Академический Документы
Профессиональный Документы
Культура Документы
PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Fri, 25 Feb 2011 02:06:36 UTC
Contents
Articles
Confidence trick Cups and balls Shell game Three-card Monte Shill Sleight of hand Misdirection Fraud Ponzi scheme Pyramid scheme Soapy Smith Franchise fraud White-collar crime List of real-life con artists Scam baiting Scad (scam ad) Social engineering (security) Phishing Penetration test Physical information security SMiShing Vishing Moving scam List of confidence tricks Advance-fee fraud Pig in a poke Thai gem scam White van speaker scam Badger game Clip joint Insurance fraud Fiddle game Pigeon drop Art student scam 1 3 6 9 13 17 19 20 25 28 34 42 46 50 52 53 54 60 74 77 79 80 81 82 95 115 117 118 124 125 127 135 135 136
Psychic surgery Organized crime Identity theft Money laundering Extortion Hacker (computer security)
References
Article Sources and Contributors Image Sources, Licenses and Contributors 176 182
Article Licenses
License 183
Confidence trick
Confidence trick
A confidence trick or confidence game (also known as a bunko, con, flim flam, gaffle, grift, hustle, scam, scheme, swindle or bamboozle) is an attempt to defraud a person or group by gaining their confidence. The victim is known as the mark, the trickster is called a confidence man, con man, confidence trickster, grifter, or con artist, and any accomplices are known as plants. Confidence men or women exploit characteristics of the human psyche such as greed, both dishonesty and honesty, vanity, compassion, credulity, irresponsibility, navet, and the thought of trying to get something of value for nothing or for something far less valuable. Confidence men or women have victimized individuals from all walks of life.
Cups and balls is a kind of gambling which is usually administered as a confidence trick.
History
The first known usage of the term "confidence man" in English was in 1849. It was used by American press during the United States trial of William Thompson. Thompson chatted with strangers until he asked, if they had the confidence, to lend him their watches, whereupon he would walk off with the watch. He was captured when a victim recognized him on the street.[1]
Confidence trick
References
[1] Karen Halttunen, Confidence Men and Painted Women, p 6 ISBN 0-300-02835-0 [2] crimes-of-persuasion.com (http:/ / www. crimes-of-persuasion. com/ Victims/ victims. htm) Fraud Victim Advice / Assistance for Consumer Scams and Investment Frauds [3] A Conversation with James Swain online (http:/ / www. randomhouse. com/ catalog/ display. pperl?isbn=9780345478368& view=auqa)
Further reading
Ball, J. Bowyer; Whaley, Barton (1982). Cheating and Deception (reprint 1991) (http://books.google.com/ books?id=ojmwSoW8g7IC). New Brunswick (USA), London (UK): Transaction Publishers. ISBN0-88738-868-X. Blundell, Nigel (1984) [1982]. The World's Greatest Crooks and Conmen and other mischievous malefactors. London: Octopus Books. ISBN0-7064-2144-2. Dillon, Eamon (2008) [2008]. The Fraudsters: Sharks and Charlatans - How Con Artists Make Their Money. Merlin Publishing. ISBN978-1-903582-82-4. Ford, Charles V. (1999) [1999]. Lies! Lies!! Lies!!!: The Psychology of Deceit (http://books.google.com/ books?id=_FSc5C2bFYUC). American Psychiatric Publishing, Inc.. ISBN978-0-880489-97-3. Henderson, Les (2000). Crimes of Persuasion: Schemes, scams, frauds (http://books.google.com/ books?id=-aJ8d_oewg8C). Coyote Ridge Publishing. ISBN0-9687133-0-0. Kaminski, Marek M. (2004). Games Prisoners Play (http://books.google.com/books?id=YIGzIaNmokgC). Princeton: Princeton University Press. ISBN0-691-11721-7. Maurer, David W. (1999) [1940]. The Big Con: The Story of the Confidence Man and the Confidence Game (reprinted) (http://books.google.com/books?id=xJUOAAAACAAJ). New York: Bobbs Merrill / Anchor Books. ISBN0-385-49538-2. Maurer, David W. (1974). The American Confidence Man (http://books.google.com/ books?id=W6twAAAACAAJ). Springfield: Charles C. Thomas, Publisher. ISBN0-398-02974-1. Sutherland, Edwin Hardin (1937). The Professional Thief (reprint 1989) (http://books.google.com/ books?id=muZuPt327pwC). Chicago: University of Chicago Press. ISBN978-0-226-78051-1.
