identities." src="https://images.theconversation.com/files/439421/original/file-20220104-15-14vsyah.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/439421/original/file-20220104-15-14vsyah.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=1761&fit=crop&dpr=1 600w, https://images.theconversation.com/files/439421/original/file-20220104-15-14vsyah.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=1761&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/439421/original/file-20220104-15-14vsyah.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=1761&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/439421/original/file-20220104-15-14vsyah.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=2214&fit=crop&dpr=1 754w, https://images.theconversation.com/files/439421/original/file-20220104-15-14vsyah.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=2214&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/439421/original/file-20220104-15-14vsyah.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=2214&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Stolen personal checks typically go for $175 – but they’re cheaper purchased in bulk.</span>
<span class="attribution"><span class="source">Screenshot from ICQ</span></span>
</figcaption>
</figure>
<h2>How to protect yourself</h2>
<p>The best advice I can give consumers who want to avoid falling victim to these schemes is to avoid mailing checks, if you can. </p>
<p>Bank checking accounts usually offer customers the option to send money electronically, whether to a friend or a company, for free. And there are many apps and other services that allow you to make digital payments from bank accounts or via credit card. While there are risks with these methods as well, in general they are a lot safer than writing a check and sending it in the mail. </p>
<p>Still, some types of businesses may require a physical check for payment, such as landlords, <a href="https://www.policygenius.com/banking/what-is-a-check/">utilities and insurance companies</a>. Moreover, as a matter of personal preference, some people – myself included – prefer to pay their bills using checks rather than other methods of payment. </p>
<p>To avoid the risk, I make sure to drop off all my letters containing checks inside my local post office. That’s generally your best bet for keeping them out of the hands of criminals and ensuring they reach their intended destination. </p>
<p>The <a href="https://www.uspis.gov/">United States Postal Inspection Service</a>, the agency responsible for preventing mail theft, also <a href="https://www.uspis.gov/tips-prevention/mail-theft">offers tips</a> to stay protected. </p>
<p>As for enforcement, the inspection service works with the police and others to crack down on mail-related crime. These efforts result in the arrest of <a href="https://www.uspis.gov/tips-prevention/mail-theft">thousands of mail and packages thieves every year</a>. However, for every arrest, there are many more criminals who go undetected. </p>
<p>[<em>Over 140,000 readers rely on The Conversation’s newsletters to understand the world.</em> <a href="https://memberservices.theconversation.com/newsletters/?source=inline-140ksignup">Sign up today</a>.]</p>
<p>And when we informed officials of our findings, they were also surprised by what we discovered but planned to step up monitoring of these types of black market communication channels. </p>
<p>Our research suggests much more systematic data on this type of fraud is needed in order to better understand how it works, crack down on the activity and prevent it from occurring in the first place.</p><img src="https://counter.theconversation.com/content/173796/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Maimon receives funding from the National Science Foundation, Minerva, Department of Homeland Security, and the Federal Reserve Bank. </span></em></p>A cybersecurity research group has been tracking a significant rise in the number of stolen checks being sold on sites like WhatsApp and Telegram, which often results in stolen identities.David Maimon, Associate Professor of Criminal Justice and Criminology, Georgia State UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1630382021-06-21T15:02:44Z2021-06-21T15:02:44Z‘Scambaiting’: why the vigilantes fighting online fraudsters may do more harm than good<figure><img src="https://images.theconversation.com/files/407444/original/file-20210621-35715-x3lcrx.jpeg?ixlib=rb-1.1.0&rect=1050%2C385%2C3715%2C2772&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/malaysia-april-14-2018-mini-figure-1073300447">zaidi razak/Shutterstock</a></span></figcaption></figure><p>Fraud has reached “<a href="https://www.bbc.co.uk/news/business-55769991">epidemic</a>” levels in the UK over the past 12 months, costing up to <a href="https://rusi.org/publication/occasional-papers/silent-threat-impact-fraud-uk-national-security">£190 billion a year</a> and constituting what the Royal United Services Institute has called a “national security threat” in need of an urgent institutional response.</p>
<p>But it’s clear that the police are struggling to keep pace with fraudsters. A 2018 <a href="https://www.which.co.uk/news/2018/09/exclusive-more-than-96-of-reported-fraud-cases-go-unsolved/">Which?</a> report found that an estimated 96% of fraud cases reported to Action Fraud go unsolved. And with scams seemingly <a href="https://theconversation.com/why-are-there-so-many-text-scams-all-of-a-sudden-161909">on the rise</a>, <a href="https://rusi.org/sites/default/files/cyber_enabled_fraud_bp_final_web_version.pdf">54%</a> of which involve the internet, the problem of online fraud appears to be getting worse.</p>
<p>There are <a href="https://theconversation.com/a-handsome-soldier-with-a-medical-bill-how-romance-scammers-make-you-fall-in-love-with-them-127820">romance scammers</a> forming bogus online relationships with their victims, <a href="https://theconversation.com/how-to-avoid-scams-when-buying-a-pet-online-153138">pet scammers</a> setting up thousands of websites selling animals that don’t exist, and <a href="https://theconversation.com/phishing-scams-are-becoming-ever-more-sophisticated-and-firms-are-struggling-to-keep-up-73934">phishing scammers</a> using fear and urgency to obtain sensitive personal information from victims.</p>
<p>In response to the growing threat of online fraud, volunteers have taken the matter of policing scams into their own hands, with some forming vigilante groups of “<a href="https://conversation.which.co.uk/money/what-is-scambaiting-romance-fraud-explained/">scambaiters</a>” who seek to identify and disrupt scammers where police forces have failed.</p>
<p>But while scambaiters may be effective in reducing online fraud, <a href="https://www.sciencedirect.com/science/article/abs/pii/S1756061621000276">our study</a> has shown they’re also controversial, with some communities rewarding scambaiters who humiliate or inflict harm on scammers. On closer inspection, this form of vigilante justice may actually do more harm than good.</p>
<h2>What is scambaiting?</h2>
<p>The most basic form of scambaiting sets out to waste a scammer’s time. At a minimum, scambaiters attempt to make scammers answer countless questions or perform pointless and random tasks. By keeping a scammer busy, scambaiters claim they’re preventing the scammer from defrauding a real victim. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/PyAbBE7lUwo?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
</figure>
<p>Scambaiting may also be conducted with a specific purpose in mind. Sometimes scambaiters attempt to obtain an offender’s bank account information, for instance, which they then report to a financial institution. But there are other, less benevolent motives in the scambaiting community.</p>
<p>Thousands of scambaiters are organised on the 419eater forum, which describes itself as the “largest scambaiting community on earth”, with over 1.7 million forum threads. The forum was <a href="https://knowyourmeme.com/memes/nigerian-scams">first established in 2003</a> to tackle the growing issue of <a href="https://www.actionfraud.police.uk/a-z-of-fraud/419-emails-and-letters">419 emails</a> – a scam that promises people huge sums of cash in return for a small upfront fee.</p>
<p>419eater provides a particularly interesting case study because members are incentivised and rewarded for their scambaits through a unique system of icons, regarded as trophies, that they can obtain in their profile’s signature lines. </p>
<h2>Hunting trophies</h2>
<p>These trophies can be fairly benign. Some icons are awarded for exceptionally long scambaits, or for securing a photo or video of the scammer. But other trophies may cause lasting damage to an offender’s physical and mental wellbeing. </p>
<p>The yin yang trophy symbol, for example, represents an offender getting a permanent tattoo. Given that those targeted are often located in some of the poorest communities in West Africa, this exposes the offender to a greater risk of HIV transmission. </p>
<p>Another more sought-after trophy is the pith helmet. This is awarded when an offender travels a minimum of 200 miles on a round trip, which may result in the offender being stranded and therefore forcing them to take desperate measures to return home. </p>
<p>To get offenders hooked into performing these tasks, the scambaiters will use a number of social engineering techniques (just like the scammers themselves) such as by inventing fictitious scenarios, forging documents, or by bringing in multiple scambaiters when a concentrated effort is required.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/vigilantes-and-private-security-are-policing-the-internet-where-governments-have-failed-132040">Vigilantes and private security are policing the internet where governments have failed</a>
</strong>
</em>
</p>
<hr>
<p>If one examines some of the scambaits on 419eater in greater depth, it’s easy to see why scholars have criticised the forum for its face-value <a href="https://journals.sagepub.com/doi/full/10.1177/1470412914546845">racism</a>. One scambait, for example, resulted in an offender dressing up as the fictional character Curious George, with a hired monkey. Sections of the 419eater community appear to treat their predominantly West African targets with racial prejudice and the community seems set up to reward rather than condemn these acts.</p>
<p>Scambaiting has also received a recent boost in popularity, with YouTubers like <a href="https://www.youtube.com/channel/UCBNG0osIBAprVcZZ3ic84vw">Jim Browning</a> now promoting their own scambaiting activities. Jim Browning’s techniques are controversial because he hacks offenders’ computers to transfer files to his own computer and yet they’re seemingly tolerated; Browning was even the focus of a recent <a href="https://www.bbc.co.uk/programmes/m000fzx2">BBC documentary series</a>.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/cZ9LUS2F1cA?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
</figure>
<p>Scambaiting can also be dangerous, especially for those who are new and inexperienced. Scammers have previously employed a retribution technique known as “<a href="https://edition.cnn.com/2019/03/30/us/swatting-what-is-explained/index.html">swatting</a>” in cases where they’ve encountered a scambaiter. Swatting involves an offender making a hoax call to a police department in an attempt to elicit an emergency response from the police. In some instances, victims of swatting <a href="https://www.wired.com/story/how-to-stop-swatting-before-it-happens-seattle/?redirectURL=https%3A%2F%2Fwww.wired.com%2Fstory%2Fhow-to-stop-swatting-before-it-happens-seattle%2F">have been killed</a>.</p>
<h2>Fighting fraud responsibly</h2>
<p>So scambaiting appears both controversial and risky. But voluntary responses to online fraud needn’t be this way. For instance, the primary author of this article, Jack, helped set up <a href="https://petscams.com/">Petscams.com</a>, an organisation which attempts to deal with the growing number of pet scam websites and uses a disruption approach as opposed to the confrontation tactics used in scambaiting.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/how-to-avoid-scams-when-buying-a-pet-online-153138">How to avoid scams when buying a pet online</a>
</strong>
</em>
</p>
<hr>
<p>Petscam.com volunteers have created a database of fraudulent pet and shipping websites, and have joined the US Federal Trade Commission’s <a href="https://www.ftc.gov/enforcement/consumer-sentinel-network/data-contributors" title=") so that victims of this scam have a facility that they can send their complaints to. Volunteerism has also been incorporated into the private sector with Cisco’s [Phishtank](http://phishtank.org/ "">consumer sentinel network</a>, which provides a facility through which volunteers can report phishing websites.</p>
<p>Our research also suggets that state-led initiatives could play a more prominent role in tackling online fraud. Since 2011, the National Crime Agency in the UK has run a scheme, using “<a href="https://wiki.openrightsgroup.org/wiki/Cyber_Specials">Cyber Specials</a>” with relevant skills to volunteer as <a href="https://nationalcrimeagency.gov.uk/careers/how-to-join-the-nca/nca-specials">special constables</a>. Yet the uptake has so far been poor, and a <a href="https://www.justiceinspectorates.gov.uk/hmicfrs/wp-content/uploads/fraud-time-to-choose-an-inspection-of-the-police-response-to-fraud.pdf">2019 review</a> found that 16 police forces and three regional units weren’t using volunteers to tackle cybercrime.</p>
<p>Voluntary initiatives like 419eater have shown there’s an appetite from the public to tackle scams. If state bodies can harness them in a more ethical and effective way, we may be able to better address the epidemic of fraud currently sweeping the UK.</p><img src="https://counter.theconversation.com/content/163038/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Mark Button receives funding from Home Office to research fraud (but not directly related to this article). </span></em></p><p class="fine-print"><em><span>Jack Mark Whittaker does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The scambaiting community aims to disrupt online scammers – but some of their activity is ethically troubling.Jack Mark Whittaker, PhD Candidate, Criminology (Cybercrime), University of SurreyMark Button, Professor of Security and Fraud, University of PortsmouthLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1412892020-07-06T02:28:52Z2020-07-06T02:28:52Z$2.5 billion lost over a decade: ‘Nigerian princes’ lose their sheen, but scams are on the rise<figure><img src="https://images.theconversation.com/files/345461/original/file-20200703-33926-nxbl9g.jpg?ixlib=rb-1.1.0&rect=173%2C41%2C5329%2C3621&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Last year, Australians reported more than A$634 million lost to fraud, a significant jump from $489.7 million the year before.</p>
<p>The Australian Competition and Consumer Commission (ACCC) has released its latest annual <a href="https://www.accc.gov.au/publications/targeting-scams-report-on-scam-activity/targeting-scams-2019-a-review-of-scam-activity-since-2009">Targeting Scams</a> report.</p>
<p>But despite increased awareness, scam alerts and targeted education campaigns, more Australians are being targeted than ever before. </p>
<p>With all the technological tools we have, why does fraud continue to be so pervasive? And how can the damage be reduced?</p>
<h2>Latest key findings</h2>
<p>According to the ACCC’s report, “<a href="https://eprints.qut.edu.au/200621/">business email compromise</a>” fraud rose to dominance in 2019. </p>
<p>At $132 million, it became the highest category of financial loss reported – the first time this has happened. This usually involves using <a href="https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-information/phishing">phishing</a> and hacking to infiltrate company systems and email accounts. </p>
<p>Offenders can intercept payment invoices, or create their own, and funnel victims’ funds into their own accounts. Businesses and individuals make their payments as usual, but unknowingly pay the offender. </p>
<p>Investment and romance schemes also continue to defraud victims. Reports of investment fraud totalled $126 million, up from $80 million in 2018. And romance fraud losses totalled $83 million, up from $60.5 million in 2018.</p>
<p>Overall, men reported higher financial losses ($77.5 million) than women ($63.6 million).</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1273135104827756545"}"></div></p>
<h2>Years of statistics</h2>
<p>Reflecting on <a href="https://www.accc.gov.au/publications/targeting-scams-report-on-scam-activity/targeting-scams-report-on-scam-activity-2009">a decade</a> of the ACCC’s Targeting Scams reports, we can see how fraud has changed with the times. </p>
<p>Since the first report in 2009 (which recorded $69.9 million in losses) Australians have collectively reported more than <a href="https://www.scamwatch.gov.au/news-alerts/scams-cost-australians-over-630-million">$2.5 billion</a> in losses.</p>
<p>The number of reports has increased significantly. While this likely reflects a higher percentage of the population being targeted, it also represents more authorities receiving complaints and contributing statistics. </p>
<p>For instance, 2019 marked the first year the big four Australian banks (Westpac, NAB, Commonwealth Bank and ANZ) contributed their data. </p>
<h2>The ‘prince of Nigeria’ needs your help</h2>
<p>Today’s offenders have very different approaches to those of ten years ago. There were once many more stories of <a href="https://www.bbb.org/new-york-city/get-consumer-help/articles/the-nigerian-prince-old-scam-new-twist/">Nigerian princes</a> (although these <a href="https://theconversation.com/why-nigerian-prince-scams-continue-to-dupe-us-98232">still exist</a>). </p>
<p>These days, victims are most often contacted by telephone, although email, text message and social media communications are also common. </p>
<p>Payment methods have advanced, too, with <a href="https://www.consumer.ftc.gov/blog/2019/11/scams-telling-you-pay-bitcoin-rise">bitcoin</a> and cryptocurrencies becoming popular ways for offenders to receive money.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=387&fit=crop&dpr=1 600w, https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=387&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=387&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=486&fit=crop&dpr=1 754w, https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=486&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/345462/original/file-20200703-33947-9zlsc4.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=486&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">According to the ACCC’s 2019 report, men were more likely to report losses to investment fraud, while women were the major target for romance fraud.</span>
<span class="attribution"><span class="source">Shutterstock</span></span>
</figcaption>
</figure>
<h2>Why is fraud still so successful?</h2>
<p>While technology has long helped scammers, it has also helped improve cyber security options such as antivirus software, and email filters to block spam. So why do we still have fraud?</p>
<p>Essentially, fraud takes a human approach. Criminals seek to capitalise on victims’ weaknesses in a calculated manner. For example, this year Australians looking to buy pets during lockdown lost almost $300,000 to <a href="https://www.scamwatch.gov.au/news-alerts/dont-get-scammed-looking-for-a-lockdown-puppy">puppy scams</a>.</p>
<p>Offenders have also shifted their focus to counteract fraud prevention messages to the public from police and other agencies. One prime example is the <a href="https://www.accc.gov.au/system/files/1557_Little%20Black%20Book%20of%20Scams%202019_FA%20WEB.pdf">Little Black Book of Scams</a> released by the ACCC <a href="https://www.scamwatch.gov.au/news-alerts/the-new-little-black-book-of-scams-is-here">in 2008</a>. </p>
<p>It provides comprehensive details of many common fraud schemes and has influenced fraud-prevention messaging across both the <a href="https://www.met.police.uk/SysSiteAssets/media/downloads/central/advice/fraud/met/the-little-book-of-big-scams.pdf">United Kingdom</a> and <a href="https://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/04333.html">Canada</a>.</p>
<p>To counter prevention messaging, offenders now recruit Australians to launder their funds. Known as “<a href="https://www.acic.gov.au/media-centre/joint-media-releases/world-wide-week-action-targeting-money-mules">money mules</a>”, they are often victims themselves, asked to receive and transfer money on behalf of offenders. </p>
<p>From a victim’s perspective, there are fewer red flags when asked to send money to a Big Four bank account in Melbourne, compared to sending money to Lagos.</p>
<p>Similarly, since there has been a strong push against sending money to people you don’t know, offenders have embraced the use of romance fraud (which targeted more women than men in 2019). </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/from-catfish-to-romance-fraud-how-to-avoid-getting-caught-in-any-online-scam-115227">From catfish to romance fraud, how to avoid getting caught in any online scam</a>
</strong>
</em>
</p>
<hr>
<p>Offenders develop relationships and build trust to eventually cheat victims. And as last year’s report notes, they are now initiating relationships through channels other than dating apps, such as Instagram and even the online game <a href="https://www.scamwatch.gov.au/news-alerts/romance-scammers-move-to-new-apps-costing-aussies-more-than-286-million">Words with Friends</a>. </p>
<p>With a focus on building relationships with victims, fraud requests are no longer as outrageous as they once were (although this <a href="https://www.huffingtonpost.com.au/entry/nigerian-astronaut-space-trapped_n_56c2ced4e4b0c3c550527f0b?ri18n=true">Nigerian astronaut</a> scam was an exception). </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=415&fit=crop&dpr=1 600w, https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=415&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=415&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=522&fit=crop&dpr=1 754w, https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=522&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/345694/original/file-20200706-33913-35lkyg.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=522&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">As cybersecurity features such as email spam filters advance, attackers are finding new, innovative ways to deceive victims.</span>
<span class="attribution"><span class="source">Shutterstock</span></span>
</figcaption>
</figure>
<h2>Manipulation and monopolising on emotions</h2>
<p>As we gain a better understanding of how offenders operate, we’re starting to learn how effectively victims can be persuaded. </p>
