John Fairheart
24 October 2005, 22:53
Story Here (http://news.bbc.co.uk/1/hi/technology/2308887.stm)
Fake bank website cons victims
Tuesday, 8 October, 2002, 09:43 GMT 10:43 UK
West African criminals have used a fake version of a British bank's online service to milk victims of cash, say police.
The fake site was used to squeeze more money out of people they had already hooked.
The site has been shut down. But UK National Criminal Intelligence Service, (NCIS), said at least two Canadians had lost more than $100,000 after being taken in by the fake website.
The scam behind the fake web domain was the familiar one that offers people a share of the huge sums of money they need moved out of various African nations.
NCIS said the use of the web was helping the conmen hook victims that would otherwise spot the scam.
Convincing site
News of this latest scam was revealed by BBC Radio5Live. It found that an unclaimed web domain of a UK bank had been used by conmen to get more cash out their victims.
A NCIS spokesman said the domain looked legitimate because it had "the" in front of the bank's name.
"I have seen the microsite myself and it's very sophisticated," said the NCIS spokesman. "It's very convincing especially to people not very experienced online."
Once the con was discovered it was quickly shut down. However, the people behind it have not been caught.
NCIS does know that at least two people have lost more than $100,000.
The bank involved has bought up the domain used in the con as well as many other permutations of its name to limit the chance it could happen again.
"Web spoofing is going to be a big problem," said the NCIS spokesman.
Domain games
Usually people are first hooked in to what has become known as Advanced Fee or 419 fraud by replying to an unsolicited fax or e-mail offering a share of any cash successfully moved out of Africa.
The '419' refers to the part of the Nigerian penal code dealing with such crimes.
Like any con, there is no money to be moved at all and instead anyone taking the bait is asked to pay increasingly large sums to supposedly bribe uncooperative officials and to smooth the passage of the cash.
Although this con has been practiced for years, people still fall victim to it.
NCIS estimates that up to five Americans are sitting in hotel lobbies in London everyday waiting to meet people connected with this con.
Cutting edge fraud
Often the conmen provide fake banking certificates to give the con an air of legitimacy.
But a spokesman for NCIS said fake or spoof websites are now being used in place of the certificates.
"To many people nowadays the cutting edge of banking technology is web technology," said the spokesman.
One of the first groups of conmen to use this method set up a fake website that supposedly gave victims access to accounts held at the South African Reserve Bank, the country's national bank.
Typically, victims are given a login name and password and are encouraged to visit the site so they can see that the cash they are getting a share of has been deposited in their name.
But before they can get their hands on the cash, the victims are typically asked to hand over more of their own money to help the transfer go ahead.
Once the South African police discovered the ruse they declared it a national priority crime and soon arrested the 18 people behind it.
Modern gloss
An briefing paper prepared by NCIS in August on organised crime noted that criminals were increasingly turning to the web to lure new victims and give old cons a modern gloss.
The NCIS spokesman urged people who have fallen victim to 419 fraud to come forward and help it track down the perpetrators. He said in the last two months it had arrested 24 people overseas involved with this type of fraud.
He said any e-mail, fax or letter making an offer that looks to good too be true, undoubtedly is.
One of the first companies to fall victim to website spoofing was net payment service Paypal.
Conmen set up a fake site and asked people to visit and re-enter their account and credit card details because Paypal had lost the information.
The website link included in the e-mail looked legitimate but in fact directed people to a fake domain that gathered details for the conmen's personal use.
Fake bank website cons victims
Tuesday, 8 October, 2002, 09:43 GMT 10:43 UK
West African criminals have used a fake version of a British bank's online service to milk victims of cash, say police.
The fake site was used to squeeze more money out of people they had already hooked.
The site has been shut down. But UK National Criminal Intelligence Service, (NCIS), said at least two Canadians had lost more than $100,000 after being taken in by the fake website.
The scam behind the fake web domain was the familiar one that offers people a share of the huge sums of money they need moved out of various African nations.
NCIS said the use of the web was helping the conmen hook victims that would otherwise spot the scam.
Convincing site
News of this latest scam was revealed by BBC Radio5Live. It found that an unclaimed web domain of a UK bank had been used by conmen to get more cash out their victims.
A NCIS spokesman said the domain looked legitimate because it had "the" in front of the bank's name.
"I have seen the microsite myself and it's very sophisticated," said the NCIS spokesman. "It's very convincing especially to people not very experienced online."
Once the con was discovered it was quickly shut down. However, the people behind it have not been caught.
NCIS does know that at least two people have lost more than $100,000.
The bank involved has bought up the domain used in the con as well as many other permutations of its name to limit the chance it could happen again.
"Web spoofing is going to be a big problem," said the NCIS spokesman.
Domain games
Usually people are first hooked in to what has become known as Advanced Fee or 419 fraud by replying to an unsolicited fax or e-mail offering a share of any cash successfully moved out of Africa.
The '419' refers to the part of the Nigerian penal code dealing with such crimes.
Like any con, there is no money to be moved at all and instead anyone taking the bait is asked to pay increasingly large sums to supposedly bribe uncooperative officials and to smooth the passage of the cash.
Although this con has been practiced for years, people still fall victim to it.
NCIS estimates that up to five Americans are sitting in hotel lobbies in London everyday waiting to meet people connected with this con.
Cutting edge fraud
Often the conmen provide fake banking certificates to give the con an air of legitimacy.
But a spokesman for NCIS said fake or spoof websites are now being used in place of the certificates.
"To many people nowadays the cutting edge of banking technology is web technology," said the spokesman.
One of the first groups of conmen to use this method set up a fake website that supposedly gave victims access to accounts held at the South African Reserve Bank, the country's national bank.
Typically, victims are given a login name and password and are encouraged to visit the site so they can see that the cash they are getting a share of has been deposited in their name.
But before they can get their hands on the cash, the victims are typically asked to hand over more of their own money to help the transfer go ahead.
Once the South African police discovered the ruse they declared it a national priority crime and soon arrested the 18 people behind it.
Modern gloss
An briefing paper prepared by NCIS in August on organised crime noted that criminals were increasingly turning to the web to lure new victims and give old cons a modern gloss.
The NCIS spokesman urged people who have fallen victim to 419 fraud to come forward and help it track down the perpetrators. He said in the last two months it had arrested 24 people overseas involved with this type of fraud.
He said any e-mail, fax or letter making an offer that looks to good too be true, undoubtedly is.
One of the first companies to fall victim to website spoofing was net payment service Paypal.
Conmen set up a fake site and asked people to visit and re-enter their account and credit card details because Paypal had lost the information.
The website link included in the e-mail looked legitimate but in fact directed people to a fake domain that gathered details for the conmen's personal use.