External links
"Arrest of the Confidence Man" (http://chnm.gmu.edu/lostmuseum/lm/328/) New York Herald, 1849 Dateline NBC investigation (http://www.msnbc.msn.com/id/17697615/) 'To Catch a Con Man'
Gazzo Macee, (aka Gary Osborne), has also influenced the theory and thinking of the traditional cups and balls routine by performing an extended routine, sometimes over thirty minutes in length, producing several large fruit and a melon from under a hat. He performs the cups and balls as an interactive comedic routine in his repertoire of street magic - a routine, incidentally, that borrows heavily from the Vernon routine. Other modern performers have altered the number of cups used in the effect. John Ramsay, David Williamson and Tommy Wonder, for example, have performed routines with only two cups. Some performers have also performed a variation on the Traditional Cups and Balls routine with only one cup (though this is different from the Chop Cup routine).
Chop Cup
A fairly modern development is the 'Chop Cup'. The cup can be lifted to be shown empty and replaced on the table. The ball then appears when the cup is lifted again. The inventor of the idea behind the trick is unknown but the modern method was popularized around 1954 by Al Wheatley who performed with his wife in a Chinese-costumed act called "Chop Chop and Charlene. The Chicago close-up magician Don Alan performed his streamlined 'Chop Cup' routine on television which was then immediately imitated by magicians. Many magicians today have variations of this routine in their repertoire.
Cups and balls Castle, which comprises an appealing premise to the lay audience.
Noted performers
Michael Ammar, Paul Gertner, Aldo Colombini, Rafael Benatar, Paul Daniels, Gazzo, Bob White, Johnny Thompson and Al Schneider are among the world's leading professional practitioners of Cups and Balls magic. Other celebrated performers but now deceased included Bosco, Conus, "Pop" Krieger, Malini, S.Leo Horowitz (also known as Mohammed Bey), E.G. Brown, Dai Vernon, Charlie Miller, Johnny Platt,, Ross Bertram, Johnny Paul, Mike Rogers, Bob Read and the street magician/busker, Jim Cellini, who died in 2009.
Noted authorities
Bill Palmer of Houston, Texas, owns the world's largest collection of cups. He owns and operates the online "Cups and Balls Museum". A password is required to enter and browse the museum but this is usually issued promptly, free of charge, upon request. In addition, Palmer is generally regarded as the single most authoritative source of knowledge on virtually all aspects of the subject. The estate of the late British magician, Bob Read, owns the world's largest collection of prints depicting cups and balls magic, a popular subject of pre-20th century artists. Michael Ammar's "The Complete Cups And Balls", available both in book form and in a two-volume DVD set, is generally considered the most comprehensive course of instruction on cups and balls techniques. There is, however, an enormous body of literature on cups and balls spanning a period of some two thousand years but with most of it concentrated from the 18th century onward to the present day.
External links
RNT2 - World's Largest Manufacturer of Cups and Balls [4] Cups and Balls Magic - Reviews, Articles and News [5] YouTube: Penn and Teller's Cups and balls [6] YouTube: Tim Ellis' FISM award winning Cups and balls [7] YouTube: Cups and balls performed by [[Tommy Wonder (magician)|Tommy Wonder [8]]] Cups and Balls Feature on Ye Olde Magick Blogge [9]
References
[1] See introduction to Cups and Balls Magic by Tim Osborne (1937) [2] "shell game". Encyclopdia Britannica. 2009. http:/ / www. britannica. com/ EBchecked/ topic/ 539702/ shell-game [3] Musgrave, Andrew (2010). "Penn and Teller Expose the Cups and Balls" (http:/ / sleightly. com/ blog/ 2010/ 02/ 22/ penn-and-teller-expose-the-cups-and-balls/ ). Ye Olde Magick Blogge. . [4] http:/ / www. rnt2. com/ [5] http:/ / www. cupsandballsmagic. com/ [6] http:/ / www. youtube. com/ watch?v=BPyvAtQYVok [7] http:/ / www. youtube. com/ watch?v=xV30vPxEhZo [8] http:/ / www. youtube. com/ watch?v=eKwiE6DgxFc [9] http:/ / sleightly. com/ blog/ cups-and-balls/
Shell game
Shell game
The shell game (also known as Thimblerig, Three shells and a pea, the old army game) is portrayed as a gambling game, but in reality, when a wager for money is made, it is a confidence trick used to perpetrate fraud. In confidence trick slang, this famous swindle is referred to as a short-con because it is quick and easy to pull off.