<p>Fraud relies on the use of <a href="https://eprints.qut.edu.au/66444/">social engineering</a> techniques such as authority and urgency to gain compliance. Offenders often take on the identity of someone with power and status to persuade victims to send money. They also stress the urgency of the request, to stop victims from thinking too much. </p>
<p><a href="https://eprints.qut.edu.au/118434/">Psychological abuse</a> techniques are also used to isolate and monopolise on victims. In this way, offenders try to remove victims from their support networks and place an air of secrecy around their interactions. And this limits a victims ability to seek support when needed. </p>
<p>There has been a greater recognition of the problem across government and industry. Despite this, there’s still often a sense of <a href="https://eprints.qut.edu.au/83702/">shame and embarrassment</a> at being deceived, and victims have difficulty <a href="https://aic.gov.au/publications/tandi/tandi518">reporting</a>. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/inside-the-mind-of-the-online-scammer-127471">Inside the mind of the online scammer</a>
</strong>
</em>
</p>
<hr>
<h2>Defences for the future</h2>
<p>The latest Targeting Scams report shows us offenders are still looking to gain a financial advantage, and will do whatever it takes. While you can’t guarantee safety, there are some simple steps that can help reduce the likelihood of fraud:</p>
<ul>
<li><p>recognise your own vulnerability to fraud. Everyone is a potential target.</p></li>
<li><p>talk about fraud-related experiences with family and friends in a non-judgemental way. Offenders want victims to stay silent.</p></li>
<li><p>in an uncertain situation, don’t feel pressured to xfrespond, as offenders rely on people making quick decisions. Hang up the phone, delete the email, or simply step back.</p></li>
</ul>
<p>Now, more than ever, we must recognise the prevalence of fraud and the ways it impacts individuals and organisations across society. If we can learn from the past decade, maybe we can improve our defences for the next decade. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/TRDgOGf5VAM?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
</figure><img src="https://counter.theconversation.com/content/141289/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Cassandra Cross is affiliated with the Cybersecurity Cooperative Research Centre. She has also received funding from the Australian Institute of Criminology</span></em></p>Last year, men were more likely to report losses to investment fraud, while women were the main target for romance fraud. Overall, men reported higher financial loss.Cassandra Cross, Senior Research Fellow, Faculty of Law, Cybersecurity Cooperative Research Centre, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1397582020-06-02T07:43:54Z2020-06-02T07:43:54ZIs your super money safe? Here’s how you can dodge cyber fraud<figure><img src="https://images.theconversation.com/files/339100/original/file-20200602-133851-85mtzt.jpg?ixlib=rb-1.1.0&rect=53%2C60%2C4414%2C3014&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Alongside growing concerns over a possible <a href="https://www.abc.net.au/radio/programs/coronacast/hello-winter!-is-coronavirus-about-to-get-worse/12305314">resurgence</a> of the coronavirus during winter, the pandemic is now creating even more victims as cybercriminals aim to capitalise on the economic upheaval.</p>
<p>According to <a href="https://www.abc.net.au/news/2020-06-01/scammers-stealing-thousands-through-coronavirus-super-scheme/12301010">news reports</a>, people have had money stolen from their super funds by fraudsters exploiting the COVID-19 early access scheme.</p>
<p>The attackers reportedly used victims’ stolen identity credentials to create <a href="https://au.finance.yahoo.com/news/afp-investigates-early-superannuation-coronavirus-hack-233908986.html">fake myGov accounts and lodge applications</a> for the early release of up to A$10,000 from superannuation accounts. </p>
<p>If you’re worried about accessing the scheme, there are a few ways you can strengthen your protection against fraudsters looking for quick financial gain at your expense.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/dont-be-phish-food-tips-to-avoid-sharing-your-personal-information-online-138613">Don't be phish food! Tips to avoid sharing your personal information online</a>
</strong>
</em>
</p>
<hr>
<h2>Always looking for weak points</h2>
<p>COVID-19 has threatened the national economy and left more than 700,000 people <a href="https://www.abc.net.au/news/2020-04-21/covid-19-costs-6-per-cent-of-jobs-in-3-weeks/12168670">without work</a>. In April, the federal government responded by allowing access to A$10,000 worth of super funds for eligible applicants in this financial year, and a further A$10,000 after June 30, to help sustain people during this difficult time.</p>
<p>Unsurprisingly, cybercriminals have sought to take advantage of flaws in the scheme. </p>
<p>In May, the Australian Taxation Office reportedly found <a href="https://www.skynews.com.au/details/_6154750974001">at least 100 cases</a> of applications lodged using stolen personal information.</p>
<p>It’s not known how attackers managed to access the personal information required for such fraud. It may have been stolen earlier this month from the hacked customer files of a tax agent, as <a href="https://7news.com.au/business/finance/australia-super-scheme-tax-office-freezing-early-access-to-superannuation-due-to-identity-fraud-c-1024707">confirmed by federal home affairs minister Peter Dutton</a>. </p>
<p>Or this may have been a less sophisticated scheme. All it takes to steal identity details is a fake email or web page that looks trustworthy enough to dupe you into sharing your information. </p>
<p>Cybercriminals often try a broad approach, sending the same malicious email to hundreds of thousands of people in the hope someone will fall into the trap. And someone usually does.</p>
<h2>What can you do to stay safe?</h2>
<p>Now is a good time to check your super fund statement to make sure there hasn’t been any unauthorised withdrawal. Even better, you should regularly check all financial statements, including bills. If you see a transaction you don’t remember making, block your bank cards and inform your bank immediately. </p>
<p>Although there are <a href="https://link.springer.com/chapter/10.1007/978-3-642-39736-3_17">algorithms that help detect credit card fraud</a>, you are the only person who can recall whether you made a specific purchase. With <a href="https://abc7news.com/coronavirus-fraud-credit-card-scam-7-on-your-side/6111485/">online shopping booming</a> during lockdown, the <a href="https://www.wired.com/story/magecart-credit-card-skimmers-coronavirus-pandemic/">pool of potential victims</a> has increased.</p>
<p>It’s also common for fraudsters to “test” whether a credit card works by deducting a very small amount (as little as 10 cents) with a generic description such as “service fee” or “<a href="https://www.zdnet.com/article/the-surprising-lesson-i-learned-as-a-victim-of-credit-card-fraud/">top-up charge</a>”. </p>
<p>This may seem insignificant, but for cybercriminals it’s the “perfect crime” as its simplicity and perceived lack of damage means it often escapes detection. Also, the operational costs of committing such a crime are very low, which means more people can be targeted. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/339104/original/file-20200602-133875-1di1q00.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/339104/original/file-20200602-133875-1di1q00.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/339104/original/file-20200602-133875-1di1q00.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/339104/original/file-20200602-133875-1di1q00.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/339104/original/file-20200602-133875-1di1q00.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/339104/original/file-20200602-133875-1di1q00.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/339104/original/file-20200602-133875-1di1q00.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/339104/original/file-20200602-133875-1di1q00.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">In some ways, making very minor deductions from victims’ accounts is a ‘perfect crime’ for cybercriminals. These charges tend to go unnoticed, but add up in the end.</span>
<span class="attribution"><span class="source">Shutterstock</span></span>
</figcaption>
</figure>
<h2>Verify information and report</h2>
<p>One foolproof way to keep your personal information safe from hackers is to double-check the websites you use – whether it’s for online shopping, checking emails or chatting with friends online. Make sure there are no obvious spelling mistakes in the URL, or otherwise. </p>
<p>If in doubt, try to verify the site’s legitimacy through a quick Google search. Often some online cross-checking, or a phone call to an organisation’s official phone number, is enough to reveal a scammer. And if you can’t confirm authenticity, ask yourself: is sharing my details worth the risk? </p>
<p>If anything doesn’t seem right, always report it to the relevant authorities so others don’t fall victim. In Australia and New Zealand, you can report identity theft on <a href="https://www.idcare.org/">IDCARE</a> and any type of cybercrime on the government’s <a href="https://www.cyber.gov.au/report">ReportCyber</a> website.</p>
<p>And if you do become victim to fraud, alert your superannuation provider and bank as soon as possible. Cybercrime victims should always be empowered to report fraud, as this is the first step to potentially getting your money back.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/click-for-urgent-coronavirus-update-how-working-from-home-may-be-exposing-us-to-cybercrime-133778">'Click for urgent coronavirus update': how working from home may be exposing us to cybercrime</a>
</strong>
</em>
</p>
<hr>
<h2>Are more checks needed?</h2>
<p>Some ways to potentially make the early release of super funds more secure include allowing only one verified account per person which should be confirmed, potentially via a physical interview, before any account activity is carried out. Requiring double-factor authentication throughout the process of submitting an application would also be helpful.</p>
<p>The successful exploitation of the scheme indicates the government may have rushed trying to process and complete applications. One member of the public said it <a href="https://www.abc.net.au/news/2020-06-01/scammers-stealing-thousands-through-coronavirus-super-scheme/12301010">took 12 hours</a> to have their application approved.</p>
<p>This sudden administrative efficiency raises reasonable doubt about the level of security checks in place. And if fraudsters have managed to bypass security protocols, it’s very likely more checks will be needed.</p><img src="https://counter.theconversation.com/content/139758/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Roberto Musotto is affiliated with the Cyber Security Research Cooperative Centre (CSCRC), whose activities are partially funded by the Australian Government’s Cooperative Research Centres Programme.</span></em></p>Fraudsters have managed to exploit security gaps in the federal government’s early release of super scheme. Here’s what to look out for.Roberto Musotto, Cyber Security Cooperative Research Centre Postdoctoral Fellow, Edith Cowan UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1392172020-05-29T03:40:08Z2020-05-29T03:40:08ZThere is no specific crime of catfishing. But is it illegal?<figure><img src="https://images.theconversation.com/files/338125/original/file-20200528-143715-18ybz85.jpg?ixlib=rb-1.1.0&rect=0%2C205%2C3928%2C2305&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">www.shutterstock.com</span></span></figcaption></figure><p>Twenty-year-old Sydney woman Renae Marsden died by suicide after she was the victim of an elaborate catfishing scam.</p>
<p>A recent <a href="http://www.coroners.justice.nsw.gov.au/Documents/Marsden%20findings%2020%20May%2020.pdf">coronial investigation</a> into her 2013 death found no offence had been committed by the perpetrator, revealing the difficulties of dealing with this new and emerging phenomenon.</p>
<p>While we wait for law reform in this area, we think police and prosecutors could make better use of our existing laws to deal with these sorts of behaviours.</p>
<h2>What is catfishing?</h2>
<p>“Catfishing” occurs when a person creates a fake profile on social media in order to deceive someone else and abuse them, take their money or otherwise
manipulate and control them. </p>
<p>While statistics about the prevalence of catfishing are elusive, popular dating sites <a href="https://www.eharmony.co.uk/dating-advice/dating/how-to-spot-a-catfish">such as eHarmony</a> and the Australian government’s <a href="https://www.esafety.gov.au/young-people/catfishing">eSafety Commission</a> offer advice about spotting catfishers. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/from-catfish-to-romance-fraud-how-to-avoid-getting-caught-in-any-online-scam-115227">From catfish to romance fraud, how to avoid getting caught in any online scam</a>
</strong>
</em>
</p>
<hr>
<p>Catfishing is also the subject of an <a href="http://www.mtv.com.au/catfish-the-tv-show">MTV reality series</a>, major Hollywood <a href="https://www.imdb.com/title/tt7668870/">films</a>, and <a href="https://theconversation.com/its-not-about-money-we-asked-catfish-why-they-trick-people-online-100381">psychological research</a> on why people do it.</p>
<h2>Dangerous, damaging but not a specific crime</h2>
<p>There is no specific crime of catfishing in Australia. But there are many different behaviours involved in catfishing, which can come under various existing offences. </p>
<p>One of these is financial fraud. In 2018, a Canberra woman pleaded guilty to <a href="http://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/act/ACTSC/2018/285.html">10 fraud offences</a> after she created an elaborate and false online profile on a dating website. She befriended at least ten men online, then lied to them about having cancer and other illnesses and asked them to help her pay for treatment. She obtained more than $300,000. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/338126/original/file-20200528-143682-18oykbs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/338126/original/file-20200528-143682-18oykbs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=376&fit=crop&dpr=1 600w, https://images.theconversation.com/files/338126/original/file-20200528-143682-18oykbs.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=376&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/338126/original/file-20200528-143682-18oykbs.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=376&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/338126/original/file-20200528-143682-18oykbs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=473&fit=crop&dpr=1 754w, https://images.theconversation.com/files/338126/original/file-20200528-143682-18oykbs.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=473&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/338126/original/file-20200528-143682-18oykbs.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=473&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Catfishers create fake online profiles to deceive others.</span>
<span class="attribution"><span class="source">www.shutterstock.com</span></span>
</figcaption>
</figure>
<p>Another crime associated with catfishing is stalking. In 2019, a Victorian woman was <a href="https://www.abc.net.au/news/2019-06-06/lincoln-lewis-catfish-lydia-abdelmalek-sentenced/11184174">convicted of stalking</a> and sentenced to two years and eight months jail after she created a Facebook page where she pretended to be Australian actor Lincoln Lewis. This case is currently <a href="https://www.abc.net.au/news/2020-02-28/lincoln-lewis-catfish-lydia-abdelmalek-directions-hearing/12009492">subject to an appeal</a>.</p>
<h2>The grey area of psychological and emotional abuse</h2>
<p>When catfishing doesn’t involve fraud or threats, but involves psychological and emotional manipulation, it can be more difficult to obtain convictions. </p>
<p>One of the most notorious cases occurred more than a decade ago in the United States. Missouri mother <a href="https://casetext.com/case/us-v-drew-12">Lori Drew</a> catfished a teenager she believed had been unkind to her daughter. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/have-you-caught-a-catfish-online-dating-can-be-deceptive-109702">Have you caught a catfish? Online dating can be deceptive</a>
</strong>
</em>
</p>
<hr>
<p>With the help of her <a href="https://www.theguardian.com/world/2008/nov/26/myspace-suicide-cyber-bully">daughter and young employee</a>, Drew created a fake MySpace profile as a teenage boy and contacted the 13-year-old victim. Online flirting took place until the relationship was abruptly ended. The victim was told that “the world would be a better place without her”. Later that day, she killed herself. </p>
<p>Because the harm suffered by the victim was not physical but psychological, and had been perpetrated online, prosecutors had trouble identifying an appropriate criminal charge. </p>
<p>Eventually, Drew was charged with computer fraud and <a href="https://www.nytimes.com/2008/11/27/us/27myspace.html">found guilty</a>. But the <a href="https://www.wired.com/2009/07/drew-court/">conviction was overturned</a> in 2009 when an appeal court concluded the legislation was never meant to capture this type of behaviour.</p>
<h2>Renae Marsden’s case</h2>
<p>The harm done to Marsden was also psychological and emotional. She was deliberately deceived and psychologically manipulated through the creation of a fake online identity by one of her oldest female friends.</p>
<p>Marsden thought she had met a man online who would become her husband. For almost two years, they exchanged thousands of text and Facebook messages. Marsden ended an engagement to another man so that she could be with the man she met online. They planned their wedding. </p>
<p>When he abruptly ended the relationship, Marsden ended her life.</p>
<p>The coroner described the conduct of Marsden’s catfisher as “appalling” and an “extreme betrayal”, but found that no offence had been committed. She <a href="http://www.coroners.justice.nsw.gov.au/Documents/Marsden%20findings%2020%20May%2020.pdf">observed</a>:</p>
<blockquote>
<p>Where ‘catfishing’ is without threat or intimidation or is not for monetary gain, then the conduct appears to be committed with the intent to coerce and control someone for the purpose of a wish fulfilment or some other gratification. Though such conduct may cause the recipient mental and or physical harm because it is not conduct committed with the necessary intent it falls outside the parameters of a known State criminal offence.</p>
</blockquote>
<h2>Existing laws like manslaughter could apply</h2>
<p>We disagree with the coroner’s conclusion. We think that existing state criminal offences might capture some of this behaviour.</p>
<p>In particular, deliberately deceptive and psychologically manipulative online conduct, resulting in the death of a victim by suicide, could potentially make a perpetrator liable for manslaughter. </p>
<p>This is because a perpetrator who commits the offence of <a href="https://www.legislation.nsw.gov.au/#/view/act/1900/40/part3/div6/sec35">recklessly causing grievous bodily harm</a> (which may include <a href="http://eresources.hcourt.gov.au/showCase/2017/HCA/18">psychological harm</a>), in circumstances where a reasonable person would realise this exposed the victim to an appreciable <a href="http://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/HCA/1992/31.ht">risk of serious injury</a>, could be liable for the crime of “<a href="https://www.judcom.nsw.gov.au/publications/benchbks/criminal/manslaughter.html#p5-980">manslaughter</a> by unlawful and dangerous act”.</p>
<p>Such prosecutions can and should be contemplated as an appropriate response to the serious wrongdoing that has occurred.</p>
<h2>Where to from here?</h2>
<p>Marsden’s <a href="https://www.smh.com.au/national/nsw/parents-of-catfishing-victim-want-laws-changed-and-named-after-renae-20200520-p54uo2.html">parents are pushing</a> for catfishing to be made illegal. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/338127/original/file-20200528-143732-o94gwf.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/338127/original/file-20200528-143732-o94gwf.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/338127/original/file-20200528-143732-o94gwf.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/338127/original/file-20200528-143732-o94gwf.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/338127/original/file-20200528-143732-o94gwf.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/338127/original/file-20200528-143732-o94gwf.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/338127/original/file-20200528-143732-o94gwf.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Teresa and Mark Marsden want catfishing to be made illegal.</span>
<span class="attribution"><span class="source">Dean Lewis/AAP</span></span>
</figcaption>
</figure>
<p>The coroner chose not to recommend a specific offence of catfishing, noting: </p>
<blockquote>
<p>there are complex matters which were not canvassed at the inquest which need to be taken into account before any coronial recommendation involving the introduction of criminal legislation.</p>
</blockquote>
<p>But the report did recommend a closer look at making “<a href="https://theconversation.com/its-time-coercive-control-was-made-illegal-in-australia-114817">coercive control</a>” an offence. </p>
<p>Coercive control involves a wide range of controlling behaviours and could potentially criminalise the sort of psychologically and emotionally abusive conduct Marsden experienced. </p>
<p>It is also on the political agenda. In March, New South Wales Attorney-General Mark Speakman announced he would consult on <a href="https://www.theaustralian.com.au/nation/state-seeks-law-to-ban-coercive-domestic-abuse/news-story/8e7f2519ebad5833d1a54393fa7a458b">possible new “coercive control” laws</a>.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/its-time-coercive-control-was-made-illegal-in-australia-114817">It's time 'coercive control' was made illegal in Australia</a>
</strong>
</em>
</p>
<hr>
<p>We note, however, that the coercive control discussion is happening in the context of domestic violence. Whether prospective new laws can or should extend to catfishing will require careful consideration and drafting.</p>
