The government, policing groups and security organisations are well aware of the criminal opportunities created with email and the internet. The Australian High Tech Crime Centre (AHTCC), which is part of the Australian Federal Police, was launched in 2003 to combat technology-enabled crime.
The AHTCC investigates a range of e-crimes including phishing, fraud, email scams and hacking and is part of the Joint Banking and Financial Sector Investigation Team that aims to prevent and disrupt organised crime groups from accessing personal information. The team has successfully prevented significant fraud against consumers by sharing information among organisations.
Federal Agent Peter Sykora, AHTCC director, says that, on average, there are 400 different phishing emails sent per month. “They come from unique IP [website] addresses. That means millions sent every day to email addresses all over the world.” However, Sykora admits that the numbers are hard to aggregate because the environment changes quickly, and most originate outside Australia, so tracing them is a worldwide collaborative effort.
The AHTCC broadly defines two categories of technology related crimes — traditional crimes (such as theft of money and/or personal information) that use technology, and crimes committed directly against computers. As well as phishing and online fraud, it also includes:
- Computer intrusions, such as malicious hacking.
- Unauthorised modification or destruction of data.
- Denial-of-service (DoS) attacks.
- Distributed Denial of Service (DDoS) attacks using botnets.
- Malicious software, such as viruses, worms and Trojans.
Sykora admits the task of tracking phishing and email scams is “very difficult” because most of the sites are based overseas. “The Centre works with financial institutions and ISPs to block the IP addresses that are used to send scam and phishing emails. We also use our international partnerships to blacklist the address and pass on the information so that the authorities overseas can pursue it.”
The stolen information has a market value and is traded in online forums. Sykora says that “there are hundreds of forums where you can buy stolen information. There’s a whole black economy in trading data.” A stolen credit card number can sell for as little as $5 to $10 dollars, but the information from whaling attacks will be sold for much more.
New, more sophisticated types of phishing attacks are also starting to appear. For example, Sykora says “spear-phishing” targets users more directly and “whaling” is where criminals target CEOs, CFOs and senior managers to get platinum credit card numbers and other highly valuable personal information.
Cyber crime is keeping up with the web and utilising the new phenomenon of social networking sites, such as Facebook, MySpace and Second Life, to collate a great deal of personal information for more specific, targeted phishing attacks. “Criminals can aggregate a lot of information about someone and then send them an email that looks like it comes from a friend,” warns Sykora. You might more easily fall victim to this type of phishing attack by opening an email and following a link because it appears to come from a personal contact.
Keep up with the latest internet threats
Phishing and email scams can also be part of a more significant crime — identity theft. Last year, nearly half a million Australians were victims of identity theft, and email and the internet can provide rich pickings for criminals. Identity theft happens when criminals obtain some, or all, of your personal information which can then be used for money laundering using bank accounts, credit card scams, stolen passports and many other illegal activities.
Identity theft can pose serious problems if it happens to you because it may be some time before you realise and you may never know where your personal information has been traded. You may also need to have all personal details, such as bank account, passport and credit card numbers, renewed — a difficult and time consuming task. See our Identity fraud report.