"Play"
The game requires three shells (thimbles, walnut shells, bottle caps, plastic cups, and even match boxes have been used), and a small, soft round ball, about the size of a pea, and often referred to as such. It can be played on almost any flat surface, but on the streets it is often seen played on a mat lying on the ground, or on a cardboard box. The person perpetrating the swindle (called the thimblerigger, operator, or shell man) begins the game by placing the pea under one of the shells, then quickly shuffles the shells around. Once done shuffling, the operator takes bets from his An illegal shell game performed with bottle caps on Fulton Street in New York City audience on the location of the pea. The audience is told that if a player bets and guesses correctly, the player will win back double his bet (that is, he will double his money); otherwise he loses his money. However, in the hands of a skilled operator, it is not possible for the game to be won, unless the operator wants the player to win or if the player is allowed to touch the shells, in which case the player has a chance. The player must turn over any two shells saying that the pea is under neither of these. Since the pea is usually palmed, it is not under any of the shells and the operator has no choice but to pay up. This can only be done once. When an individual not familiar with the shell game encounters a game on the streets, it appears that bets are being placed by numerous players, when in reality, the people around the game are shills who are all part of the confidence trick. The apparent players actually serve various roles in the swindle: they act as lookouts for the police; they also serve as "muscle" to intimidate marks who become unruly and some are shills, whose job is to pretend to play the game, and entice the mark into betting. Once a mark enters the circle of apparent players and faces the operator, the gang surrounds them to discourage an easy exit and to keep other pedestrians from entering and disrupting the confidence trick gang's action on the main mark. The job of crowding around also protects the operator from any incriminating photographs being taken of the act. The operator and the shills will try to get the mark into a heightened state of anger or greed. Once this is accomplished, one shill will pretend to disclose a winning strategy to the mark. It is all a ruse to get the mark to place a large bet.
Shell game
The operator's trick is sleight of hand. A skilled operator can remove a pea from under any shell (or shells) and place it (or not) under any shell (or shells) undetected by a mark. So it is never of any benefit for the mark to watch the movement of either the shells or the operator's hands. When the operator has finished moving the shells around, he asks the mark if they wish to bet on the play. If a mark agrees, they have to place their money down before they can point to a shell. Using sleight of hand, the pea is revealed to be under a different shell than chosen. If no mark wants to play, one of the shills may start An illegal shell game in Drottninggatan, a street in Stockholm. the play in order to animate the mark. The shill will either lift a shell which is "obviously" wrong and will lose his money, or he lifts the "obvious" shell and wins. Or he may pretend that he has discovered some trick, and either "succeed" or clumsily fail. The game should not be mistaken for an honest game. It is not possible for a mark to win, even if they know how the trick is worked, or even if they "accidentally" pick the shell that actually has the pea under it. Through very skilled sleight of hand, the operator can easily hide the pea, without the mark's seeing him do so. Any player who is suspected of understanding the trick, or does not place a bet and just wants to watch, will be quickly edged away from the table by the shills or the muscle. The shell game set-up and lay-out is quick and simple, so that in the event of trouble, or if they are signaled that authorities are approaching, they can remove all traces of the game in seconds.
History
The shell game dates back at least to Ancient Greece.[1] It can be seen in several paintings of the European Middle Ages. A book published in England in 1670 (Hull Elections - Richard Perry and his fiddler wife) mentions the thimblerig game. In the 1790s, it was called "thimblerig" as it was originally played using sewing thimbles. Later, walnut shells were used, and today the use of bottle caps is very common. It was believed to be introduced to the U.S. by a Dr. Bennett. The swindle became very popular throughout the nineteenth century, and games were often set up in or around traveling fairs. Fear of jail kept these shell men traveling from one town to the next, never staying in one place very long. One of the most infamous confidence men of the nineteenth century, Jefferson Randolph Smith, known as Soapy Smith, led organized gangs of shell men throughout the mid-western United States, and later in Alaska.
Today, the game is still being played for money in many major cities around the world, usually at locations with a high tourist concentration (for example: New York and Los Angeles, in the United States, La Rambla in Barcelona, Spain, Gran Via in Madrid, Kurfrstendamm in Berlin, Germany, Bahnhofsviertel in Frankfurt am Main). The swindle is classified as a confidence trick game, and illegal to play for money in most countries.