<p>While we wait for a new offence, we should also ensure that we make use of the laws we already have to protect people from the devastating damage that can be done by catfishing.</p><img src="https://counter.theconversation.com/content/139217/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>There is no specific crime of catfishing in Australia. So we have to make better use of existing laws to address this devastating behaviour.Marilyn McMahon, Deputy Dean, School of Law, Deakin UniversityDr Paul McGorrery, PhD Candidate in Criminal Law, Deakin UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1274712019-12-20T11:41:27Z2019-12-20T11:41:27ZInside the mind of the online scammer<figure><img src="https://images.theconversation.com/files/307894/original/file-20191219-11929-1sopk5m.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/concept-being-robbed-by-scam-127419302">Shutterstock/alphaspirit</a></span></figcaption></figure><p>When Dame Helen Mirren revealed she had been the victim of a <a href="https://www.express.co.uk/news/uk/1199903/Dame-Helen-Mirren-latest-telephone-scam-warning-BBC-Radio-4-news">“humiliating” scam</a> on the press junket for her latest movie (in which, coincidentally, she also plays the victim of a hoax), it highlighted how everyone needs to be on their guard against fraudsters. Even members of the royal family are not immune, as was illustrated when Prince Charles was dragged into a <a href="https://www.mirror.co.uk/news/uk-news/prince-charles-hit-counterfeit-art-20799908">major counterfeit art scandal</a>. But what motives scammers, other than greed? I believe the answer can be gleaned by investigating why humans lie in the first place.</p>
<p>Online fraudsters carry out a sophisticated and well-planned array of deceiving strategies to con people. These include <a href="https://www.bbc.co.uk/news/business-49825888">romance scams</a> in which the victim is enticed to contribute cash to foster a fake romantic relationship, fraudulent lotteries, prize draws, sweepstake games and auction sites. Substantial winnings are offered if the victim can send in some cash. </p>
<p>The fraudsters are <a href="https://www.nbcnews.com/better/lifestyle/scammers-have-upped-their-game-former-conman-shares-tips-protecting-ncna1057631">constantly building better mousetraps</a> in order to lure in increasingly sophisticated mice. For example, scams are being personalised to the victim by including references to familiar people or by targeting the victim’s occupation. </p>
<h2>What’s behind the deception?</h2>
<p>Scams are carried out using almost untraceable methods, so the criminals are often unknown, despite concerted efforts by law enforcement to identify and prosecute them. But the knowledge from several disciplines (<a href="https://www.britannica.com/science/ethology">ethology</a>, social psychology and criminology) can help us to understand them.</p>
<p><strong>Deception to ensure survival</strong></p>
<p>Ethologists study animal behaviour. They have observed that species, including humans, have developed a complex means of deceiving their prey in order <a href="https://journals.sagepub.com/doi/abs/10.1177/1745691614535936">to ensure their survival</a>. For example, ethologists have identified complex forms of deceptions in other species, such as the jumping spider, which uses behavioural and chemical mimicry. This allows them to coexist with ants and feed on them. This is regarded as comparable to humans engaging in embezzlement by which they use their privileged access to resources and reputation for illegally extracting finances from other people. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/vAS3kahu76k?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
</figure>
<p><strong>Altruistic lies?</strong></p>
<p>Social psychologists have found that when humans lie for altruistic purposes or advancement of the group, the lie is often praised rather than denigrated. For example, even young children (aged between five and seven) show a willingness to tell “white lies” in order <a href="https://onlinelibrary.wiley.com/doi/abs/10.1111/bjdp.12083">to make others feel better</a>. Meanwhile other research shows that adults perceive lying that benefits others (because sometimes the truth hurts) <a href="https://www.sciencedirect.com/science/article/abs/pii/S0022103114000328?via%3Dihub">as more “ethical”</a> than honest statements. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/wJCRzgAPwE4?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
</figure>
<p><strong>Typical and serious lies</strong></p>
<p>Social psychological research shows that <a href="https://www.taylorfrancis.com/books/9781351035743">lying is part of normal life</a>. Frequently, people tell everyday lies that are rather benign. Most of these lies are self-serving, but many are designed to benefit others. </p>
<p>People most often tell <a href="https://books.google.co.uk/books?id=uC1NDwAAQBAJ&pg=PT116&lpg=PT116&dq=doi:+http://dx.doi.org/10.1207/s15324834basp2602%263_4&source=bl&ots=b4Yp7Aw_WK&sig=ACfU3U1sEhUyv82mQ4iTYFaGTKveIwdjpQ&hl=en&sa=X&ved=2ahUKEwijj9Dhq8HmAhWJa8AKHRFiB08Q6AEwAHoECAcQAQ#v=onepage&q=doi%3A%20http%3A%2F%2Fdx.doi.org%2F10.1207%2Fs15324834basp2602%263_4&f=false">“serious lies”</a> to their closest relationship partners. They tell serious lies in order to avoid punishment, protect themselves from confrontation, appear a highly desirable person, to protect others and also to hurt their partner. Common serious lies tend to involve affairs and taking money from others without their knowledge. </p>
<h2>Liars, fraudsters and corruption</h2>
<p>Frauds represent a complex array of deceptive behaviour that originates in species and arises, in part, from some of the typical motivations for deception. It is, of course, a criminal activity that is well understood by criminologists. Most criminals are typically male and have parents with criminal records, delinquent peer friends, arrests at a young age and come from poor areas with <a href="https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5892438/">higher crime rates</a>.</p>
<p>Today’s most common online scams are often carried out by people from poor countries. These countries and their government officials are generally regarded as corrupt by <a href="https://www.transparency.org/files/content/pages/2018_CPI_Executive_Summary.pdf">international corruption indexes</a>. Such corruption conveys the message that deception is a desirable strategy. Poverty combined with high corruption contributes to a heightened motivation to deceive others for survival.</p>
<p>The criminals in question tend to have traits of <a href="https://www.sciencedirect.com/science/article/pii/S0047235217301897">psychopathic and antisocial personality disorders</a>. Research has investigated illegal downloading and hacking in adolescents from 30 countries. It was found that “<a href="https://www.cybercrimejournal.com/Udrisvol10issue2IJCC2016.pdf">cyber deviance</a>” was mostly carried out by males and by people who experienced “school disorganisation” (stealing and vandalism) and “neighbourhood disorganisation” (having untrustworthy or criminal neighbours).</p>
<p>These “cyber deviants” tend to have <a href="https://www.cybercrimejournal.com/Udrisvol10issue2IJCC2016.pdf">elevated cognitive ability</a> and, of course, have access to computers and technology. This type of fraud is often well planned and the fraudsters employ a range of deceptive tactics. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/307895/original/file-20191219-11939-8omra0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/307895/original/file-20191219-11939-8omra0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/307895/original/file-20191219-11939-8omra0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=317&fit=crop&dpr=1 600w, https://images.theconversation.com/files/307895/original/file-20191219-11939-8omra0.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=317&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/307895/original/file-20191219-11939-8omra0.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=317&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/307895/original/file-20191219-11939-8omra0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=399&fit=crop&dpr=1 754w, https://images.theconversation.com/files/307895/original/file-20191219-11939-8omra0.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=399&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/307895/original/file-20191219-11939-8omra0.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=399&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">The FBI’s Operation reWired targeted business email compromise (BEC) scammers.</span>
<span class="attribution"><a class="source" href="https://twitter.com/FBI/status/1181660622414630913/photo/1">FBI/Twitter</a></span>
</figcaption>
</figure>
<p>The law tries to keep these criminals at bay. In September 2019, Operation reWired in the US succeeded in prosecuting <a href="https://www.justice.gov/opa/pr/281-arrested-worldwide-coordinated-international-enforcement-operation-targeting-hundreds">281 email scammers</a> from several countries.</p>
<p>But the large numbers of fraudsters who combine deceptive and complex strategies make it extremely difficult to keep these crimes under control. So an understanding of how their minds work and their modus operandi is vital if one is to avoid becoming a victim.</p><img src="https://counter.theconversation.com/content/127471/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Ken Rotenberg does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Ethology, social psychology and criminology can help us understand why humans lie and why scammer scam.Ken Rotenberg, Professor in Psychology, Keele UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1170412019-05-21T08:31:17Z2019-05-21T08:31:17ZThe scandal that should force us to reconsider wellness advice from influencers<figure><img src="https://images.theconversation.com/files/275386/original/file-20190520-69199-vans2m.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Wellness 'gurus' like Belle Gibson (not pictured here) have changed the way we think about our own health. </span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/young-pretty-sporty-girl-taking-selfie-1015910125?src=jRrDhe0RJcMwmHWjfzPerQ-1-9">Budimir Jevtic/Shutterstock</a></span></figcaption></figure><p>Former social media influencer and “wellness guru” Belle Gibson first caught public attention after claiming <a href="https://www.theguardian.com/books/2017/nov/13/behind-belle-gibsons-cancer-con-everything-about-this-story-is-extreme">she cured herself</a> of terminal cancer by rejecting conventional medicine in favour of a healthy diet and lifestyle. Her story was documented on a blog and social media, which became the basis for <a href="https://www.goodreads.com/book/show/24283934-the-whole-pantry">a successful book</a> and app, featuring lifestyle advice and healthy recipes. </p>
<p>In 2015, however, <a href="https://www.bbc.co.uk/news/world-australia-32420070">Gibson was exposed as a fraud</a>. It was revealed that <a href="https://www.theguardian.com/australia-news/2015/apr/22/none-of-its-true-wellness-blogger-belle-gibson-admits-she-never-had-cancer">she never had cancer</a> and failed to donate the proceeds from her app to charity, as promised. Now, she has been <a href="https://www.theguardian.com/australia-news/2019/apr/17/cancer-con-artist-belle-gibson-to-face-court-over-failure-to-pay-410000-penalty">summoned to appear in Federal Court</a> following her failure to pay a AUD410,000 <a href="https://www.premier.vic.gov.au/wp-content/uploads/2017/09/170928-Belle-Gibson-Penalised-For-Misleading-Health-Claims.pdf">penalty for misleading health claims</a>. </p>
<p>Beyond the psychological factors motivating Gibson’s deceit, the scandal raises important questions about the cultural and technological conditions that enable lifestyle gurus to flourish.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/OoIl_K3mXy0?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
</figure>
<h2>The rise of lifestyle gurus</h2>
<p>Claims about how to heal illness through diet and alternative therapies are far from novel. What is new is the unprecedented speed and scale afforded by online transmission. Social media also enables bloggers to monetise their following through advertorials, affiliate programmes and blog shops. The influencer economy has become <a href="https://www.statista.com/statistics/748630/global-instagram-influencer-market-value/">a billion dollar industry</a>, resulting in <a href="http://politybooks.com/bookdetail/?isbn=9781509530175">a surge in the number of “uncertified” bloggers</a> competing to achieve lifestyle guru status.</p>
<p>Although Gibson’s story is seemingly unique, the narrative upon which it was scripted is common to lifestyle gurus. Lifestyle gurus define themselves <a href="https://journals.sagepub.com/doi/full/10.1177/1440783319846188">in opposition to experts</a>. Selectively, they combine elements from science, esoteric systems of knowledge, self-help and positive thinking. The advice given, which often <a href="https://www.theguardian.com/lifeandstyle/2018/sep/01/wellness-hype-superfoods-yoga-price">comes at a commercial premium</a>, appeals to common sense. But practical recommendations to eat more fruit and vegetables, exercise regularly and reduce alcohol consumption are generally followed by pseudoscientific detox products, cleanses, and online services that offer quick fix solutions to complex problems.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/a-dietitian-puts-extreme-clean-eating-claims-to-the-test-and-the-results-arent-pretty-63675">A dietitian puts extreme 'clean eating' claims to the test – and the results aren't pretty</a>
</strong>
</em>
</p>
<hr>
<p>While some influencers claim to be nutritionists, <a href="http://politybooks.com/bookdetail/?isbn=9781509530175">few have the credentials required to give medical advice</a>. Instead, their fame and credibility is derived from a series of techniques. These include carefully constructed personas and narratives of self-transformation, documenting their journey from illness to self-recovery. The personal improvements they document online rest mostly on anecdotal evidence and photographs which reveal their transformation into attractive, ostensibly happier and healthier people. </p>
<p>There is no commitment to independent testing procedures and results by objective, scientific methods. Rather, online metrics (such as followers, likes and shares) validate their status. Lifestyle gurus connect and inspire their followers through disclosing their struggles and vulnerability. Each life crisis, confession and revelation shared online results in more likes and followers.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/275384/original/file-20190520-69169-151wb63.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/275384/original/file-20190520-69169-151wb63.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/275384/original/file-20190520-69169-151wb63.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/275384/original/file-20190520-69169-151wb63.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/275384/original/file-20190520-69169-151wb63.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/275384/original/file-20190520-69169-151wb63.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/275384/original/file-20190520-69169-151wb63.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Compelling photos like this may be used to document a wellness journey.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/young-beautiful-woman-practicing-yoga-mountain-428180422?src=reePK4HMMhQRMd3j4kGS7A-1-7">Yulia Grigoryeva/Shutterstock</a></span>
</figcaption>
</figure>
<p>Social media has altered how we are influenced. Engineered around the quest for visibility and attention, influence is measured by follower counts and engagement. An expert may have credentials and years of experience, but they are unlikely to be as compelling as an attractive lifestyle guru who is “<a href="https://www.independent.co.uk/news/people/instagram-model-natasha-oakley-iskra-lawrence-kayla-itsines-kendall-jenner-jordyn-woods-a6907551.html">instafamous</a>”, with a highly curated social media feed to verify their advice. The issue here is not merely about the risk of misinformation, but the techniques used to influence us to decide what information to trust and who to believe. </p>
<h2>Low trust society</h2>
<p>Our trust in lifestyle gurus is a direct response to the <a href="https://www.gov.uk/government/publications/leveson-inquiry-report-into-the-culture-practices-and-ethics-of-the-press">crisis of confidence</a> in institutions and professionals. We live in a low trust society where the very notion of <a href="https://www.foreignaffairs.com/articles/united-states/2017-02-13/how-america-lost-faith-expertise">expertise has come under scrutiny</a>. In this context, lifestyle gurus use social media to present themselves as ordinary, “authentic”, and accessible by positioning themselves as alternative authorities “outside of the system”. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/how-celebrity-non-experts-and-amateur-opinion-could-change-the-way-we-acquire-knowledge-106002">How celebrity non-experts and amateur opinion could change the way we acquire knowledge</a>
</strong>
</em>
</p>
<hr>
<p><a href="https://goop.com/uk">Gwyneth Paltrow</a> and <a href="https://poosh.com/about">Kourtney Kardashian</a>, for example, both of whom have created lifestyle sites, use their celebrity to give wellness advice and to sell <a href="https://shop.goop.com/shop/collection/wellness/vitamins-and-supplements?country=GBR">vitamins</a> and <a href="https://shop.poosh.com/">supplements</a>. Presenting themselves as our “<a href="https://goop.com/whats-goop/">trusted friend</a>” and <a href="https://poosh.com/about">equal</a>, the whole business of monetary transactions is achieved as a form of mateship, as if everyone is on the same team, set against professionals and elites (despite their celebrity status).</p>
<p>There are tenable reasons behind some of these critiques. In the past, food corporations and governments have <a href="https://journals.sagepub.com/doi/full/10.1177/1440783319846188">acted unethically</a>, experts have got things wrong, and lobbyists have influenced politics and research. <a href="https://theconversation.com/how-celebrity-non-experts-and-amateur-opinion-could-change-the-way-we-acquire-knowledge-106002">Non-experts</a> can make important contributions to public debate, but problems arise when there is uncritical acceptance of influencers’ views as morally superior, entirely trustworthy alternatives.</p>
<p>Blogs and social media have <a href="http://www.unesco.org/new/en/ramallah/communication-information/online-freedom-of-expression/">democratised information</a>, but they have also confounded issues around trust and credibility through altering how we seek advice and how we decide what to believe. It should be no surprise to discover that the low barriers to entry provided by digital technologies create conditions for deceit and exploitation as well as access and participation. What is surprising is the relatively short period of time it has taken for lifestyle gurus to challenge experts by building relations of deep trust and intimacy with consumers. </p>
<p>With over 200,000 followers on Instagram, a book published by Penguin and an app available on Apple, <a href="https://theconversation.com/the-hole-in-the-pantry-story-should-penguin-have-validated-belle-gibsons-cancer-claims-38843">Gibson’s message had legitimacy</a>, influence and global reach. Although she was eventually exposed as a fraud, she had been spreading misinformation for years beforehand. The number of people ready to believe that Gibson knew more about how to treat her purported condition than qualified medical experts is indicative of the power of social media influencers to inform health messaging.</p><img src="https://counter.theconversation.com/content/117041/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Lifestyle gurus define themselves in opposition to experts — but can we really trust what they tell us?Stephanie Alice Baker, Lecturer in Sociology, City, University of LondonChris Rojek, Professor of Sociology, City, University of LondonLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1147062019-05-13T10:37:13Z2019-05-13T10:37:13ZHow cryptocurrency scams work<figure><img src="https://images.theconversation.com/files/273690/original/file-20190509-183112-75zv1.jpg?ixlib=rb-1.1.0&rect=404%2C31%2C4781%2C3421&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Don't end up like this person.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/shocked-stressed-young-woman-reading-bad-1297544869">fizkes/Shutterstock.com</a></span></figcaption></figure><p><a href="https://navms.com/allegedly-head-of-the-bitconnect-cryptocurrency-scam-arrested-in-dubai/">Millions of cryptocurrency investors</a> have been scammed out of massive sums of real money. In 2018, losses from cryptocurrency-related crimes amounted to <a href="https://www.reuters.com/article/us-crypto-currency-crime/cryptocurrency-thefts-scams-hit-1-7-billion-in-2018-report-idUSKCN1PN1SQ">US$1.7 billion</a>. The criminals use both old-fashioned and new-technology tactics to swindle their marks in schemes based on digital currencies exchanged through online databases called blockchains.</p>
<p>From <a href="https://scholar.google.com/citations?user=Qx3YMi4AAAAJ&hl=en&oi=ao">researching</a> <a href="https://doi.org/10.1109/MITP.2017.3051335">blockchain</a>, <a href="https://doi.org/10.1109/MITP.2017.3680961">cryptocurrency</a> and <a href="https://www.springer.com/us/book/9783642115219">cybercrime</a>, I can see that some cryptocurrency fraudsters rely on <a href="https://thenextweb.com/hardfork/2019/04/04/indian-entrepreneur-implicated-in-300-million-bitcoin-ponzi-scheme-gets-bail/">tried-and-true Ponzi schemes</a> that use income from new participants to pay out returns to earlier investors. </p>
<p>Others use <a href="https://www.buzzfeednews.com/article/ryanmac/cryptocurrency-scammers-are-running-wild-on-telegram">highly automatized and sophisticated processes</a>, including automated software that interacts with Telegram, an internet-based instant-messaging system popular among people interested in cryptocurrencies. Even when a cryptocurrency plan is legitimate, fraudsters can still <a href="https://theconversation.com/how-can-criminals-manipulate-cryptocurrency-markets-97294">manipulate its price in the marketplace</a>.</p>
<p>An even more basic question arises, though: How are unsuspecting investors attracted to cryptocurrency frauds in the first place? </p>
<h2>Fast-talking swindlers</h2>
<p>Some cryptocurrency fraudsters appeal to people’s greed, promising big returns. For example, an unknown group of entrepreneurs runs the scam bot iCenter, which is a <a href="https://medium.com/@nickcryptoltc/ponzi-investment-schemes-new-and-improved-on-the-blockchain-icenter-co-f9ee68f6c8fe">Ponzi scheme for Bitcoin and Litecoin</a>. It doesn’t provide information on investment strategies, but somehow <a href="https://www.buzzfeednews.com/article/ryanmac/cryptocurrency-scammers-are-running-wild-on-telegram">promises investors 1.2% daily returns</a>.</p>
