"If a fraudster or fraud ring can sucessfully perpetrate fraud, you can pretty much assume they will continue to do so until you stop them." - D. Montague
Profiling three cases we look at the 'typical' cybercriminal, a computer savvy male under 30, and why they continue to engage in cybercrime even after being caught once before. Getting into the mindset of a cybercriminal can help you stop them.
Press Release:I Got You Once, and I will get you Again!
Red Bank, Oct. 30, 2008 /The FraudBlog Newsletter/ - While the article, "The Hackers Mindset - I did nothing Wrong" by Jon Swartz of USA Today is not new news, it can provide good insight into the makeup of a cybercriminal. It focuses primarily on the TJX hackers and provides the typical definition of a cybercriminal as being young, male and very computer savvy.
However typical, I found the background story on Gonzales having been caught before so engrossing I decided to test the profile myself.
So I thought I would take a look at a couple of other major cyber crime cases. In the past 60 days there have been three very public and big cyber crime cases. In these cases the cybercriminal was young, all under 30, male and they were very computer savvy. (Albert Gonzales - TJX Breach, Ehud Tenenbaum - Direct Cash Management Breach, Vladimir Tsastsin- EstDomain)
In all three of these cases the cybercriminal had been caught doing this before. In 2 of the 3 cases, Gonzales and Ehud Tenenbaum these individuals were actually given lighter sentences for their first transgression by working with law enforcement after being caught.
In all of these cases when the cybercriminal was later presented with a weakness in a business's fraud controls or security measures they exploited them. Regardless of the fact that they had been caught before, they believed they wouldn't get caught again. In all three cases they had escalated the scope and level of their schemes.
Lesson learned, they don't learn their lesson.
About The Fraud Practice
The Fraud Practice, http://www.fraudpractice.com, is a privately held US LLC based in Sarasota, Florida. The Fraud Practice provides consulting services on eCommerce payments, fraud prevention and credit granting as well as prepared research and online training for payment and fraud professionals. Businesses throughout the world rely on The Fraud Practice to help them build and manage their payment, fraud and risk prevention strategies. Utilizing best practices and leveraging key partnerships, our team of industry and technical experts offer customers a single source for learning how to design, deploy, review and integrate fraud prevention practices in their business processes and solutions.
Introduction to Ecommerce Fraud Fundamentals.
Provides participants foundation level knowledge about the theories, best practices and terminology surrounding electronic payment fraud. Presented in a standard format covering the history of eCommerce Fraud, consumer fraud, merchant fraud, fraudster motivation, fraud trends, identity verification and phishing.
ECOMMERCE BUYER FRAUD SIGNALS.
Outlines many different signals that high risk buyers may show looking at factors such as their account activity, profile data, behavior and other signals that can be seen when using different anti-fraud tools.
Ecommerce Fraud Moving from Tools to Solutions.
This session covers what constitutes a fraud solution and categorizes the many types of third party fraud tools. The course outlines the common terminology of fraud solutions and describes the capabilities needed to implement a fraud solution.
- Hackers' Mind-set: They've Done Nothing Wrong - By: Jon Swartz for USA TODAY