"The Conjurer," painted by Hieronymus Bosch. The painting accurately displays a performer doing the cups and ballscups and balls routine, which has been practiced since Egyptian times. The shell game does have some origins in this old trick. The real trick of this painting is the pickpocket who is working for the conjurer. The pickpocket is robbing the spectator who is bent over.
Shell game The game also inspired a pricing game on the game show The Price Is Right, in which contestants attempt to win a larger prize and choices of four shells, one of which hides a ball, by correctly pricing smaller prizes.
Bibliography
Bishop, Glen, The Shellgame - For Tableside Tricksters, 2000 Price, Paul, The Real Work: Essential Sleight Of Hand For Street Operators, 2001 Whit Haydn and Chef Anton, Notes on Three-card Monte
Notes
[1] "Shell Game." Encyclopaedia Britannica. http:/ / www. britannica. com/ EBchecked/ topic/ 539702/ shell-game
External links
Play the shell game (http://soapysmith.net/page9.html), Play the several versions of the shell game and see video clips of the shell game being performed. How do big city shell games work? (http://www.howstuffworks.com/question590.htm)
Three-card Monte
Three-card Monte
"Three-card monte" is also a name for the original, non-casino version of Three-Card Poker.
Three-card Monte
A three-card Monte game in Jaffa, Israel. It has all the hallmarks of the con; the cards are slightly curved, the corners have been bent and the dealer has the cash in hand to conceal any sleight-of-hand. Origin Type Players Skills required Cards Deck Playing time Random chance Spanish Gambling Np. Chance 3 Anglo-American 5-10 min. Easy Related games Monte Bank
Three-card Monte, also known as the Three-card marney, Three-card trick, Three-Way, Three-card shuffle, Menage-a-card, Triplets, Follow the lady, Les Trois Perdants, Find the lady, or Follow the Bee is a confidence game in which the victim, or mark, is tricked into betting a sum of money, on the assumption that they can find the money card among three face-down playing cards. In its full form, Three-card Monte is an example of a classic short con in which a shill pretends to conspire with the mark to cheat the dealer, while in fact conspiring with the dealer to cheat the mark. This confidence trick was already in use by the turn of the 15th century,[1] having a great deal in common with the shell game; they are the same except that cards are used instead of "shells".[2]
Rules
The three-card Monte game itself is very simple. To play, a dealer places three cards face down on a table, usually on a cardboard box which provides the ability to set up and disappear quickly.[3] The dealer shows that one of the cards is the target card, e.g., the Queen of Hearts, and then rearranges the cards quickly to confuse the player about which card is which. The player is then given an opportunity to select one of the three cards. If the player correctly identifies the Queen of Hearts, the player wins an amount equal to the amount bet; otherwise, he loses his stake.
Three-card Monte
10
Drawing a player in
When the mark arrives at the three-card Monte game, it is likely that a number of other players will be seen winning and losing money at the game. The people engaged in playing the game are often shills, confederates of the dealer who pretend to play so as to give the illusion of a straight gambling game. As the mark watches the game, they are likely to notice that they can follow the queen more easily than the shills seem to be able to, which sets them up to believe that they can beat the game. Eventually, if the mark enters the game, they will be cheated through any number of methods. An example of a simple scheme involves a dealer and two shills: The dealer and shills act as if they do not know each other. The mark will come upon a game being conducted in a seemingly clandestine manner, perhaps with somebody "looking out" for police. The dealer will be engaged in his role, with the first shill betting money. The first shill may be winning, leading the mark to observe that easy money may be had, or losing, leading the mark to observe that he could beat the game and win money where the first shill is losing it. A three-card Monte stand in Warsaw, July 1944 While the mark is watching, the second shill, acting as if he is a casual passerby like the mark, will casually engage a mark in conversation regarding the game, commenting on either how easily the first shill is winning or how he is losing money because he cannot win at what appears to the mark to be a simple game. This conversation is engineered to implicitly encourage the mark to play, and it is possible the second shill could resort to outright encouragement. If the mark does not enter the game, the dealer may claim to see police and will fold up his operation and restart it elsewhere, or will wait for another mark to appear on the scene. If the mark enters the game, they may be "had" (cheated) by a number of techniques. A common belief is that the operator may let the mark win a couple of bets to suck them in, but this is virtually never true. In a true Monte scam, the mark is unlikely to ever win a single bet. It is simply not necessary. There are just too many ways for a well-run mob to attract the marks, suck them in, and convince them to put money down. When the dealer and the shills have taken the mark, a lookout, the dealer, or a shill acting as an observer will claim to have spotted the police. The dealer will quickly pack up the game and disperse along with the shills.