<p>The iCenter scheme operates through a group chat on Telegram. It starts with a small group of scammers who are in on the racket. They get a referral code that they share with others, in blogs and on social media, hoping to get them to join the chat. Once there, the newcomers see encouraging and exciting messages from the original scammers. Some newcomers decide to invest, at which point they are assigned an individual bitcoin wallet, into which they can deposit bitcoins. They agree to wait some period of time – 99 or 120 days – to receive a significant return.</p>
<p>During that time, the newcomers often use <a href="https://thenextweb.com/hardfork/2018/12/17/cryptocurrency-italy-silly-scams/">social media to share their own referral codes</a> with friends and contacts, bringing more people into the group chat and into the investment scheme. There’s no actual investment of the funds in any legitimate business. Instead, when new people join, the person who recruited them gets a percentage of the new funds, and the cycle continues, paying out to earlier participants from each round of newer investors.</p>
<p>Some members work especially hard to bring in new funds, posting <a href="https://www.buzzfeednews.com/article/ryanmac/cryptocurrency-scammers-are-running-wild-on-telegram">tutorial videos and pictures of themselves holding large amounts of money</a> as enticements to join the scam.</p>
<h2>Lies and more lies</h2>
<p>Some scammers go for straight-up deception. The founders of scam cryptocurrency OneCoin <a href="https://cointelegraph.com/news/us-district-attorney-charges-onecoin-founders-with-billions-in-alleged-fraud">defrauded investors of $3.8 billion</a> by convincing people their <a href="https://qz.com/1568908/onecoin-is-unraveling-as-a-cryptocurrency-pyramid-scheme/">nonexistent cryptocurrency was real</a>.</p>
<p>Other scams are based on impressing potential victims with jargon or claims of specialized knowledge. The Global Trading scammers claimed they took advantage of <a href="https://www.wsj.com/articles/bitcoins-crashing-that-wont-stop-arbitrage-traders-from-raking-in-millions-1517749201">price differences on various cryptocurrency exchanges</a> to profit from what is called arbitrage – simply buying cheaply and selling at higher prices. Really they just took investors’ money.</p>
<p>Global Trading used a bot on Telegram, too – investors could send a balance inquiry message and <a href="https://www.buzzfeednews.com/article/ryanmac/cryptocurrency-scammers-are-running-wild-on-telegram">get a response with false information</a> about how much was in their account, sometimes even seeing balances <a href="https://steemit.com/bitconnect/@jjona/global-trading-bot-promising-6-gains-per-day">climb by 1% in an hour</a>. With returns looking like that, who could blame people for <a href="https://steemit.com/bitconnect/@jjona/global-trading-bot-promising-6-gains-per-day">sharing the scheme</a> with their friends and family on social media?</p>
<h2>Exploiting friends and family</h2>
<p>Once a scheme has started, it stays alive – at least for a while – through social media. One person gets taken in by the promise of big returns on cryptocurrency investments and spreads the word to <a href="https://news.bitcoin.com/crypto-scams-comprise-0-6-fraud-australian-consumer-watchdog/">friends and family members</a>.</p>
<p>Sometimes big names get involved. For instance, the kingpin behind <a href="https://entrackr.com/2019/04/amit-bhardwaj-bail-bitoin/">GainBitcoin</a> and other alleged scams in India convinced a number of Bollywood celebrities to <a href="https://www.ccn.com/indian-authorities-round-up-on-bitcoin-scammers-properties-worth-60-million">promote his book, “Cryptocurrency for Beginners</a>.” He even tried to make himself <a href="https://cointelegraph.com/news/india-crypto-scamsters-bhardwaj-brothers-arrested-for-duping-investors-out-of-300-mln">a bit of a celebrity</a>, proclaiming himself a “<a href="https://www.prnewswire.com/in/news-releases/cryptocurrency-guru-amit-bhardwaj-launches-pioneering-e-book-632585663.html">cryptocurrency guru</a>,” as he <a href="https://www.ccn.com/indian-police-find-crucial-clues-in-300-million-gainbitcoin-scam">led</a> <a href="https://www.businesstoday.in/current/corporate/cryptocurrency-guru-arrested-for-bitcoin-ponzi-schemes-scam-could-run-into-rs-13000-crore/story/274255.html">efforts</a> <a href="https://captainaltcoin.com/scam-alert-mcap-coin-is-dead-as-a-dodo/">that</a> <a href="https://www.crowdfundinsider.com/2018/12/142666-indian-police-arrest-10-in-gb21-crypto-ponzi-fraud-case/">cost</a> investors between <a href="https://coinjournal.net/exit-scam-vietnamese-cryptocurrency-company-goes-dark-after-allegedly-duping-investors-of-us660m/">$769 million and $2 billion</a>.</p>
<p>Not all the celebrities know they’re involved. In one blog post, iCenter featured a video that purported to be an <a href="https://www.buzzfeednews.com/article/ryanmac/cryptocurrency-scammers-are-running-wild-on-telegram">endorsement by Dwayne “The Rock” Johnson</a>, holding a sign featuring iCenter’s logo. Videos of Justin Timberlake and Christopher Walken were deceptively edited so they appeared to praise iCenter, too.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/3yGlurBytwA?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Dwayne ‘The Rock’ Johnson does not actually endorse this cryptocurrency scam.</span></figcaption>
</figure>
<h2>Fraudulent initial coin offerings</h2>
<p>Another popular scam technique is called an “initial coin offering.” A potentially legitimate investment opportunity, an initial coin offering essentially is a way for a startup cryptocurrency company to raise money from its future users: In exchange for sending active cryptocurrencies like bitcoin and ethereum, customers are promised a discount on the new cryptocoins.</p>
<p>Many initial coin offerings have <a href="https://ethereumworldnews.com/consumers-lose-100-million-ico-exit-scams/">turned out to be scams</a>, with organizers engaging in cunning plots, even renting fake offices and creating fancy-looking marketing materials. In 2017, a lot of hype and media coverage about cryptocurrencies fed a huge wave of initial coin offering fraud. In 2018, <a href="https://www.cryptoglobe.com/latest/2018/12/nearly-1000-dead-cryptocurrency-projects-identified-by-coinopsy-deadcoins/">about 1,000 initial coin offering efforts</a> collapsed, costing backers at least $100 million. Many of these projects had no original ideas – <a href="https://www.wsj.com/graphics/whitepapers/">more than 15% of them</a> had copied ideas from other cryptocurrency efforts, or even plagiarized supporting documentation.</p>
<p>Investors looking for returns in a new technology sector are still interested in blockchains and cryptocurrencies – but should beware that they are complex systems that are new even to those who are selling them. Newcomers and relative experts alike have fallen prey to scams. </p>
<p>In an environment like the current cryptocurrency market, potential investors should be very careful to research what they’re putting their money into and be sure to find out who is involved as well as what the actual plan is for making real money – without defrauding others.</p><img src="https://counter.theconversation.com/content/114706/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Nir Kshetri does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Cryptocurrency fraudsters have swindled their victims out of hundreds of millions – even billions – of dollars. What do they do to earn people’s trust and then take their money?Nir Kshetri, Professor of Management, University of North Carolina – GreensboroLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1152272019-04-30T20:13:35Z2019-04-30T20:13:35ZFrom catfish to romance fraud, how to avoid getting caught in any online scam<figure><img src="https://images.theconversation.com/files/271706/original/file-20190430-136784-11vbpdq.jpg?ixlib=rb-1.1.0&rect=183%2C259%2C1405%2C893&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Casey Donovan (right) talks about her catfish experience during her interview with Andrew Denton (left) on Channel 7.</span> <span class="attribution"><span class="source">Andrew Denton: Interview</span></span></figcaption></figure><p>Australian singer-songwriter Casey Donovan opened up again last night about the six years she thought she was involved in a relationship with a man she never met, someone called “Campbell”.</p>
<p>The Australian Idol winner told the <a href="https://7plus.com.au/andrew-denton-interview">Andrew Denton: Interview show</a>, on Channel 7, how she was a victim of catfishing – a cruel hoax in which someone creates a false identity to play on the romantic emotions of a person by pretending to be someone they’re not, either online or, in Donovan’s case, over the phone.</p>
<p>“Hope kept me there,” <a href="https://www.facebook.com/watch/?v=2337566352970407">she told the program</a>. “To think that no-one could actually do that to another human being and to think of all the shit I’d already encountered in my life, to be at that point and to […] just have everything fall apart, it really hurt.”</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/the-abuse-tactics-fraudsters-use-to-break-the-hearts-and-wallets-of-those-looking-online-for-love-93663">The abuse tactics fraudsters use to break the hearts and wallets of those looking online for love</a>
</strong>
</em>
</p>
<hr>
<p>Donovan has <a href="https://www.news.com.au/entertainment/music/casey-donovans-bizarre-confession-my-sixyear-relationship-was-a-hoax/news-story/9b45d2496a06fbcea6e376cd42a6f2f2">spoken about her case before</a> and there are many others who have been catfished – just do a quick search of YouTube.</p>
<p>There are some similarities between catfishing and online romance fraud, something I’ve been involved in studying for more than ten years.</p>
<p>So is there anything we can do to avoid being deceived by both? </p>
<h2>They play with your heart</h2>
<p>My <a href="https://eprints.qut.edu.au/view/person/Cross,_Cassandra.html">research on romance fraud</a> has focused on the use of online deception to destroy both the hearts and wallets of victims worldwide.</p>
<p>Latest figures on romance fraud in Australia show victims <a href="https://www.accc.gov.au/publications/targeting-scams-report-on-scam-activity/targeting-scams-report-of-the-accc-on-scam-activity-2018">lost more than A$24 million in 2018 cases reported to ScamWatch</a>, run by the Australian Competition and Consumer Commission. About A$19.5 million were losses reported by women.</p>
<p>While catfishing arguably uses the same types of deception and manipulation as romance fraud, the ultimate end goal is different. Those who catfish others online usually don’t have a financial motive.</p>
<p>Unfortunately, there are no known statistics on the prevalence of catfishing, so the extent of this type of victimisation is largely unknown. </p>
<p>While the statistics on romance fraud are problematic – the 2018 ScamWatch figure is up $4.1 million on the year before – it is still officially recognised as a form of fraud and a legitimate form of victimisation. </p>
<p>Catfishing itself is not a crime. It is only the deception associated with it that can be classed as fraud, and is therefore criminal.</p>
<h2>A catfish captured</h2>
<p>Earlier last month, Lydia Abdelmalek was <a href="https://www.abc.net.au/news/2019-04-09/lincoln-lewis-fake-catfish-internet-stalker-court-trial/10919538">found guilty</a> in a Melbourne Court of stalking six people.</p>
<p>Adbelmalek was also a catfish. </p>
<p>In her case she took on the persona of Australian actor Lincoln Lewis to deceive several women online. The depth of her deception and the extent of her harassment and ongoing threatening behaviour to her victims tragically resulted in <a href="https://www.abc.net.au/news/2019-04-09/lincoln-lewis-warns-of-social-media-catfish-dangers/10985118">one of her victims taking her own life</a>.</p>
<p>Abdelmalek is to be sentenced in June.</p>
<h2>Victim violation</h2>
<p>The sense of violation and betrayal is common across both romance fraud and catfishing. </p>
<p>In romance fraud, it is termed the “<a href="https://fido.nrk.no/d6f57fd73b9898b42c8c322c961c8255f370677fbac5272b71d86047a5359b66/Whitty_romance_scam_report.pdf," title="The Psychology of the Online Dating Romance Scam">double hit</a>” of victimisation, whereby the emotional loss is actually more severe and traumatising than the financial loss itself.</p>
<p>This same sense of emotional harm is evident in the case of those who are catfished. </p>
<p>The same issues around acknowledgement of victimisation and reporting are consistent. Many victims likely do not ever realise they are involved in a relationship with someone who doesn’t exist or who has been lying to them. </p>
<p>If they are aware, it is also likely that many do not report or disclose to family or friends. The level of embarrassment, shame and <a href="https://eprints.qut.edu.au/83702/" title="No laughing matter: Blaming the victim of online fraud">stigmatisation</a> experienced by victims is likely to be similar. </p>
<h2>How it works</h2>
<p>The techniques used by catfish are similar in many ways to what we know about <a href="https://eprints.qut.edu.au/118434/" title="Understanding romance fraud: Insights from domestic violence research">romance fraud</a>.</p>
<p>The same social engineering techniques, the same grooming process that seeks to develop trust and rapport with the victim. The same level of patience used by offenders to maintain the ruse for weeks, months, and even years in the case of Donovan. </p>
<p>Nobody sets out to be a victim of online deception, whether it is catfishing or romance fraud. These perpetrators identify a weakness or vulnerability in a potential victim, and exploit this by whatever means necessary.</p>
<h2>Why do people catfish?</h2>
<p>There is limited research as to why individuals engage in online deception, across both catfishing and romance fraud. For romance fraud, there is a strong argument that offenders are motivated to defraud victims for financial reasons.</p>
<p>There is also emerging links of romance fraud to <a href="https://torontosun.com/2017/02/02/scam-artist-who-posed-as-fictitious-soldier-faces-extradition/wcm/b6d8fd0e-3f29-4997-8c59-202799eb91e1">global organised crime</a> networks. </p>
<p>But this does not hold for catfishing. Rather, the small amount of <a href="https://www.qt.com.au/news/its-hard-to-stop-the-addiction-the-reasons-why-peo/3477706/">research</a> that explores the reasons fuelling catfish activities, link to a perpetrator’s feelings of loneliness, low self-esteem, escapism, and a desire to explore their sexuality through a different persona.</p>
<p>These are all focused on the offender themselves, rather than being concentrated on any victim characteristic. </p>
<p>Given the extent of the harm incurred by online deception, it is imperative to gain a better understanding of the factors which motivate those behind both romance fraud and catfishing. </p>
<h2>How not to get caught in a scam</h2>
<p>Online deception is difficult to guard against. How can you convince someone that the person they are in love with is not real?</p>
<p>In the case of romance fraud, all prevention messages revolve around the inevitable <a href="https://www.scamwatch.gov.au/types-of-scams/dating-romance">request to send money</a>. But in the case of catfishing, this message is redundant. </p>
<p>But there are similar signs to look out for. A refusal to meet in person or sometimes to communicate via other social media platforms. Inconsistencies in the stories used by those who perpetrate these acts. A gut feeling that something is not quite right. </p>
<p>On the <a href="https://www.imdb.com/title/tt2498968/">US television documentary series Catfish</a>, hosts Nev and Max use a range of techniques to try to find the real identities of those who are behind the online catfish.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/UhLSg61iXbg?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Caught out!</span></figcaption>
</figure>
<p>Sometimes, a simple reverse image search on pictures used by the catfish may provide answers. </p>
<p>Ultimately, looking for love or friendship online comes with risk, in the same way that driving to work each day carries with it an understood level of risk.</p>
<p>But we should not disengage from social media or communicating online. Instead, we need to take precautions to reduce the likelihood that we become victims to online deception, in the form of either catfishing or romance fraud.</p><img src="https://counter.theconversation.com/content/115227/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Cassandra Cross has received funding from the Criminology Research Grants program, Australian Institute of Criminology. </span></em></p>Whether you’re caught by a catfish or an online romance scammer, both use similar techniques to play with your emotions.Cassandra Cross, Senior Lecturer in Criminology, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/936632018-04-04T20:01:51Z2018-04-04T20:01:51ZThe abuse tactics fraudsters use to break the hearts and wallets of those looking online for love<figure><img src="https://images.theconversation.com/files/213069/original/file-20180404-189810-d4xrt6.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Romance fraudsters trap their victims using use similar techniques to those seen in domestic violence cases.</span> <span class="attribution"><span class="source">Shutterstock/Ogovorka </span></span></figcaption></figure><p>The techniques used by fraudsters in online romance scams are similar to those found in domestic violence cases, according to our research published in the <a href="https://doi.org/10.1093/bjc/azy005">British Journal of Criminology last month</a>. </p>
<p>The finding may help to tackle the problem with more than A$4.5 million lost by Australians caught in romance and dating scams in the <a href="https://www.scamwatch.gov.au/about-scamwatch/scam-statistics?scamid=13&date=2018">first two months of this year alone</a>.</p>
<p>According to the latest figures from the Australian Competition and Consumer Commission’s ScamWatch, that’s up on the same period last year. </p>
<iframe src="https://datawrapper.dwcdn.net/jK9Xh/1/" scrolling="no" frameborder="0" allowtransparency="true" width="100%" height="235"></iframe>
<p>The majority of the money lost was from reports of fraudsters using online services including social media, email and the internet.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/why-we-need-to-do-more-for-the-victims-of-online-fraud-and-scams-59670">Why we need to do more for the victims of online fraud and scams</a>
</strong>
</em>
</p>
<hr>
<p>Despite the growing problem there is little social science research exploring romance fraud. So far, most of it has focused on the <a href="https://academic.oup.com/bjc/article/53/4/665/396759">grooming techniques</a> offenders use to lure victims into simulated relationships. </p>
<p>But this is only part of the story. How is it that offenders convince victims to send money?</p>
<p>In <a href="https://academic.oup.com/bjc/advance-article/doi/10.1093/bjc/azy005/4935144">our latest research</a>, we found the non-violent techniques the romance fraudsters use are similar to those encountered in domestic violence.</p>
<h2>The victims’ stories</h2>
<p>As part of a <a href="http://crg.aic.gov.au/reports/1617/29-1314-FinalReport.pdf">larger previous study</a>, we interviewed 21 victims of romance fraud, each whom thought they had met someone special but each were ultimately defrauded of at least A$10,000. Their stories are devastating. </p>
<p>Listening to victims describe their interactions with fraudsters, we noticed some similarities between romance fraud and the psychological abuse used by domestic violence offenders. </p>
<p>Psychological abuse has long been recognised as a central part of domestic violence, along with physical and sexual violence. Despite recent attention to <a href="https://theconversation.com/australia-should-be-cautious-about-introducing-laws-on-coercive-control-to-stem-domestic-violence-87579">coercive control</a>, we were surprised to learn how little research has been conducted on psychological abuse in the context of domestic violence.</p>
<p>Accordingly, we used a classification of psychologically abusive tactics constructed by <a href="http://psycnet.apa.org/record/1992-97990-014">psychologists in the 1990s</a> to see if the nine major categories of abuse they identified could be applied to romance fraud. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/the-victims-verdict-what-happens-when-they-try-to-report-online-fraud-64109">The victims' verdict: what happens when they try to report online fraud</a>
</strong>
</em>
</p>
<hr>
<p>Although our interviews came from a larger study that didn’t ask directly about psychological abuse, 16 of the victims in our sample (12 women and four men) described eight of the nine types of psychological abuse. We discuss four examples here.</p>
<h2>Isolation</h2>
<p>Isolation occurs when offenders interrupt the support networks of their victims. Romance fraud offenders were quick to move communication with victims off the dating and social media platforms and onto private email or messaging.</p>
<p>They spun this in a positive way, about becoming “exclusive” and “serious”.</p>
<p>But moving off community sites also circumvents safety mechanisms such as platforms’ prohibition of requests for money. Offenders also encouraged keeping the relationship secret.</p>
<blockquote>
<p><strong>Interview 25</strong>: She (offender) very quickly asked to move away from the site to a personal email, which looking back at what I know now, I would never do again.</p>
<p><strong>Interview 15</strong>: And now I think the secrecy made it easier for him (offender) … because I was saying my kids would kill me if they knew what I was doing, and he said well you are a grown woman you don’t have to do what your kids say.</p>
</blockquote>
<h2>Monopolisation</h2>
<p>Monopolisation refers to offender efforts to consume the attention of their victims throughout the day. </p>
<blockquote>
<p><strong>Interview 12</strong>: Sometimes if I am not on the computer and I am doing other stuff, he will ask me, oh were you on Facebook? He appeared on my Facebook, he also got all my details of my Facebook. And also when I am not online sometimes he could see the little light lit up to see if I am in there, so he would ask me, you know, what are you doing online?</p>
</blockquote>
<h2>Degradation</h2>
<p>Degradation is behaviour that makes others feel less worthy. This includes verbal abuse such as name-calling, insults, and questioning the competency of victims. </p>
<blockquote>
<p><strong>Interview 3</strong>: He started to get quite nasty, and I thought this isn’t love. And then when I reported it, he was so, so angry… </p>
<p><strong>(later in the interview)</strong> He was just abusive; it was like he was a little child and he couldn’t get the candy. Tantrums were thrown.</p>
<p><strong>Interview 11</strong>: He was very pushy and even abused me on the phone a few times, very upsetting, had me terribly upset. He just kept on until I had nothing left (money) to send him.</p>
</blockquote>
<h2>Emotional or interpersonal withdrawal</h2>
<p>While the above techniques are active, psychological abuse also involves passive tactics. Romance fraud offenders periodically cut off communication. This resulted in victims becoming anxious about the status of their relationship or the well-being of the offender. </p>
<blockquote>
<p><strong>Interview 6</strong>: It was just emails to start with and then she (offender) disappeared for two weeks and I did not know what was going on … then (she) came back two weeks later. So I did not know what was going on, I thought she might have been abducted or something.</p>
<p><strong>Interview 24</strong>: Sometimes I wouldn’t hear from him (offender) for a week or so, then he’d be back online again. I could just never ever see him, ‘cause I used to keep questioning the trust thing. That’s when he used to throw out, ‘Don’t you trust me? We’ll have a life together’.</p>
</blockquote>
<h2>The impact of psychological abuse in romance fraud</h2>
<p>These examples offer a glimpse into the dynamics of romance fraud. Despite the lack of a physical relationship, romance fraud offenders could manipulate victims by exploiting their hopes for a relationship and using psychological manipulation.</p>
<p>The fact that these tactics were persuasive enough to get victims to send large amounts of money to offenders illustrates how effective even non-physical forms of abuse can be. </p>
<p>Research on the non-physical abuse in the context of domestic violence has documented severe consequences for victims, including ongoing symptoms of <a href="https://theconversation.com/why-its-so-hard-to-prosecute-cases-of-coercive-or-controlling-behaviour-66108">trauma</a>. </p>
<p>Romance fraud victims reported similar outcomes including adverse effects on their physical health, depression, breakdown of their supportive relationships, unemployment, homelessness and even contemplation of suicide. </p>
<blockquote>
<p><strong>Interview 5</strong>: I have come close to ending my life, honestly, I still feel that way.</p>
<p><strong>Interview 16</strong>: I had one final conversation with her (a romance fraud perpetrator) and said 'I am going to commit suicide’, which is how I was feeling at the time.</p>
</blockquote>
<h2>Moving forward</h2>
<p>Psychological abuse is an important part of the complex dynamics of interpersonal offending. Victims of romance fraud and domestic violence are often blamed for the crimes committed against them. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/banks-cant-fight-online-credit-card-fraud-alone-and-neither-can-you-82088">Banks can't fight online credit card fraud alone, and neither can you</a>
</strong>
</em>
</p>
<hr>
<p>Research on psychological abuse can help us to better understand how victims become entrapped in abusive relationships over time and document the harms from non-physical forms of abuse. </p>
<p>This exploratory study shows how insights from research on non-physical abuse can inform romance fraud and domestic violence research in the future.</p>
<p>Although it has been relatively neglected by researchers compared to physical violence, we need to understand psychological manipulation in order to effectively prevent, intervene and respond to both romance fraud and domestic violence.</p>
<hr>
<p><em>If you think you or someone you know has been scammed, please contact ScamWatch for help at <a href="https://www.scamwatch.gov.au/">www.scamwatch.gov.au</a> or to report romance fraud please contact the Australian Cybercrime Online Reporting Network (<a href="https://report.acorn.gov.au/">ACORN</a>).</em></p><img src="https://counter.theconversation.com/content/93663/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Cassandra Cross received funding for this research from the Criminology Research Grant Scheme 29/13-14. </span></em></p><p class="fine-print"><em><span>Molly Dragiewicz does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Why do people continue to send money when caught in any online romance scam? Researchers are now finding the techniques these fraudsters use are similar to those in domestic violence cases.Cassandra Cross, Senior Lecturer in Criminology, Queensland University of TechnologyMolly Dragiewicz, Associate Professor, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/894232018-02-20T11:39:51Z2018-02-20T11:39:51ZNorth Korea’s growing criminal cyberthreat<figure><img src="https://images.theconversation.com/files/205121/original/file-20180206-88799-jfeluf.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Money is a crucial target for North Korea's hacking efforts.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/north-koreas-bitcone-hacking-hacker-bitcond-782624338">rega rega/Shutterstock.com</a></span></figcaption></figure><p>The countries posing the greatest cyberthreats to the United States are <a href="https://theconversation.com/tracing-the-sources-of-todays-russian-cyberthreat-81593">Russia</a>, <a href="https://theconversation.com/how-the-chinese-cyberthreat-has-evolved-82469">China</a>, <a href="https://theconversation.com/following-the-developing-iranian-cyberthreat-85162">Iran</a> and North Korea. Like its counterparts, Kim Jong Un’s regime engages in substantial cyber espionage. And like Russia and Iran, it launches damaging cyberattacks that wipe data from computer disks and shut down online services.</p>
<p>But the North Korean cyberthreat is different in two ways. First, the regime’s online power did not grow out of groups of independent hackers. Even today, it seems unlikely the country has hackers who operate independent of the government. Second, North Korea’s cybercrime efforts – all seemingly state-sponsored – steal money that is then used to fund its cash-strapped government.</p>
<h2>Government-controlled hacking</h2>
<p>One reason for North Korea’s apparent lack of independent hackers is that most North Koreans do not have internet access. Although the country has had an <a href="https://arstechnica.com/information-technology/2017/10/as-us-launches-ddos-attacks-n-korea-gets-more-bandwidth-from-russia/">internet connection through China</a> for several years, <a href="https://fas.org/sgp/crs/row/R44912.pdf">it’s reserved</a> for elites and foreign visitors. Would-be hackers can’t launch attacks across borders; they can’t even pick up hacking manuals, code and tips from the many online forums that other hackers in other nations use to learn the trade and share information.</p>
<p>On top of that, North Korea maintains exceptionally strong controls over its population. Any hacking attributed to North Korea is likely done for the government if not by the government directly.</p>
<h2>State-sponsored hackers</h2>
<p>North Korea’s <a href="http://www.keia.org/publication/north-koreas-cyber-warfare-and-challenges-us-rok-alliance">cyber warriors</a> work primarily for the General Bureau of Reconnaissance or the General Staff Department of the Korean People’s Army. Prospective candidates are selected from schools across the country and trained in cyber operations at <a href="http://www.zdnet.com/article/a-glimpse-into-the-world-of-north-koreas-hacking-elite/">Pyongyang University of Automation</a> and other colleges and universities. By 2015, the South Korean military estimated the KPA employed <a href="http://www.telegraph.co.uk/news/worldnews/asia/northkorea/11329480/North-Korea-doubles-its-cyber-warfare-team-to-6000-troops.html">up to 6,000 cyber warfare experts</a>.</p>
<p>North Korean hackers operate from facilities in <a href="http://www.keia.org/publication/north-koreas-cyber-warfare-and-challenges-us-rok-alliance">China and other foreign countries</a> where their government sends or permits them to work. Indeed, the country has reportedly sent hundreds of hackers into nearby countries to <a href="https://www.bloomberg.com/news/features/2018-02-07/inside-kim-jong-un-s-hacker-army">raise money</a> for the regime. Many of the cyberattacks attributed to North Korea have been <a href="https://www.reuters.com/article/us-cyber-northkorea-exclusive/exclusive-north-koreas-unit-180-the-cyber-warfare-cell-that-worries-the-west-idUSKCN18H020">traced back to locations inside China</a>.</p>
<h2>From espionage to sabotage</h2>
<p>North Korea has been using cyber operations <a href="http://faculty.nps.edu/dedennin/publications/CNO%20threat.pdf">to spy on</a> the U.S. and South Korea since at least 2004. U.S. targets have included <a href="https://www.nytimes.com/2017/10/10/world/asia/north-korea-hack-war-plans.html">military entities</a> and the State Department. North Korea uses cyber espionage to acquire foreign technology, including <a href="http://money.cnn.com/2017/10/31/news/north-korea-hack-stole-south-korea-warship-plans/index.html">technologies relating to weapons</a> of mass destruction, unmanned aerial vehicles and missiles.</p>
<p>By 2009, North Korea had expanded its cyber operations to include acts of sabotage. The first of these <a href="https://www.csmonitor.com/Technology/Horizons/2009/0708/north-korean-hackers-blamed-for-sweeping-cyber-attack-on-us-networks">took place in July 2009</a>, when massive distributed denial of service (DDoS) attacks shut down targets in the U.S. and South Korea. The attackers also used “wiper” malware to delete data on disks.</p>
<p>North Korea has continued to <a href="https://www.symantec.com/connect/blogs/four-years-darkseoul-cyberattacks-against-south-korea-continue-anniversary-korean-war">launch DDoS and disk-wiping attacks</a> over the years, targeting banks as well as other military and civilian systems in the U.S. and South Korea. A cyberattack in April 2011 against South Korea’s agricultural banking cooperative Nonghyup was said to <a href="https://www.reuters.com/article/us-korea-north-cyber/north-korea-hackers-behind-attack-on-s-korea-bank-prosecutors-idUSTRE7421Q520110503">shut down the bank’s credit card and ATM services</a> for more than a week.</p>
<p>In December 2014, the North’s attackers hit desktop computers in a South Korean <a href="https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/korean-nuclear-plant-faces-data-leak-and-destruction">nuclear plant</a> with wiper malware that destroyed not only the data on hard drives, but also the master boot record startup software, making recovery more difficult. In addition, the attack stole and leaked blueprints and employee information from the plant.</p>
<p>North Korea has also been accused of trying to <a href="https://www.nbcnews.com/news/north-korea/experts-north-korea-targeted-u-s-electric-power-companies-n808996">hack electric power companies</a> in the U.S. and a <a href="https://www.thestar.com/news/gta/2018/01/23/metrolinx-targeted-by-north-korean-cyberattack.html">railroad system</a> in Canada.</p>
<h2>The attack on Sony</h2>
<p>The attack on the nuclear facility took place about a month after North Korea attacked <a href="https://fortune.com/sony-hack-part-1/">Sony Pictures</a> with wiper malware that zapped <a href="https://www.washingtonpost.com/news/the-switch/wp/2014/12/18/the-sony-pictures-hack-explained/?utm_term=.04b27501bbc7">over 4,000 of the company’s desktop computers</a> and servers. The attackers also stole and posted pre-release movies and <a href="https://www.theguardian.com/technology/2014/dec/14/sony-pictures-email-hack-greed-racism-sexism">sensitive, often embarrassing, emails</a> and other data taken from the company.</p>
<p>Calling themselves the “Guardians of Peace,” the attackers demanded that Sony withhold release of the satirical film “<a href="http://www.imdb.com/title/tt2788710/">The Interview</a>,” which depicts an assassination attempt against North Korea’s leader, Kim Jong-un. The attackers also <a href="https://www.theguardian.com/film/2014/dec/16/employees-sue-failure-guard-personal-data-leaked-hackers">threatened violence</a> against any movie theaters showing the film. </p>
<p>Although theaters initially canceled their scheduled showings, ultimately <a href="https://deadline.com/2017/04/as-north-korea-rumbles-insiders-tell-how-small-players-stood-tall-helping-sonys-the-interview-1202069868/">the film was released</a> both online and in theaters. North Korea’s <a href="https://www.cfr.org/blog/north-koreas-offensive-cyber-program-might-be-good-it-effective">coercive attempts</a> failed, as they have in other cases. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/205123/original/file-20180206-88799-tgyq0v.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/205123/original/file-20180206-88799-tgyq0v.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/205123/original/file-20180206-88799-tgyq0v.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=377&fit=crop&dpr=1 600w, https://images.theconversation.com/files/205123/original/file-20180206-88799-tgyq0v.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=377&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/205123/original/file-20180206-88799-tgyq0v.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=377&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/205123/original/file-20180206-88799-tgyq0v.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=474&fit=crop&dpr=1 754w, https://images.theconversation.com/files/205123/original/file-20180206-88799-tgyq0v.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=474&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/205123/original/file-20180206-88799-tgyq0v.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=474&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">North Korea was not happy that Sony planned to release ‘The Interview,’ a comedy depicting the fictional killing of national leader Kim Jong Un.</span>
<span class="attribution"><a class="source" href="http://www.apimages.com/metadata/Index/North-Korea-Bombs-and-Bluster/4e04bb1b9f864d04995e83d0ec61b919/22/0">AP Photo/Ahn Young-joon</a></span>
</figcaption>
</figure>
<h2>Financial crimes</h2>
<p>In recent years, North Korea started <a href="https://motherboard.vice.com/en_us/article/8xvnmv/facebook-is-disrupting-north-korean-hacking-operations">using cyber operations</a> to generate revenue for the government. This is done through several illicit means, including outright theft of funds, extortion and <a href="https://www.thecipherbrief.com/kim-digs-cybercrime-coin-sanctions-cant-snatch">cryptocurrency mining</a>. </p>
<p>In early 2016, the regime came close to stealing US$951 million from the <a href="https://www.nytimes.com/2016/05/27/business/dealbook/north-korea-linked-to-digital-thefts-from-global-banks.html">Bangladesh Central Bank</a> over the global SWIFT financial network. Fortunately, because of a misspelling, they only succeeded in moving $81 million. Analysts attributed the attack to the “<a href="https://www.cfr.org/blog/north-koreas-offensive-cyber-program-might-be-good-it-effective">Lazarus Group</a>,” the same group believed to be behind many of the attacks tied to North Korea, including those against Sony and other banks.</p>
<p>The Lazarus Group has also been <a href="https://www.cnn.com/2017/12/18/politics/white-house-tom-bossert-north-korea-wannacry/index.html">blamed</a> for the <a href="https://www.csoonline.com/article/3227906/ransomware/what-is-wannacry-ransomware-how-does-it-infect-and-who-was-responsible.html">WannaCry</a> ransomware that spread to computers in 150 countries in 2017. After encrypting data on a victim’s computer, the malware demanded payment in the bitcoin digital currency to get access back.</p>
<p>North Korea has been <a href="https://www.bloomberg.com/news/articles/2018-01-02/north-korean-hackers-hijack-computers-to-mine-cryptocurrencies">mining cryptocurrencies</a> on hacked computers as well. The hijacked machines run software that “earns” the digital currency by performing a computationally difficult task. The funds are then directed into an account tied to the hackers. </p>
<p>North Korean hackers also <a href="https://www.scmagazineuk.com/more-evidence-emerges-of-north-korea-targeting-cryptocurrency-industry/article/719498/">attack cryptocurrency exchanges</a>. They have reportedly <a href="http://www.scmp.com/news/world/article/2131470/north-korea-barely-wired-so-how-did-it-become-global-hacking-power">stolen millions of dollars</a> worth of bitcoin from two exchanges in South Korea and attempted thefts from 10 others.</p>
<h2>A cybercrime power</h2>
<p>Like other countries, North Korea uses cyber espionage and cyber sabotage to acquire secrets and harm adversaries. But it stands out from other countries in its use of <a href="https://www.fastcompany.com/40525120/north-korea-hackers-money-bitcoin-cryptocurrency-theft-sanctions">cybercrime to finance</a> its programs. This is perhaps not surprising given North Korea’s <a href="https://fas.org/sgp/crs/row/RL33324.pdf">history of counterfeiting</a> U.S. currency and using other <a href="https://www.thedailybeast.com/are-cyber-crooks-funding-north-koreas-nukes">illicit activities</a> to acquire funds.</p>
<p>The introduction of online transactions and digital currencies, coupled with inadequate cybersecurity, has opened the doors to North Korea for illicitly acquiring funds by new means. Given the country’s appetite for building nuclear and other weapons, as well as the effects of economic sanctions, it seems likely that North Korea will continue to seek ways of exploiting the cyber world for economic advantage.</p><img src="https://counter.theconversation.com/content/89423/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Dorothy Denning does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>North Korea’s cyber army is closely controlled by the ruling regime – a key difference from other countries’ cyberattack and espionage groups.Dorothy Denning, Emeritus Distinguished Professor of Defense Analysis, Naval Postgraduate SchoolLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/875662018-01-04T04:33:37Z2018-01-04T04:33:37ZTrust in digital technology will be the internet’s next frontier, for 2018 and beyond<figure><img src="https://images.theconversation.com/files/199508/original/file-20171215-17857-cns8cs.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Trust in online systems varies around the world.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/technologies-connect-people-mixed-media-588071525">Sergey Nivens/Shutterstock.com</a></span></figcaption></figure><p>After decades of unbridled enthusiasm – bordering on <a href="https://www.npr.org/sections/health-shots/2017/05/18/527799301/is-internet-addiction-real">addiction</a> – about all things digital, the public may be <a href="https://www.nytimes.com/2017/10/11/insider/tech-column-dread.html">losing trust in technology</a>. <a href="https://www.washingtonpost.com/news/theworldpost/wp/2017/10/09/pierre-omidyar-6-ways-social-media-has-become-a-direct-threat-to-democracy/">Online information isn’t reliable</a>, whether it appears in the form of news, search results or user reviews. Social media, in particular, is <a href="https://www.pbs.org/newshour/show/social-media-giants-are-vulnerable-to-foreign-propaganda-what-can-they-do-to-change">vulnerable to manipulation</a> by hackers or foreign powers. Personal data <a href="https://hbr.org/2017/12/what-would-you-pay-to-keep-your-digital-footprint-100-private">isn’t necessarily private</a>. And people are increasingly worried about automation and artificial intelligence <a href="https://www.nytimes.com/2017/11/30/technology/ai-will-transform-the-economy-but-how-much-and-how-soon.html">taking humans’ jobs</a>.</p>
<p>Yet, around the world, people are both increasingly dependent on, and distrustful of, digital technology. They don’t behave as if they mistrust technology. Instead, people are using technological tools more intensively in all aspects of daily life. In recent research on <a href="https://sites.tufts.edu/digitalplanet/executive-summary/">digital trust in 42 countries</a> (a collaboration between Tufts University’s Fletcher School of Law and Diplomacy, where I work, and Mastercard), my colleagues and I found that this paradox is a global phenomenon. </p>
<p>If today’s technology giants don’t do anything to address this unease in an environment of growing dependence, people might start looking for more trustworthy companies and systems to use. Then Silicon Valley’s powerhouses could see their business boom go bust.</p>
<h2>Economic power</h2>
<p>Some of the concerns have to do with how big a role the technology companies and their products play in people’s lives. <a href="http://www.cnn.com/2016/06/30/health/americans-screen-time-nielsen/index.html">U.S. residents already spend 10 hours a day</a> in front of a screen of some kind. One in 5 Americans say they are online “<a href="http://www.pewresearch.org/fact-tank/2015/12/08/one-fifth-of-americans-report-going-online-almost-constantly/">almost constantly</a>.” The tech companies have enormous reach and power. <a href="http://money.cnn.com/2017/06/27/technology/facebook-2-billion-users/index.html">More than 2 billion people</a> use Facebook every month.</p>
<p><a href="http://gs.statcounter.com/search-engine-market-share">Ninety percent of search queries worldwide</a> go through Google. Chinese e-retailer, Alibaba, organizes the biggest shopping event worldwide every year on Nov. 11, which this year brought in <a href="http://www.businessinsider.com/alibabas-singles-day-bigger-than-black-friday-cyber-monday-combined-2017-11">US$25.3 billion in revenue</a>, more than twice what U.S. retailers sold between Thanksgiving and Cyber Monday last year. </p>
<p>This results in enormous wealth. All six companies in the world <a href="https://www.bloomberg.com/news/articles/2017-11-21/tencent-s-292-billion-rally-ousts-facebook-from-global-top-five">worth more than $500 billion</a> are tech firms. The <a href="https://business.linkedin.com/talent-solutions/blog/employer-brand/2017/revealing-the-25-most-sought-after-employers-globally">top six most sought-after companies to work for</a> are also in tech. Tech <a href="https://www.wsj.com/articles/tech-boom-creates-new-order-for-world-markets-1511260200">stocks are booming</a>, in ways reminiscent of the giddy days of the <a href="http://www.businessinsider.com/heres-why-the-dot-com-bubble-began-and-why-it-popped-2010-12">dot-com bubble</a> of 1997 to 2001. With emerging technologies, including the “<a href="https://www.fool.com/investing/2017/12/13/2-tech-giants-are-teaming-up-for-the-internet-of-t.aspx">internet of things</a>,” <a href="http://www.sciencemag.org/news/2017/12/are-we-going-too-fast-driverless-cars">self-driving cars</a>, <a href="https://www.wired.com/story/future-of-bitcoin-blockchain-2018/">blockchain</a> systems and <a href="https://economictimes.indiatimes.com/jobs/by-2020-artificial-intelligence-will-create-more-jobs-than-it-eliminates-gartner/articleshow/62053363.cms">artificial intelligence</a>, tempting investors and entrepreneurs, the reach and power of the industry is only likely to grow. </p>