How it is done
Dealers employ sleight of hand[5] and misdirection to prevent the mark from finding the queen. Several moves are in common use.
The throw
In the throw, the dealer holds 2 cards face down in one hand. The top card is held between the thumb and second finger; the bottom card is held below it, between the thumb and third finger. The dealer then sweeps his hand down and throws one card on the table. The mark naturally assumes that the dealer has thrown the bottom card; however, the dealer may throw either the bottom card, by releasing his third finger, or the top card, by releasing his second finger.
Three-card Monte Done properly, the throw makes it virtually impossible for an observer to tell which card has fallen. Even shills can't reliably follow cards through the throw. Three card Monte crews use secret signals so that the dealer can tell the shills where the queen is.[5] The throw accounts for the characteristic sideways motion of the dealer's hands as the cards are moved around on the table.
11
Dealer's scams
If the mark picks the right card, one of the shills will simply post a higher bid, which the dealer immediately accepts, saying "I only accept the highest bid." In other words, the mark may put down $20 on the right card. A shill will then throw down $40 on top of the card, thereby winning the "right" to play that round. Of course, if the mark picks the wrong card, the dealer takes the bid and the money. The dealer will never, ever, accept a winning bid from a mark.
Legality
In Canada, under section 206(1) of the Criminal Code of Canada, it is illegal to do the following in relation to the three-card monte: Receive bets Induce any person to stake or hazard any money or other valuable property Carry on or play or offer to carry on or play in a public place Employ any person to carry on or play in a public place Allow the game to take place (the owner of the premise)
They are indictable offences, with the maximum penalty of two years in prison.[6]
Three-card Monte
12
Historic
It was taking a victim with Three-card Monte, on July 7, 1898, that caused the shooting death, two days later, of infamous con man Soapy Smith.[7] After revealing the secret behind the trick on British television, American illusionist John Lenahan was expelled from the Magic Circle. The play Topdog/Underdog features three-card Monte as a significant plot device. "Canada Bill" Jones (18201877), was considered a master of the Three Card Monte in the middle of the 19th century in America.[8]
References
[1] Paul B. Newman Daily life in the Middle Ages (http:/ / books. google. com/ books?id=O8GKt_PPjr8C& pg=PA169& dq=three+ card+ monte+ daily+ life+ in+ the+ middle+ ages& lr=& hl=cs#v=onepage& q=& f=false), pg. 169, McFarland (2001) ISBN 0786408979 [2] Tom Ogden The Complete Idiot's Guide to Magic Tricks, pg. 123, - Alpha Books (1998) ISBN 0028627075 [3] Richard John Neuhaus The best of The Public square, pg. 203, Wm. B. Eerdmans Publishing Company (2001) ISBN 0802849954 [4] Three Card Monte at (http:/ / www. pagat. com/ misc/ monte. html) at Pagat.com [5] Penn Jillette, radio interview, NPR, ca. 2000 [6] Criminal Code of Canada (http:/ / laws. justice. gc. ca/ eng/ C-46/ 20100510/ page-5. html?rp2=SEARCH& rp3=SI& rp1=three-card monte& rp4=all& rp9=cs& rp10=L& rp13=50#codese:206) [7] Sauerwein, Stan (2005), Soapy Smith, Skagway's Scourge of the Klondike [8] William Norman Thompson Gambling in America: an encyclopedia of history, issues, and society (http:/ / books. google. com/ books?id=-9eNVovFFMoC& pg=PA205& dq=three+ card+ monte& lr=& hl=cs#v=onepage& q=three card monte& f=false), pg. 205, ISBN 1576071596
Notes
Haydn, Whitand Anton, Chef (2001) Whit Hayden and Chef Anton present the School for Scoundrels notes on three-card monte School for Scoundrels, Alta Loma, California, OCLC 53922163 (http://www.worldcat.org/ oclc/53922163) Lizardi, Jos Joaqun Fernndez de (1942)The Itching Parrot (translation of (1816) Periquillo Sarniento) Doubleday, Garden City, New York, OCLC 838797 (http://www.worldcat.org/oclc/838797); republished in 2000 under the title The mangy parrot: the life and times of Periquillo Sarniento: written by himself for his children Hackett Publishing, Indianapolis, Indiana, ISBN 0-87220-669-6
External links
Video walkthrough of a classic street Three Card Monte ruse (http://video.google.com/ videoplay?docid=-163435387173807719) on Video Google Detailed step by step on how to perform the Three Card Monte (http://www.free-card-tricks.net/ 3-card-monte-card-trick.html) Epinions review of Three Card Monte (http://www.epinions.com/content_19940937348) Video showing Three card Monte trick with cards (http://www.card-trick.net/cardtrick13a.htm) Slide show focusing on the actions and expressions of Times Square Three Card Monte "players" in New York City (http://picasaweb.google.com/john.van.v/Forty_deuce_Monte#slideshow/5270172784445738546)
Shill
13
Shill