<p>This is particularly true because <a href="https://www.cisco.com/c/en/us/solutions/service-provider/vni-network-traffic-forecast/infographic.html">half the world’s population</a> is still not online. But networking giant Cisco projects that <a href="https://www.cisco.com/c/en/us/solutions/service-provider/vni-network-traffic-forecast/infographic.html">58 percent of the world</a> will be online by 2021, and the volume of internet traffic per month per user will grow 150 percent from 2016 to 2021.</p>
<p>All these users will be deciding on how much to trust digital technologies.</p>
<h2>Data, democracy and the day job</h2>
<p>Even now, the reasons for collective unease about technology are piling up. Consumers are learning to be worried about the security of their personal information: News about a data breach involving <a href="https://www.ft.com/content/6943d9ab-c91b-3718-928e-67a802a9c463">57 million</a> Uber accounts follows on top of reports of a breach of <a href="https://www.nytimes.com/2017/10/02/business/equifax-breach.html">the 145.5 million consumer data records</a> on Equifax and every Yahoo account – <a href="http://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html">3 billion</a> in all. </p>
<p><a href="https://www.nytimes.com/2017/10/31/us/politics/facebook-twitter-google-hearings-congress.html">Russia was able to meddle</a> with Facebook, Google and Twitter during the 2016 election campaign. That has raised concerns about whether the openness and reach of digital media is a threat to the functioning of democracies.</p>
<p>Another technological threat to society comes from workplace automation. The management consulting firm, McKinsey, estimates that it could <a href="https://www.mckinsey.com/global-themes/future-of-organizations-and-work/what-the-future-of-work-will-mean-for-jobs-skills-and-wages">displace one-third of the U.S. workforce</a> by 2030, even if a different set of technologies create new <a href="https://www.mckinsey.com/global-themes/future-of-organizations-and-work/the-digital-future-of-work-is-the-9-to-5-job-going-the-way-of-the-dinosaur">“gig” opportunities</a>.</p>
<p>The challenge for tech companies is that they operate in global markets and the extent to which these concerns affect behaviors online varies significantly around the world. </p>
<h2>Mature markets differ from emerging ones</h2>
<p><a href="https://sites.tufts.edu/digitalplanet/executive-summary/">Our research</a> uncovers some interesting differences in behaviors across geographies. In areas of the world with smaller digital economies and where technology use is still growing rapidly, users tend to exhibit more trusting behaviors online. These users are more likely to stick with a website even if it loads slowly, is hard to use or requires many steps for making an online purchase. This could be because the experience is still novel and there are fewer convenient alternatives either online or offline.</p>
<p>In the mature digital markets of Western Europe, North America, Japan and South Korea, however, people have been using the internet, mobile phones, social media and smartphone apps for many years. Users in those locations are less trusting, prone to switching away from sites that don’t load rapidly or are hard to use, and abandoning online shopping carts if the purchase process is too complex.</p>
<p>Because people in more mature markets have less trust, I would expect tech companies to invest in trust-building in more mature digital markets. For instance, they might speed up and streamline processing of e-commerce transactions and payments, or more clearly label the sources of information presented on social media sites, as the <a href="https://www.scu.edu/ethics/focus-areas/journalism-ethics/programs/the-trust-project/">Trust Project</a> is doing, helping to identify authenticated and reliable news sources.</p>
<p>Consider Facebook’s situation. In response to criticism for allowing fake Russian accounts to distribute fake news on its site, CEO Mark Zuckerberg boldly <a href="https://www.cnbc.com/2017/11/01/facebook-says-costs-will-rise-to-go-after-fake-news.html">declared that</a>, “Protecting our community is more important than maximizing our profits.” However, according to the company’s chief financial officer, Facebook’s 2018 operating expenses could increase by <a href="https://www.cnbc.com/2017/11/01/facebook-says-costs-will-rise-to-go-after-fake-news.html">45 to 60 percent</a> if it were to invest significantly in building trust, such as <a href="https://www.popsci.com/Facebook-hiring-3000-content-monitors">hiring more humans to review posts</a> and <a href="https://thenextweb.com/facebook/2017/08/03/facebook-enlists-ai-in-war-on-fake-news/">developing artificial intelligence systems</a> to help them. Those costs would lower Facebook’s profits.</p>
<p>To strike a balance between profitability and trustworthiness, Facebook will have to set priorities and deploy advanced trust-building technologies (e.g. vetting locally generated news and ads) in only some geographic markets.</p>
<h2>The future of digital distrust</h2>
<p>As the boundaries of the digital world expand, and more people become familiar with internet technologies and systems, their distrust will grow. As a result, companies seeking to enjoy consumer trust will need to invest in becoming more trustworthy more widely around the globe. Those that do will likely see a competitive advantage, winning more loyalty from customers.</p>
<p>This risks creating a new type of digital divide. Even as one global inequality disappears – more people have an opportunity to go online – some countries or regions may have significantly more trustworthy online communities than others. Especially in the less-trustworthy regions, users will need governments to enact strong digital policies to protect people from fake news and fraudulent scams, as well as regulatory oversight to protect consumers’ data privacy and human rights.</p>
<p>All consumers will need to remain on guard against overreach by heavy-handed authorities or autocratic governments, particularly in parts of the world where consumers are new to using technology and, therefore, more trusting. And they’ll need to keep an eye on companies, to make sure they invest in trust-building more evenly around the world, even in less mature markets. Fortunately, digital technology makes watchdogs’ work easier, and also can serve as a megaphone – such as on social media – to issue alerts, warnings or praise.</p><img src="https://counter.theconversation.com/content/87566/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bhaskar Chakravorti directs the Institute for Business in the Global Context that receives funding from Mastercard, Microsoft and the Gates Foundation. </span></em></p>Around the world, people are both increasingly dependent on, and distrustful of, digital technology. New research suggests ways this conflict could unfold.Bhaskar Chakravorti, Senior Associate Dean, International Business & Finance, Tufts UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/820882017-08-08T05:00:18Z2017-08-08T05:00:18ZBanks can’t fight online credit card fraud alone, and neither can you<figure><img src="https://images.theconversation.com/files/181305/original/file-20170808-25514-2w1qw5.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Online credit card fraud is on the rise in Australia. What can we do?</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/closer-credit-card-background-232260670?src=V_2QsPKHq_H1WXAql_D4Gw-1-44">Ti_ser/Shutterstock</a></span></figcaption></figure><p>Online credit card fraud is on the rise in Australia, but pointing the finger at any one group won’t help. It’s an ecosystem problem: from the popularity of online shopping, to the insecure sites that process our transactions, and the banks themselves.</p>
<p><a href="http://www.apca.com.au/docs/default-source/fraud-statistics/australian_payments_fraud_details_and_data_2017.pdf">A recent report</a> from the Australian Payments Network found that:</p>
<ul>
<li>the overall amount of fraud on Australian cards increased from A$461 million in 2015 to A$534 million in 2016</li>
<li>“card not present” fraud increased to A$417.6 million in 2016, up from A$363 million in 2015</li>
<li> 78% of all fraud on Australian cards in 2016 was “card not present” fraud.</li>
</ul>
<p>“Card not present” fraud happens when valid credit card details are stolen and used to make purchases or other payments without the physical card, mainly online or by phone. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/inside-the-fight-against-malware-attacks-81433">Inside the fight against malware attacks</a>
</strong>
</em>
</p>
<hr>
<p>While these numbers may seem alarming, it’s important to put them in context. Australians are increasingly carrying out transactions online; the report notes that we made 8.1 billion card transactions totalling A$715.5 billion in 2016.</p>
<p>The shift towards online credit card fraud also comes at the cost of other types of fraud. Cheque fraud, for example, was down to A$6.4 million in 2016, from A$8.4 million in 2015. </p>
<p>Still, it’s fair to ask: are the banks doing enough to keep our details secure?</p>
<h2>The banks and security</h2>
<p>The banks currently have a range of measures in place to protect customers from card fraud:</p>
<ul>
<li><p><em>Chip and pin:</em> Australia mandates the use of “chip and pin” technology. This replaced the need to swipe the magnetic strip on credit cards and is recognised as being <a href="http://www.zdnet.com/article/emv-why-the-world-adopted-it/">more secure</a>.</p></li>
<li><p><em>Two-factor authentication:</em> Many Australian banks use text messages or tokens that generate a unique, time-limited code to help verify the legitimacy of transactions.</p></li>
<li><p><em>Monitoring of customer habits:</em> Australian banks typically have a complex set of algorithms that monitor the spending habits and transactions of their customers. They frequently have the ability to identify a suspicious (often fraudulent) transaction and block it.</p></li>
</ul>
<p>Overall, Australian financial institutions are investing time and technology into the prevention of fraud. However, <a href="http://www.abc.net.au/news/2017-08-03/cba-risks-massive-fines-over-law-breaches/8770992">recent allegations</a> that the Commonwealth Bank of Australia breached anti-money laundering laws suggest that the big banks are not immune from the problem.</p>
<h2>Data breaches and malware</h2>
<p>Credit card fraud is going where the action is.</p>
<p><a href="http://www.nielsen.com/au/en/insights/news/2016/information-is-crucial-for-online-australian-shoppers.html">According to the research company Neilsen</a>, “nearly all online Australians have used the internet to do some form of purchasing activity”. This means that Australians are increasingly sharing their credit card details with companies around the world. </p>
<p>Large-scale <a href="http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/">data breaches</a> are a common occurrence. Many organisations have been compromised in some way, including Australian companies like <a href="https://www.cso.com.au/article/585904/after-kmart-david-jones-confirms-hack-too-un-patched-ibm-websphere-blame/">Kmart and David Jones</a>. A variety of personal information can be exposed, and this often includes customers’ credit card details.</p>
<p>Batches of stolen credit card details can be sold on the <a href="https://www.businessinsider.com.au/heres-how-much-your-personal-data-costs-on-the-dark-web-2015-5?r=US&IR=T">dark web</a> to other motivated offenders. In one <a href="https://www.theguardian.com/technology/2015/oct/30/stolen-credit-card-details-available-1-pound-each-online">UK example</a>, such details were being sold for as little as £1 per card. </p>
<p>Offenders are also using different types of malware, or computer viruses, to obtain the personal information of unsuspecting victims. In many cases, this includes bank account and credit card details through successful phishing attempts (or spam emails). </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/everyone-falls-for-fake-emails-lessons-from-cybersecurity-summer-school-81389">Everyone falls for fake emails: lessons from cybersecurity summer school</a>
</strong>
</em>
</p>
<hr>
<h2>The liability fight</h2>
<p>Banks will generally refund customers for any fraudulent losses incurred on their credit cards. However, customer must take “<a href="http://www.apca.com.au/docs/default-source/fraud-statistics/australian_payments_fraud_details_and_data_2017.pdf">due care with their confidential data</a>”.</p>
<p>There is also <a href="https://www.commbank.com.au/content/dam/commbank/personal/apply-online/download-printed-forms/CC2-01062010.pdf">an onus</a> on the customer to check their credit card statements and notify their bank of any suspicious activity. </p>
<p>But this may not always be the case. In 2016, the former Metropolitan Police Commissioner in the UK <a href="http://www.bbc.com/news/business-35890028">made headlines</a> for suggesting that customers should not be refunded by banks if they failed to protect themselves from fraud. </p>
<p>Instead, he argued that customers were being “<a href="https://www.theguardian.com/uk-news/2016/mar/24/dont-refund-online-victims-met-chief-tells-banks">rewarded for bad behaviour</a>” rather than being encouraged to adopt cyber-safety practices, such as antivirus software and strong passwords. </p>
<p>These statements were met with anger by many advocacy groups who equated them with victim blaming. It was further exacerbated by a <a href="http://www.telegraph.co.uk/personal-banking/current-accounts/banks-shouldnt-refund-online-fraud-victims-says-police-chief/">leaked proposal</a> by the City of London Police to shift the responsibility of fraud losses from banks to the individual. </p>
<p>While this recommendation was never adopted, the tension may continue to grow when it comes to fraud liability.</p>
<h2>Looking for answers</h2>
<p>Pointing the finger of blame at any one party is not a constructive solution. Banks alone cannot combat online credit card fraud. Neither can their customers. </p>
<p>There are simple steps to reduce the likelihood of online fraud: having up-to-date antivirus software and strong passwords is an important step. There are sites such as <a href="https://haveibeenpwned.com/Passwords">haveibeenpwned</a> that demonstrate how vulnerable and exposed our passwords can be. </p>
<p>Still, it’s difficult to protect against social engineering techniques used by offenders to manipulate victims into handing over their personal details. Not to mention, the risks posed by third-party data breaches, which are beyond the control of individuals. </p>
<p>The introduction of <a href="https://www.legislation.gov.au/Details/C2017A00012">mandatory data breach reporting legislation</a> in Australia in 2017 may have a positive impact. By requiring organisations to let their customers know when their personal information has been compromised, individuals can be proactive about cancelling cards, changing passwords and taking out credit reports to check for fraudulent activity. </p>
<p>Businesses also need to recognise the importance of protecting their customer information. It is critical to overcome the mentality that cybersecurity is simply a <a href="https://www2.deloitte.com/au/en/pages/risk/articles/cybercrime-tech-problem.html">technology problem</a> or an <a href="https://www.ft.com/content/f6b50038-92a1-11e5-bd82-c1fb87bef7af">IT issue</a>. It should be firmly on the corporate management agenda.</p>
<p>Fraud is inevitable, regardless of the technology being used. Collaborative efforts between banks, businesses, government and individual consumers must improve.</p>
<p>No one group alone can effectively end online credit card fraud. Nor should they be expected to.</p><img src="https://counter.theconversation.com/content/82088/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Cassandra Cross has received funding from the Criminology Research Grants Scheme (Australian Institute of Criminology). </span></em></p>The banks are dealing with rising rates of online credit card fraud, but they can’t fix it on their own.Cassandra Cross, Senior Lecturer in Criminology, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/785422017-07-10T06:12:49Z2017-07-10T06:12:49ZCredit card fraud: what you need to know<figure><img src="https://images.theconversation.com/files/177342/original/file-20170707-28931-4gns9.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Online frauds on credit cards are on the rise especially during holidays.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/96223380@N02/17774424385">Mighty Travels/Flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span></figcaption></figure><p>If you are the owner of a credit or a debit card, there is a non-negligible chance that you may be subject to fraud, like <a href="http://fortune.com/2017/02/01/credit-card-chips-fraud/">millions of other people around the world</a>.</p>
<p>Starting in the 1980s, there has been an impressive increase in the use of credit, debit and pre-paid cards internationally. According to an October 2016 <a href="https://www.nilsonreport.com/upload/content_promo/The_Nilson_Report_10-17-2016.pdf">Nilson Report</a>, in 2015 more than US$31 trillion were generated worldwide by these payment systems, up 7.3% from 2014.</p>
<p>In 2015, seven in eight purchases in Europe were <a href="https://www.axa-research.org/en/projects/bruno-buonaguidi">made electronically</a>. </p>
<p>Thanks to new online money-transfer systems, such as Paypal, and the spread of e-commerce around the world – including, increasingly, in the developing world - which was <a href="https://www.americanbanker.com/opinion/how-digital-payments-can-transform-the-developing-world">slow to adopt online payments</a> – these trends are expected to continue.</p>
<p>Thanks to leading companies such as Flipkart, Snapdeal and Amazon India (which together had <a href="http://tech.economictimes.indiatimes.com/news/internet/etail-giants-like-snapdeal-amazon-lose-market-share-in-2015-small-etailers-emerge-as-real-winners/51148399">80% of the Indian e-commerce market share in 2015</a>) as well as Alibaba and JingDong (which had upwards of <a href="https://marketingtochina.com/alibabas-tmall-lose-market-share-china">70% of the Chinese market in 2016</a>), electronic payments are reaching massive new consumer populations.</p>
<p>This is a goldmine for cybercriminals. According to the Nilson Report, worldwide losses from card fraud rose to US$21 billion in 2015, up from about US$8 billion in 2010. By 2020, that number is expected to reach US$31 billion.</p>
<p>Such costs include, among other expenses, the refunds that banks and credit card companies make to defrauded clients (many banks in the West cap consumers’ liability at US$50 as long as the crime is reported <a href="https://www.consumer.ftc.gov/articles/0213-lost-or-stolen-credit-atm-and-debit-cards">within 30 days for credit cards and within two days for debit cards</a>. This incentivises banks to make significant <a href="https://www.ovum.com/press_releases/banks-to-boost-spending-on-payment-technologies-in-2016.">investments in anti-fraud technologies</a>. </p>
<p>Cybercrime costs vendors in other ways too. They are charged with providing customers with a high standard of security. If they are negligent in this duty, credit card companies may charge them the cost of reimbursing a fraud. </p>
<h2>The types of frauds</h2>
<p>There are many kinds of credit card fraud, and they change so frequently <a href="https://www.acorn.gov.au/learn-about-cybercrime">as new technologies enable novel cybercrimes</a> that it’s nearly impossible to list them all. </p>
<p>But there are two main categories: </p>
<ul>
<li><p><strong>card-not-present (CNP) frauds:</strong> This, the most common kind of fraud, occurs when the cardholder’s information is stolen and used illegally without the physical presence of the card. This kind of fraud usually occurs online, and may be the result of so-called “<a href="https://theconversation.com/phishing-scams-are-becoming-ever-more-sophisticated-and-firms-are-struggling-to-keep-up-73934">phishing</a>” emails sent by fraudsters impersonating credible institutions to steal personal or financial information via a contaminated link.</p></li>
<li><p><strong>card-present-frauds:</strong> This is less common today, but it’s still worth watching out for. It often takes the form of “<a href="https://www.thebalance.com/g00/how-credit-card-skimming-works-960773?i10c.referrer=">skimming</a>” – when a dishonest seller swipes a consumer’s credit card into a device that stores the information. Once that data is used to make a purchase, the consumer’s account is charged.</p></li>
</ul>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/177347/original/file-20170707-29852-jgkjk7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/177347/original/file-20170707-29852-jgkjk7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=450&fit=crop&dpr=1 600w, https://images.theconversation.com/files/177347/original/file-20170707-29852-jgkjk7.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=450&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/177347/original/file-20170707-29852-jgkjk7.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=450&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/177347/original/file-20170707-29852-jgkjk7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=566&fit=crop&dpr=1 754w, https://images.theconversation.com/files/177347/original/file-20170707-29852-jgkjk7.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=566&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/177347/original/file-20170707-29852-jgkjk7.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=566&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Credit card machine are sometimes used in the fraud called ‘skimming’ in which your card details are duplicated.</span>
<span class="attribution"><a class="source" href="https://commons.wikimedia.org/wiki/File:Credit_card_terminal.jpg">Izcool/Wikimedia</a></span>
</figcaption>
</figure>
<h2>The mechanism of a credit card transaction</h2>
<p>Credit card fraud is facilitated, in part, because credit card transactions are a simple, two-step process: authorisation and settlement.</p>
<p>At the beginning, those involved in the transaction (customer, card issuer, merchant and merchant’s bank) send and receive information to authorise or reject a given purchase. If the purchase is authorised, it is settled by an exchange of money, which usually takes place several days after the authorisation. </p>
<p>Once a purchase had been authorised, there is no going back. That means that all fraud detection measures must be done during in the first step of a transaction.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/177349/original/file-20170707-29852-126ibrx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/177349/original/file-20170707-29852-126ibrx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/177349/original/file-20170707-29852-126ibrx.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/177349/original/file-20170707-29852-126ibrx.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/177349/original/file-20170707-29852-126ibrx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/177349/original/file-20170707-29852-126ibrx.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/177349/original/file-20170707-29852-126ibrx.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Buying online is practical and fast…yet risky when we do not known the vendors or their websites well.</span>
<span class="attribution"><a class="source" href="https://www.pexels.com/photo/person-using-black-and-white-smartphone-and-holding-blue-card-230544/">Photo Mix/Pexels</a></span>
</figcaption>
</figure>
<p>Here’s how it works (in a dramatically simplified fashion).</p>
<p>Once companies such as Visa or Mastercard have licensed their brands to a <a href="https://www.thebalance.com/credit-card-issuer-959984">card issuer</a> – a lender like, say, Barclays Bank – and to the merchant’s bank, they fix the terms of the transaction agreement. </p>
<p>Then, the card issuer physically delivers the credit card to the consumer. To make a purchase with it, the cardholder gives his card to the vendor (or, online, manually enters the card information), who forwards data on the consumer and the desired purchase to the merchant’s bank.</p>
<p>The bank, in turn, routes the required information to the card issuer for analysis and approval – or rejection. The card issuer’s final decision is sent back to both the merchant’s bank and the vendor. </p>
<p>Rejection may be issued only in two situations: if the balance on the cardholder’s account is insufficient or if, based on the data provided by the merchant’s bank, there is suspicion of fraud. </p>
<p>Incorrect suspicions of fraud is inconvenient for the consumer, whose purchase has been denied and whose card may summarily be blocked by the card issuer, and poses a reputational damage to the vendor.</p>
<h2>How to counter frauds?</h2>
<p>Based on <a href="https://www.axa-research.org/en/projects/bruno-buonaguidi">my research</a>, which examines how advanced statistical and probabilistic techniques could better detect fraud, sequential analysis – coupled with new technology – holds the key.</p>
<p>Thanks to the continuous monitoring of cardholder expenditure and information – including the time, amount and geographical coordinates of each purchase – it should be possible to develop a computer model that would calculate the probability that a purchase is fraudulent. If the probability passes a certain threshold, the card issuer would be issued an alarm. </p>
<p>The company could then decide to either block the card directly or undertake further investigation, such as calling the consumer.</p>
<p>The strength of this model, which applies a well-known mathematical theory called optimal stopping theory to fraud detection, is that it aims at either maximising an expected payoff or minimising an expected cost. In other words, all the computations would be aimed at limiting the frequency of false alarms.</p>
<p>My research is still underway. But, in the meantime, to reduce significantly the risk of falling victim to credit card fraud, here are some golden rules.</p>
<p>First, never click on links in emails that ask you to provide personal information, even if the sender appears to be your bank.</p>
<p>Second, before you buy something online from an unknown seller, google the vendor’s name to see whether consumer feedback has been mainly positive.</p>
<p>And, finally, when you make online payments, check that the webpage address starts with <strong>https://</strong>, a communication protocol for secure data transfer, and confirm that the web page does not contain grammatical errors or strange words. That suggests it may be a fake designed solely to steal your financial data.</p>
<hr>
<figure class="align-right ">
<img alt="" src="https://images.theconversation.com/files/202296/original/file-20180117-53314-hzk3rx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/202296/original/file-20180117-53314-hzk3rx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=121&fit=crop&dpr=1 600w, https://images.theconversation.com/files/202296/original/file-20180117-53314-hzk3rx.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=121&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/202296/original/file-20180117-53314-hzk3rx.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=121&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/202296/original/file-20180117-53314-hzk3rx.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=152&fit=crop&dpr=1 754w, https://images.theconversation.com/files/202296/original/file-20180117-53314-hzk3rx.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=152&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/202296/original/file-20180117-53314-hzk3rx.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=152&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption"></span>
</figcaption>
</figure>
<p><em>Created in 2007, the <a href="https://www.axa-research.org">Axa Research Fund</a> supports more than 500 projets around the world conducted by researchers from 51 countries.</em></p><img src="https://counter.theconversation.com/content/78542/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bruno Buonaguidi receives funding (post-doctoral fellowhip) from Axa Research Fund. </span></em></p>Cyber financial crime is on the rise globally. Here’s how you can stay safe.Bruno Buonaguidi, Researcher, InterDisciplinary Institute of Data Science, Università della Svizzera italianaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/737912017-03-13T15:42:38Z2017-03-13T15:42:38ZThe view that ‘419’ makes Nigeria a global cybercrime player is misplaced<figure><img src="https://images.theconversation.com/files/159570/original/image-20170306-20733-1lf0tgj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Nigeria is in the top three of the world’s worst cybercrime perpetrators.</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>The contemptuous label of “cyber-criminals” is the figurative sword with which the Nigerian image is generally being hacked and left for dead. <a href="http://press.uchicago.edu/ucp/books/book/distributed/C/bo21637229.html">According</a> to Professor Biko Agozino of Virginia Tech university, </p>
<blockquote>
<p>“there is a long standing demonisation of Nigeria as being full of criminals.” </p>
</blockquote>
<p>This unfortunate generalisation, especially in the media, has a far-reaching negative impact on the overall image of Nigeria as a nation. It’s become the prism with which most Nigerians are viewed and judged globally.</p>
<p>It stems from the country’s vulnerability in a specific category of cybercrime known as ‘419’ and its offshoots. Dr Mohamed Chawki, President of the International Association of Cybercrime Prevention, explains that <a href="https://link.springer.com/chapter/10.1007%2F978-3-319-15150-2_9#page-1">the term 419</a></p>
<blockquote>
<p>is coined from section 419 of the Nigerian criminal code dealing with fraud. Nowadays, the axiom ‘419’ generally refers to a complex list of offences which in ordinary parlance are related to stealing, cheating, falsification, impersonation, counterfeiting, forgery and fraudulent representation of facts. </p>
</blockquote>
<p>The most widely known component of ‘419’ is cyber fraud - the culprit behind the blanket labelling of most Nigerians as cyber-criminals.</p>
<p>But cybercrime in essence encompasses a wide range of crimes other than cyber fraud. These online crimes include cyber stalking, cyber hate speech, cyber espionage, cyber terrorism, cyber colonialism, revenge porn and cyber bullying among others. Nigeria is exclusively implicated in <a href="http://dx.doi.org/10.1016/j.ijlcj.2016.07.002">cyber fraud</a>. The country has no significant record of other forms of cyber crimes such as cyber espionage, cyber stalking and revenge porn found predominantly in Western nations. </p>
<p>The key point here is that the term ‘cybercrime’ is <a href="http://dx.doi.org/10.1016/j.ijlcj.2016.07.002">misleading</a> which is why it’s reasonable to call into question Nigeria’s reputation. It’s an image nonetheless buttressed by the US Federal Bureau of Investigation (FBI) and its <a href="https://www.ic3.gov/default.aspx">Internet Crime Complaint Centre</a> which has ranked Nigeria <a href="https://pdf.ic3.gov/2010_IC3Report.pdf">third</a> in the world behind the US and UK. </p>
<p>But the FBI centre’s claims are problematic because in Nigeria cybercrime is exclusively cyber fraud (or scam). What constitutes ‘cybercrime’ in most Western nations differs from the particularities of cybercrime in Nigeria. They differ possibly because jurisdictional cultures and nuances apply online as they do offline.</p>
<h2>Crime primarily driven by economic benefit</h2>
<p>Money is undoubtedly a primary motivation for online fraud. The <a href="http://dx.doi.org/10.1016/j.ijlcj.2016.07.002">primary benefit</a> of a Nigerian swindler is financial. That the problem is propelled by monetary pursuits is <a href="http://booksandjournals.brillonline.com/content/journals/10.1163/156853109x460192">well illustrated</a> in the examination of 150 scam letters by professor Afe Adogame of Princeton University. </p>
<p><a href="http://online.liebertpub.com/doi/abs/10.1089/cyber.2010.0307">Corruption</a> among some government officers and some high profiled politicians also plays a role. Corrupt practices promote cyber criminal activities.</p>
<p>Another contributory factor is the link between <a href="http://www.tandfonline.com/doi/abs/10.1080/19361610.2015.1004511">e-waste and online fraud</a>. E-waste refers to discarded electronic appliances such as mobile phones and computers. The dumping of e-waste from countries such the UK and the USA is common in Nigeria and Ghana and there’s a strong correlation between dumping and the physical locations of online fraud victims. </p>
<h2>The statistics are selective</h2>
<p>Why is Nigeria ranked the third worst nation for cybercrime perpetrators? </p>
<p>The FBI-run Internet Crime Complaint Centre was established in May 2000 to limit economic losses through internet crime. It acts primarily by reviewing victims’ complaints. These <a href="https://pdf.ic3.gov/2010_IC3Report.pdf">number</a> about 300,000 a year. </p>
<p>The centre’s data looks robust because they are drawn directly from victims. But this is deceptive. Of particular concern is the fact that complaints are exclusively framed by victims. This highlights the centre’s over-reliance on participants’ honesty and accuracy. </p>
<p>The data’s probity is also undermined by the fact that only a small percentage of people voluntarily report themselves as victims of cybercrime. Even the FBI has previously noted that globally <a href="https://pdf.ic3.gov/2014_IC3Report.pdf">less than 10%</a> of people report themselves as victims of cybercrime. </p>
<p>Apart from cybercrime being under-reported, the vast bulk of cybercrime goes <a href="http://www.vjolt.net/vol9/issue4/v9i4_a13-Brenner.pdf">undetected</a>. For example, people who see themselves as victims of law enforcement are unlikely to flag their predicament to the FBI. </p>
<p>Finally, it’s impossible to tell the extent to which the entire process is shaped by the media and political discourses which tend to amplify the moral panic about Nigerian 419 fraud. </p>
<p>Based on these underlining factors it’s reasonable to argue that the cybercrime league table is a simplified, limited and an incomplete representation. The claim that Nigeria is ranked third globally is therefore <a href="http://dx.doi.org/10.1016/j.ijlcj.2016.07.002">questionable</a>.</p>
<h2>Beyond the league tables</h2>
<p>Over 90% of crimes reported to the complaints centre between 2006 and 2010 were primarily about cyber-fraud. Under this specific category Nigeria was found to be the third most cited nation. But what if categories such as cyber espionage and cyber bullying were covered? Would the outcome be different? </p>
<p>A different approach might be useful. One such approach is the Tripartite Cybercrime Framework which I recently <a href="http://dx.doi.org/10.1016/j.ijlcj.2016.07.002">proposed</a>. This framework helps to simplify league table claims into a nuanced umbrella which includes categories such as, for example, socio-economic cybercrime and geopolitical cybercrime. </p>
<p>If the complaints centre’s reports were viewed through this lens, the results could be interpreted differently. This would, for example, lead to Nigeria being ranked third in the socio-economic category. And naturally in the geopolitical category Nigeria would be ranked much lower. It would also have positive impacts on efforts of law enforcement agencies in Nigeria such as the Economic and Financial Crime Commission <a href="http://efccnigeria.org/efcc/">EFCC</a> in controlling the activities of cyber criminals.</p>
<p>It’s of utmost importance for the term “cybercrime” to be revisited and re-defined because it has huge consequences. It has, for example, influenced the framing of most scholarly endeavours about Nigeria which echo the sense of <a href="http://www.emeraldinsight.com/doi/abs/10.1108/02640470810910738">‘moral panic’</a> over the ‘419’ phenomenon. It also affects how Nigeria is <a href="http://www.isa-sociology.org/uploads/imgen/330-e-bulletin-7.pdf">portrayed</a> in the western media and how it’s viewed in the world.</p>
<p>Given that repeating discourses normalise their claim, the problem is deep.</p><img src="https://counter.theconversation.com/content/73791/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Suleman Ibrahim is a doctoral researcher at Royal Holloway University of London, UK.</span></em></p>Nigeria’s cybercrime has been rated the third worst in the world primarily for ‘419’ fraud occurrences but the term encompasses a wide range of crimes, some more common in western nations.Suleman Ibrahim, PhD researcher, Information Security Group, Royal Holloway University of LondonLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/641092016-08-23T03:44:54Z2016-08-23T03:44:54ZThe victims’ verdict: what happens when they try to report online fraud<figure><img src="https://images.theconversation.com/files/134925/original/image-20160822-18702-1iunjpa.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Authorities need to do more when people try to report they're a victim of online fraud.</span> <span class="attribution"><span class="source">Shutterstock/SFIO CRACHO</span></span></figcaption></figure><p>Reporting a crime should not be as traumatic as the experience of the crime itself. But unfortunately this is the sad reality for many victims of online fraud. </p>
<p>Australians reported more than A$229 million lost to fraud according to a <a href="https://www.accc.gov.au/publications/targeting-scams-report-on-scam-activity/targeting-scams-report-of-the-accc-on-scam-activity-2015">report</a> published last year by the Australian Competition and Consumer Commission (ACCC).</p>
<p>But behind every statistic is a person, and there are millions of victims globally who experience a wide range of online fraud. </p>
<p>Romance fraud and investment fraud remain the two highest categories of victimisation in <a href="https://www.accc.gov.au/publications/targeting-scams-report-on-scam-activity/targeting-scams-report-of-the-accc-on-scam-activity-2015">Australia</a>, with offenders using the guise of genuine relationships or the offer of investment opportunities to coerce people to send their money. </p>
<p>It is well established that online fraud has a <a href="https://eprints.qut.edu.au/72186/1/tandi474.pdf">very low reporting rate</a>. Based on the results of research that we have <a href="http://www.crg.aic.gov.au/reports/201617.html#1314-29">published this month</a>, it is not difficult to see why.</p>
<p>It was the first Australian study to examine the reporting experiences and support needs of online fraud victims.</p>
<p>We spoke to 80 online fraud victims, aged from 30 to 77, from across Australia who had reported losses from A$10,000 to A$500,000 to <a href="https://www.scamwatch.gov.au/report-a-scam">Scamwatch</a>, part of the ACCC set up to help provide information and help on scams. The findings from this research shine a much needed light on current responses to and understandings of, online fraud. </p>
<h2>Difficulty in lodging a complaint</h2>
<p>Many victims we interviewed spoke of the frustration and anger they felt in trying to report their fraud to authorities.</p>
<p>Fraud is unique in that complaints can be lodged with a large number of agencies including police, consumer protection, banks and other financial institutions. </p>
<p>In reality, this meant that many victims were continually passed among agencies, with each one refusing to accept a report. As the interviews we conducted show:</p>
<blockquote>
<p><strong>Interview 21:</strong> There was no one. It did not matter what section of the police that I called, whether it was local or federal, state whatever there was no one there they just kept passing it onto someone else.</p>
<p><strong>Interview 48:</strong> I mean it was made pretty clear to me that there weren’t many places that were actually interested in your story anyway.</p>
<p><strong>Interview 59:</strong> So, that’s a pretty serious thing where you go along and say, ‘I’m 20 grand out of pocket and it’s fraud, and there’s criminal activity involved,’ and you go to the police and they say, ‘We won’t even accept your report.’</p>
</blockquote>
<p>Victims who were required to tell their story over and over again to no avail felt immense hurt and anger. When asked why victims had reported to Scamwatch, the response was simple. </p>
<blockquote>
<p><strong>Interview 50:</strong> And so I registered a report and you could only do that online, on Scamwatch. So that’s only an online thing which is a very impersonal thing. And that’s really a report rather than a ‘hey would somebody help me’. So I did that.</p>
<p><strong>Interview 52:</strong> It [Scamwatch] was the last person I reported it to. I wasn’t expecting anything anymore.</p>
</blockquote>
<p>It appears the majority of victims reported to the Scamwatch website as it was an online tool that did not require any personal intervention, therefore, victims could not be turned away. </p>
<p>But a report to Scamwatch does not initiate any type of investigation or receive a type of response desired by those reporting in the first place. </p>
<h2>Victim blaming</h2>
<p>There is a strong <a href="https://eprints.qut.edu.au/83702/">victim blaming attitude</a> against online fraud victims and a <a href="https://eprints.qut.edu.au/61011/">negative stereotype</a> that portrays victims as greedy, gullible and to blame for their victimisation. Sadly, this was readily apparent in our research findings. </p>
<blockquote>
<p><strong>Interview 27:</strong> I said it was an investment fraud and she [the police officer] said she had much more important things than that to deal with. [She said] ‘We have people robbed at knife point’. I said [I had been defrauded of] A$20,000. She said, ‘but you gave it away sir’, and I said, ‘I didn’t give it away, it was an investment’. She said it was voluntary and I gave it away.</p>
<p><strong>Interview 43:</strong> I expect [the police] to be sympathetic, but these two police guys, they just laugh, I was humiliated […] I submitted a police report, and I made a statement and they tell me ‘we cannot do anything about this with you and your lover boy in [overseas country], you just write to Scamwatch’.</p>
</blockquote>
<p>These are two examples in which victims were directly blamed for their situation. The reaction of authorities to these victims exacerbated the level of trauma and harm they were already experiencing.</p>
<p>These two instances are by no means isolated events, with the vast majority of our 80 participants reporting similar experiences. </p>
<h2>More than money</h2>
<p>The impact of online fraud can be devastating. Far from simple monetary losses, victims experience a deterioration of physical health and well-being, depression, relationship breakdown, unemployment, homelessness and in extreme cases can take their own lives. </p>
<p>Despite the severity of harm suffered, there are limited support services globally to assist in recovery. This was painfully demonstrated in our current research.</p>
<blockquote>
<p><strong>Interview 49:</strong> I [was] sort of really despairing and about to commit suicide […] I was desperate, I mean I was considering suicide. I was that distraught with what I’d actually done.</p>
</blockquote>
<p>This example is not a unique event, with a small number of victims in our study admitting to suicidal thoughts. </p>
<p>Their ability to seek support, either informally or formally, was restricted, based on the shame and embarrassment of being a victim, anxiety about how others would react and a lack of knowledge about where they might seek help. </p>
<h2>Moving forward</h2>
<p>These findings have highlighted the traumatic and overwhelmingly negative experiences that victims face when attempting to report online fraud. They demonstrate a clear need for change to improve the current response.</p>
<p>Since our victim interviews, the Australian Cybercrime Online Reporting Network (<a href="https://www.acorn.gov.au/">ACORN</a>) has been established. This is now the central reporting mechanism for all cybercrime in Australia, which includes online fraud.</p>
<p>While this is a positive step forward, it is unlikely to resolve the many issues that we identified in our research. </p>
<p>Victims clearly articulate a need to be acknowledged and to be heard. This doesn’t require any additional resources on the part of any agency. Rather it requires a shift in thinking about online fraud victimisation – one that recognises the skill of offenders in manipulating and exploiting victims and doesn’t attribute blame to victims themselves. </p>
<p>There is also a need to establish support services to assist victims with recovery. Too often, victims suffer in silence and isolation.</p>
<p>Online fraud is a complex issue and one that is unlikely to recede in coming years. Our research suggests there is a long way to go to improving current responses to this type of victim.</p>
<hr>
<p><em>The authors wish to acknowledge <a href="http://www.aic.gov.au/about_aic/research_programs/staff/smith_russell.html">Dr Russell G Smith</a>, from the Australian Institute of Criminology, who contributed to the original <a href="http://www.crg.aic.gov.au/reports/201617.html#1314-29">research project</a> on which this article is based.</em></p><img src="https://counter.theconversation.com/content/64109/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Cassandra Cross received funding from the Criminology Research Grant Scheme to complete this research project.
</span></em></p><p class="fine-print"><em><span>Kelly Richards received funding from the Criminology Research Grant Scheme to undertake this project. </span></em></p>Victims of online fraud say they’re passed from one authority to another when they try to report it, and they’re still made to feel they are to blame for being caught out by a scam.Cassandra Cross, Senior Lecturer in Criminology, Queensland University of TechnologyKelly Richards, Senior lecturer, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/631422016-08-02T16:19:55Z2016-08-02T16:19:55ZDo you know what you’re paying for? How contactless cards are still vulnerable to relay attack<figure><img src="https://images.theconversation.com/files/132830/original/image-20160802-17190-tjhoo3.png?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">With home-made sleight-of-hand, it’s possible that the cardholder may buy more than they bargained for.</span> <span class="attribution"><span class="license">Author provided</span></span></figcaption></figure><p>Contactless card payments are fast and convenient, but convenience comes at a price: they are vulnerable to fraud. Some of these vulnerabilities are unique to contactless payment cards, and others are shared with the Chip and PIN cards – those that must be plugged into a card reader – upon which they’re based. Both are vulnerable to what’s called a <a href="http://sec.cs.ucl.ac.uk/users/smurdoch/talks/ccc07relayattacks.pdf">relay attack</a>. The risk for contactless cards, however, is far higher because no PIN number is required to complete the transaction. Consequently, the card payments industry has been working on ways to solve this problem.</p>
<p>The relay attack is also known as the “chess grandmaster attack”, by analogy to the <a href="http://en.chessbase.com/post/the-magical-che-experiment">ruse</a> in which someone who doesn’t know how to play chess can beat an expert: the player simultaneously challenges two grandmasters to an online game of chess, and uses the moves chosen by the first grandmaster in the game against the second grandmaster, and vice versa. By relaying the opponents’ moves between the games, the player appears to be a formidable opponent to both grandmasters, and will win (or at least force a draw) in one match.</p>
<p>Similarly, in a relay attack the fraudster’s fake card doesn’t know how to respond properly to the payment terminal because, unlike a genuine card, it doesn’t contain the cryptographic key known only to the card and the bank that verifies the card is genuine. But like the fake chess grandmaster, the fraudster can relay the communication of the genuine card in place of the fake card. </p>
<p>For example, the victim’s card (Alice, in the diagram below) would be in a fake or hacked card payment terminal (Bob) and the criminal would use the fake card (Carol) to attempt a purchase in a genuine terminal (Dave). The bank would challenge the fake card to prove its identity, this challenge is then relayed to the genuine card in the hacked terminal, and the genuine card’s response is relayed back on behalf of the fake card to the bank for verification. The end result is that the terminal used for the real purchase sees the fake card as genuine, and the victim later finds an unexpected and expensive purchase on their statement.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/132810/original/image-20160802-17177-12o458d.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/132810/original/image-20160802-17177-12o458d.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=261&fit=crop&dpr=1 600w, https://images.theconversation.com/files/132810/original/image-20160802-17177-12o458d.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=261&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/132810/original/image-20160802-17177-12o458d.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=261&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/132810/original/image-20160802-17177-12o458d.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=328&fit=crop&dpr=1 754w, https://images.theconversation.com/files/132810/original/image-20160802-17177-12o458d.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=328&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/132810/original/image-20160802-17177-12o458d.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=328&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">The relay attack, where the cards and terminals can be at any distance from each other.</span>
<span class="attribution"><span class="license">Author provided</span></span>
</figcaption>
</figure>
<h2>Demonstrating the grandmaster attack</h2>
<p>I first demonstrated that this vulnerability was real with my colleague <a href="http://www.saardrimer.com/sd410/">Saar Drimer</a> at Cambridge, showing on television how the attack could work <a href="https://www.youtube.com/watch?v=X7pjUIxKoEc">in Britain in 2007</a> and <a href="https://vimeo.com/8241248">in the Netherlands in 2009</a>.</p>
<p>In our scenario, the victim put their card in a fake terminal thinking they were buying a coffee when in fact their card details were relayed by a radio link to another shop, where the criminal used a fake card to buy something far more expensive. The fake terminal showed the victim only the price of a cup of coffee, but when the bank statement arrives later the victim has an unpleasant surprise.</p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/X7pjUIxKoEc?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
</figure>
<p>At the time, the banking industry agreed that the vulnerability was real, but argued that as it was difficult to carry out in practice <a href="https://www.finextra.com/news/fullstory.aspx?newsitemid=16466">it was not a serious risk</a>. It’s true that, to avoid suspicion, the fraudulent purchase must take place within a few tens of seconds of the victim putting their card into the fake terminal. But this restriction only applies to the Chip and PIN contact cards available at the time. The same vulnerability applies to today’s contactless cards, only now the fraudster need only be physically near the victim at the time – contactless cards can communicate at a distance, even while the card is in the victim’s pocket or bag.</p>
<p>While we had to build hardware ourselves (from off-the-shelf components) to demonstrate the relay attack, today it can be carried out with any modern smartphone equipped with <a href="http://www.techradar.com/news/phone-and-communications/what-is-nfc-and-why-is-it-in-your-phone-948410">near-field communication chips</a>, which can read or imitate contactless cards. All a criminal needs is two cheap smartphones and some software – which could be sold on the black market, if it is not already available. This change is likely the reason why, years after our demonstration, the industry has developed a defence against the relay attack, but only for contactless cards. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/132811/original/image-20160802-428-1e8u9u8.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/132811/original/image-20160802-428-1e8u9u8.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/132811/original/image-20160802-428-1e8u9u8.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=322&fit=crop&dpr=1 600w, https://images.theconversation.com/files/132811/original/image-20160802-428-1e8u9u8.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=322&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/132811/original/image-20160802-428-1e8u9u8.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=322&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/132811/original/image-20160802-428-1e8u9u8.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=405&fit=crop&dpr=1 754w, https://images.theconversation.com/files/132811/original/image-20160802-428-1e8u9u8.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=405&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/132811/original/image-20160802-428-1e8u9u8.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=405&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A rigged payment terminal capable of performing the relay attack can be made from off-the-shelf components.</span>
<span class="attribution"><span class="license">Author provided</span></span>
</figcaption>
</figure>
<h2>Closing the loophole</h2>
<p>The industry’s defence is <a href="http://www.cl.cam.ac.uk/research/security/banking/relay/">based on a design</a> that Saar and I developed at the same time that we demonstrated the vulnerability, called distance bounding. When the terminal challenges the card to prove its identity, it measures how long the card takes to respond. During a genuine transaction there should be very little delay, but a fake card will take longer to respond because it is relaying the response of the genuine card, located much further away. The terminal will notice this delay, and cancel the transaction. </p>
<p>We set the maximum delay to 20 nanoseconds – the time it takes a radio signal to travel six metres; this would guarantee the genuine card is no further away than this from the terminal. However, the contactless card designers made some compromises in order to be compatible with the hundreds of thousands of terminals already in use, which allows far less precise timing. The <a href="http://www.emvco.com/download_agreement.aspx?id=1238">new, updated card specification</a> sets the maximum delay the terminal allows at two milliseconds: that’s two million nanoseconds, during which a radio signal could travel 600 kilometres.</p>
<p>Clearly this doesn’t offer the same guarantees as our design, but it would still represent a substantial obstacle to criminals. While it’s enough time for the radio signal to travel far, it’s still a very short window for the software to process the transaction. When we demonstrated the relay attack it regularly introduced delays of hundreds or even thousands of milliseconds.</p>
<p>It will be years before the new secure cards reach customers, and even then only some: there is only one Chip and PIN specification, but there are <a href="https://pomcor.com/2014/09/20/apple-pay-must-be-using-the-mag-stripe-mode-of-the-emv-contactless-specifications/">seven specifications for contactless cards</a>, and only the MasterCard variant includes this defence. It’s not perfect, but it makes pragmatic compromises that should prevent smartphones being used by fraudsters as tools for the relay attack. The sort of custom-designed hardware that could still defeat this protection would require expertise and expense to build – and the banks will hope that they can stay ahead of the criminals until the arrival of whatever replaces contactless cards in the future.</p><img src="https://counter.theconversation.com/content/63142/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Steven J. Murdoch is a member of The Tor Project and employee of VASCO.</span></em></p>A loophole in a change to contactless card to prevent fraud had this security sleuth on the case.Steven J. Murdoch, Royal Society University Research Fellow, UCLLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/596702016-05-19T05:36:10Z2016-05-19T05:36:10ZWhy we need to do more for the victims of online fraud and scams<figure><img src="https://images.theconversation.com/files/123139/original/image-20160519-22310-1ld1xrg.jpg?ixlib=rb-1.1.0&rect=939%2C0%2C3285%2C1776&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Online fraud can lead to desperate measures for the victims so we need to do more to help them.</span> <span class="attribution"><span class="source">Shutterstock/Photographee.eu</span></span></figcaption></figure><p>As we come to the end of <a href="https://www.scamwatch.gov.au/news/wise-up-to-scams-national-consumer-fraud-week-2016">National Consumer Fraud Awareness Week</a>, I can’t help but reflect on my own work researching this difficult and often fraught area.</p>
<p>Imagine if you had a close friend or relative who went online looking for a relationship. They find someone special, spend weeks, months and even years dating, communicating via email, Skype, telephone and text.</p>
<p>At some stage, they are asked for a small amount of money for a medical emergency, a family drama or one of many other possible scenarios. Without hesitation, they comply. </p>
<p>Before long, they have lost everything, including their savings or their superannuation, and are now left with a second mortgage on the family home.</p>
<p>Or imagine if your partner was approached with an investment opportunity. They do their research, do “due diligence”, and it seems to check out. There are glossy brochures, a website of testimonials, and an array of staff to whom they speak on a regular basis. </p>
<p>So they invest thousands of dollars and are able to log in to an account to track the progress of their investment. But one day the website disappears – along with all of your combined savings.</p>
<h2>A common story</h2>
<p>These stories are not unique and they are, by no means, uncommon. </p>
<p>For the past eight years, I have been researching online fraud. Much of my work has been done sitting at kitchen tables across Australia, as victims share intimate details of their fraud and the impact it has had on their lives with me. </p>
<p>For many, it was the first time they were able to talk about what had happened. The shame and stigma associated with fraud victimisation means that most suffer in silence. </p>
<p>Despite what you may think, these are not foolish people. They are intelligent and educated. And they are successful. </p>
<p>They simply made one decision that saw everything unravel, and this one decision became the defining moment of their life.</p>
<p>With fraud, there are obvious financial losses. But it also affects their physical health and their psychological well-being, with all experiencing some degree of depression.</p>
<p>It can lead to relationship breakdown, unemployment and homelessness. In worst case scenarios, victims take their own lives.</p>
<p>It is hard to imagine that we currently have a justice system, where the barriers to reporting fraud outweigh the ability of victims to be heard and where fraud victims are often directly blamed for their situation. Where what has happened is trivialised, minimised or not even acknowledged, by law enforcement, other agencies, families and friends. </p>
<p>But this is the stark reality for most victims.</p>
<h2>Think of the victims</h2>
<p>The stories the victims tell me clearly highlight the inadequacies of the current system and should provide a much needed catalyst for change.</p>
<p>It is impossible not to be moved by their experiences as they detail the many hardships they have faced, both as a result of fraud, and as a result of the current system and societal responses to their victimisation.</p>
<p>I am often invited to share my research with Probus, Rotary and Neighbourhood Watch meetings. Without fail, I will have someone privately share their own personal story, a confession of their own victimisation experience. </p>
<p>It illustrates the importance of talking about fraud in a non-threatening and non-judgemental manner. It is about giving reassurance and legitimacy to those who have experienced this, to know that they are not alone.</p>
<p>In my most recent <a href="http://crg.aic.gov.au/applications/Current_Recent_Research.pdf">project</a>, a colleague and I interviewed 80 fraud victims across Australia, who had each lost A$10,000 or more.</p>
<p>Participants were genuinely shocked that there were another 79 people across Australia who had experienced a similar incident. I know the statistics and 80 victims doesn’t even begin to encompass all of those who are find themselves victims of fraud.</p>
<p>The Australian Competition and Consumer Commission released its <a href="http://www.accc.gov.au/publications/targeting-scams-report-on-scam-activity/targeting-scams-report-of-the-accc-on-scam-activity-2015">annual report</a> earlier this week, quoting losses of more than <a href="http://www.accc.gov.au/media-release/australians-lose-over-229-million-to-scams-in-2015">A$229 million</a> to fraud and scams in 2015 alone.</p>
<p>We know that fraud has one of the <a href="http://link.springer.com/article/10.1007%2Fs10611-008-9112-x">lowest reporting rates</a> across all crime categories, with less than one third ever reported. So this is likely the tip of a giant iceberg. </p>
<p>Despite the statistics, fraud remains hidden. Too often the dominant discourse around fraud is that of victim blaming. This excludes the role of the offender, who deceived the victim, and who manipulated and exploited them for financial gain.</p>
<h2>Time for change</h2>
<p>We need a shift in thinking to recognise fraud for the crime it is and as one that places culpability on the offenders who deserve it.</p>
<p>I am in a privileged position where victims have entrusted me with their stories. They have opened up to me to share the overwhelmingly painful and traumatic experiences of their victimisation. </p>
<p>Many have done this with the hope of assisting others and of improving the situation for other fraud victims. </p>
<p>I am also in a privileged position where I can share their stories. I have the power to advocate for change on their behalf, to give them a voice out of the silence.</p>
<p>Despite the heartache and trauma, I am optimistic for the future. I am continually reminded of the courage and bravery of fraud victims who speak to me, and who sometimes go public with their story. </p>
<p>It is the strength of these victims that motivates me to pursue this work. While I cannot prevent their victimisation, I can seek to influence the response to these victims and the level of support they are able to access.</p>
<p>There are pockets of work being done by some authorities that provide hope. <a href="http://www.scamnet.wa.gov.au/scamnet/Fight_Back-Project_Sunbird.htm">Project Sunbird</a> in Western Australia and a dedicated <a href="https://fraudandcybersafety.com.au/support_and_recovery/">fraud support group</a> run by the Queensland Police Service are worthy examples. But this is limited and there is much more that can be done to improve the situation of fraud victims. </p>
<p>It is my hope that my research will contribute to the change that needs to occur, for fraud victims to be acknowledged and receive a response that is commensurate with the harm they have experienced, rather than one that exacerbates the trauma they have already suffered.</p>
<p>Think back to your friend, relative or partner. If they were victims of fraud, how would you like them to be treated? What type of response to their victimisation would you want them to experience? </p>
<p>It is likely that you think they deserve better than what is currently on offer and my ongoing challenge is to improve that.</p><img src="https://counter.theconversation.com/content/59670/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Cassandra Cross receives funding from the Criminology Research Grant Scheme. </span></em></p>Too often the impact of online fraud on people is trivialised, minimised or not even acknowledged by law enforcement agencies, families and friends. But we can do more to help them.Cassandra Cross, Senior Lecturer in Criminology, Queensland University of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/591892016-05-12T11:31:25Z2016-05-12T11:31:25ZOn the hunt for Facebook’s army of fakes<figure><img src="https://images.theconversation.com/files/122136/original/image-20160511-18123-1jms6ev.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Ever wonder why so many people like certain Facebook pages, no matter how boring or badly updated they are? They could well be the subject of “like farming”, the process of artificially inflating the number of Facebook page likes. </p>
<p>Researchers like myself have developed computer algorithms that can tell genuine likes from artificial ones generated by farm-controlled accounts. But it turns out that more sophisticated farms are evading detection tools, including those deployed by Facebook itself. So we’ve now developed an experimental way of looking for farmed accounts, including those that are run by real human users.</p>
<p>Facebook pages allow their owners to publicise products and events, communicate with customers and fans and promote themselves using targeted ads. <a href="http://fortune.com/2015/04/30/facebook-small-business/">More than 40m</a> small businesses reportedly have active pages, and almost 2m of them use Facebook’s advertising platform possibly to broaden their audience and engage with more customers.</p>
<p>If someone wants to quickly increase their page’s number of likes, they can also purchase them from farmers for between around $10 (£7) and $100 (£70) per 100 likes, depending on whether they want to target specific regions. For example, likes from US-based accounts are usually more expensive. You can even buy entire pre-liked pages with large numbers of followers that you can then adapt to promote your own organisation. While these paid-for likes may not come from engaged customers, they can make the page or its owner appear more popular, in turn increasing its appeal to potential customers or followers.</p>
<p>There are several ways that farms can generate fake likes, and the method they use significantly affects both their cost and how hard it is to detect them. One obvious way is to create fake accounts, although this is somewhat cumbersome because Facebook has checks in place, such as having to <a href="https://www.facebook.com/notes/facebook-security/an-explanation-of-captchas/36280205765/">input a code</a> displayed on screen or sent to a mobile phone, to prevent this being done automatically by computer “bots”. Another strategy is to take control of real accounts whose passwords have been <a href="https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/viswanath">leaked or captured</a> using software that spies on people’s computers.</p>
<p>But, importantly, there are also networks of real users who will like pages on request in return for other services or small payments. And you can lure users to like a page by promising them access to lotteries, discounts or exclusive content.</p>
<p>Different farms also use different strategies <a href="http://arxiv.org/abs/1409.2097">to avoid detection</a>. Some deliver likes in bursts and employ accounts that are not really connected to the rest of the social network, making them easier to spot. Others use a stealthier approach, mimicking regular users’ behaviour such as liking genuinely popular pages and paid adverts. Each account only likes a small number of pages and relies on many accounts, each connected with many different friends, to gradually deliver likes.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/122144/original/image-20160511-18150-a7xxdl.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/122144/original/image-20160511-18150-a7xxdl.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/122144/original/image-20160511-18150-a7xxdl.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/122144/original/image-20160511-18150-a7xxdl.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/122144/original/image-20160511-18150-a7xxdl.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/122144/original/image-20160511-18150-a7xxdl.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/122144/original/image-20160511-18150-a7xxdl.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">The local yodelling society’s page was suspiciously popular.</span>
<span class="attribution"><span class="source">Shutterstock</span></span>
</figcaption>
</figure>
<p>This strategy of using fake accounts to like genuinely popular pages can cause embarrassment if exposed. For example, Hillary Clinton was criticised when her Facebook account suddenly received thousands of likes from <a href="http://www.alternet.org/election-2016/sanders-has-army-die-hard-facebook-fans-while-clintons-campaign-trying-buy-popularity">Thailand and Myanmar</a> overnight. But it can also harm legitimate Facebook users running advertising campaigns, who pay for clicks from real users but receive them from fake ones.</p>
<p>In an attempt to counter farming, Facebook, in collaboration with university researchers, has developed and deployed several tools to detect spam and fake likes. One, <a href="http://alexbeutel.com/papers/www2013_copycatch.pdf">called CopyCatch</a>, detects groups of fraudsters acting together, generally liking the same pages at around the same time. Another method, <a href="https://users.cs.duke.edu/%7Eqiangcao/synchrotrap_project/index.html">called SynchroTrap</a>, relies on the fact that malicious accounts usually perform similar actions around the same time. So the algorithm can detect these fakes when it spots a cluster of them acting together over a sustained period of time.</p>
<p>The problem is that these methods are unlikely to spot the stealthier (and more expensive) farms that rely on the accounts of real people rather than fake or compromised profiles. This is because focusing on activity patterns of pages and users fails to capture important characteristics of these “real” accounts used by the farms. These profiles are often created mainly as a money-making tool and so their activity is different from a typical account used for social networking.</p>
<h2>Not so “real” users</h2>
<p>In our <a href="http://arxiv.org/pdf/1506.00506.pdf">recent study</a>, my colleagues and I set out to address this gap by looking at how and what users post on Facebook, in order to improve the accuracy of detection mechanisms. We found that posts made by these “real” farm accounts had fewer words, a more limited vocabulary, and lower readability than normal users’ posts. Their posts were also highly focused on some specific topics, generate significantly more comments and likes, and a large fraction of their activity was simply sharing content such as articles, videos and posts made by other users.</p>
<p>We then trained machine-learning algorithms to use these patterns to analyse a set of accounts we knew included farmed likes. We found that the algorithms were nearly perfectly accurate at detecting farm accounts, including the more stealthy “real” ones. </p>
<p>We’ve yet to see if the same techniques could be used to accurately detect farmed likes across Facebook’s 1.2 billion users and many billions more posts. What we may find is that as these techniques become better at spotting farmed accounts, those accounts find new ways of changing their posting behaviour to become even better at mimicking “innocent” users, in an economic game of cat and mouse. The question is how much this will cost them and whether creating even more realistic farmed accounts will be worth it.</p><img src="https://counter.theconversation.com/content/59189/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Emiliano De Cristofaro receives funding from the EPSRC, RCUK, Xerox, Google, and the EU. </span></em></p>Crafty new detection methods could help make ‘like farming’ a thing of the past.Emiliano De Cristofaro, Senior Lecturer in Security and Privacy (Computer Science), UCLLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/582082016-04-21T04:32:58Z2016-04-21T04:32:58ZThe Cyber Security Strategy is only a small step in the right direction<figure><img src="https://images.theconversation.com/files/119580/original/image-20160421-8026-149i5q7.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Cyber crime costs the Australian economy millions of dollars a year.</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Prime Minister Malcolm Turnbull today released the government’s <a href="https://cybersecuritystrategy.dpmc.gov.au/assets/img/PMC-Cyber-Strategy.pdf">Cyber Security Strategy</a>. A total of A$230 million will be spent over the next four years to “enhance Australia’s cyber security capability and deliver new initiatives”. </p>
<p>The initiatives generally involve improving Australia’s general awareness and capabilities to defend against cybersecurity attacks, and potentially launch its own cyberattacks.</p>
<p>More specifically, they involve partnering with the private sector in setting the “strategic agenda through annual Cyber Security meetings”. </p>
<p>This partnership will extend to participation in the <a href="https://www.acsc.gov.au/">Australian Cyber Security Centre</a>, which will be moved to a new facility. It will also involve sharing more information between security agencies and the private sector.</p>
<p>There will be increased funding of research into the economic costs of cyberattacks in order to allow organisations to manage investment in cybersecurity defences. </p>
<p>The Computer Emergency Response Team (<a href="https://www.cert.gov.au/">CERT</a>) will be bolstered, along with extra funding for the Australian Signals Directorate (<a href="http://www.asd.gov.au/">ASD</a>), Australian Crime Commission (<a href="https://crimecommission.gov.au/">ACC</a>) and Australian Federal Police (<a href="http://www.afp.gov.au/">AFP</a>) for increased expertise and improved ability to detect and defend against cybersecurity vulnerabilities. </p>
<p>Another element of the strategy is to expand Australia’s ability to grow its own cybersecurity industry through increased funding for research and development in this area. A <a href="http://www.innovation.gov.au/page/cyber-security-growth-centre">Cyber Security Growth Centre</a> will be established to add to the existing <a href="http://www.business.gov.au/advice-and-support/IndustryGrowthCentres/Pages/default.aspx">Industry Growth Centres</a>.</p>
<p><a href="http://www.csiro.au/en/Research/D61">Data61</a> will receive more funding to focus on cybersecurity innovation, and universities will also receive funding for training, research and education of undergraduate and postgraduates in the area of cybersecurity. </p>
<h2>Reading between the lines</h2>
<p>Although this new investment in cybersecurity will be generally welcomed, there are <a href="http://www.itnews.com.au/news/revealed-australias-new-cyber-security-strategy-418000">already</a> questions about whether it is going to be enough to do the job. </p>
<p>The US this year announced a <a href="http://www.reuters.com/article/us-obama-budget-cyber-idUSKCN0VI0R1">US$5 billion increase in funding for cybersecurity</a> to US$19 billion, and the UK last year pledged <a href="https://www.gov.uk/government/speeches/chancellors-speech-to-gchq-on-cyber-security">£1.9 billion</a> to the same cause.</p>
<p>Another question in response to the strategy is what exactly is meant by championing an “open, free and secure internet”. The definition of “open and free” likely depends on your particular point of view. </p>
<p>The government’s strategy calls for an “Australian Cyber Ambassador” to lead national efforts to ensure the internet is free from censorship, but also to support privacy and the rule of law. </p>
<p>But would upholding privacy extend to stopping the government from surveillance activities on its own citizens? Clearly, this would be at odds with the government’s <a href="https://www.ag.gov.au/dataretention">metadata retention legislation</a>. </p>
<p>“Open and free” may also not extend to any radical changes in the application of shutting down access to pirate sites distributing <a href="https://theconversation.com/from-convicts-to-pirates-australias-dubious-legacy-of-illegal-downloading-39912">illegal or pirated content</a>. </p>
<h2>Safe havens</h2>
<p>Another interesting question is what’s meant by the desire to shut down cyber criminal “safe havens”. </p>
<p>The report mentions that attacks often originate from overseas, but it is not clear how a country would go about shutting down attacks originating from China, for example. </p>
<p>One intriguing possibility is that an anonymised network like [Tor](<a href="https://theconversation.com/au/topics/tor">https://www.torproject.org/</a> could potentially be shut down. Tor has long been recognised as a haven for cybercriminals and, increasingly, the starting point for <a href="https://blog.cloudflare.com/the-trouble-with-tor/">cyberattacks</a>. </p>
<p>Security researchers have already <a href="http://www.itnews.com.au/news/close-door-on-tor-or-face-liability-for-threats-researchers-408435">stepped</a> up calls for businesses to block Tor traffic as a protective measure. </p>
<p>The cybersecurity strategy also hints at the fact that Australia has, or is in the process of developing, a cyber offensive capability. This is the first time this capability has been publicly alluded to. </p>
<p>The increased focus on cybersecurity is a much needed initiative. The threat of cyberattacks affects individuals and organisations alike. And, like other threats to our environment, if left unchecked, they could significantly hinder society’s ability to function normally and to continue growing. </p>
<p>Our reliance on technology is now a given and cybersecurity is as important a consideration as protecting our health, food and water sources and general environment. From that perspective, the cybersecurity strategy is a welcome but very small step in the right direction.</p><img src="https://counter.theconversation.com/content/58208/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David Glance does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Cyber security is now a priority for the government, with $230 million committed to its new Cyber Security Strategy. But is it enough?David Glance, Director of UWA Centre for Software Practice, The University of Western AustraliaLicensed as Creative Commons – attribution, no derivatives.