A shill or plant is a person who helps another person or organization to sell goods or services without disclosing that he or she has a close relationship with the seller. The shill pretends to have no association with the seller/group and gives onlookers the impression that he or she is an enthusiastic independent customer. The person or group that hires the shill is using crowd psychology, to encourage other onlookers or audience members (who are unaware of the set-up) to purchase the said goods or services. Shills are often employed by confidence artists. The term is also used to describe a person who is paid to help a political party or other advocacy organization to gain adherents; as with the situation of selling goods or services, the shill gives the impression of being unrelated to the group in question, and gives the impression that he or she finds merit in the ideological claims of the political party. Shilling is illegal in many circumstances and in many jurisdictions[1] because of the frequently fraudulent and damaging character of the shill's actions. However, if a shill does not place uninformed parties at a risk of loss, but merely generates "buzz", the shill's actions may be legal. For example, a person planted in an audience to laugh and applaud when desired (see claque), or to participate in on-stage activities as a "random member of the audience", is a type of legal shill.
Auctioneer and assistants, Cheviot, Ohio "Shill" can also be used pejoratively to describe a critic who appears either all-too-eager to heap glowing praise upon mediocre offerings, or who acts as an apologist for glaring flaws. In this sense, they would be an implicit "shill" for the industry at large, possibly because their income is tied to its prosperity. The origin of the term shill is uncertain; it may be an abbreviation of the Yiddish shillaber. The word originally denoted a carnival worker who pretended to be a member of the audience in an attempt to elicit interest in an attraction. Some sources trace the usage only back to 1914.[2] [3]
Internet
In online discussion media, satisfied consumers or "innocent" parties may express specific opinions in order to further the interests of an organization in which they have an interest, such as a commercial vendor or special interest group. Websites may also be set up for the same purpose. For example, an employee of a company that produces a specific product may praise the product anonymously in a discussion forum or group in order to generate interest in that product, service or group. In addition, some shills use sock puppetry where they sign on as one user soliciting recommendations for a specific product or service. They then sign on as a different user pretending to be a satisfied customer of a specific company. In some jurisdictions and circumstances this type of activity may be illegal. In addition, reputable organizations may prohibit their employees and other interested parties (contractors, agents, etc.) from participating in public forums or discussion groups in which a conflict of interest might arise, or will at least insist that their employees and agents refrain from participating in any way that might create a conflict of interest. For example, the plastic surgery company, Lifestyle Lift, ordered their employees to post fake positive reviews on websites. As a result, they were sued, and ordered to pay $300,000 in damages by the New York Attorney General's office. Said Attorney General Andrew Cuomo: "This companys attempt to generate business by duping consumers was cynical, manipulative, and illegal. My office has [been] and will continue to be on the forefront in protecting consumers against emerging fraud and deception, including astroturfing, on the Internet."[4]
Shill
14
Sock puppets
Sometimes shills may be used to downplay legitimate complaints posted by users on the Internet. See Spin (public relations) and sock puppet (internet).
Gambling
Both the illegal and legal gambling industries often use shills to make winning at games appear more likely than it actually is. For example, illegal Three-card Monte and Shell game peddlers are notorious employers of shills. These shills also often aid in cheating, disrupting the game if the "mark" is likely to win. In a legal casino, however, a shill is sometimes a gambler who plays using the casino's money in order to keep games (especially poker) going when there are not enough players. (This is different from a "proposition player" who is paid a salary by the casino for the same purpose, but bets with their own money.)
Marketing
In marketing, shills are often employed to assume the air of satisfied customers and give testimonials to the merits of a given product. This type of shilling is illegal in some jurisdictions but almost impossible to detect. It may be considered a form of unjust enrichment or unfair competition, as in California's Business & Professions Code 17200, which prohibits any "unfair or fraudulent business act or practice and unfair, deceptive, untrue or misleading advertising".
Auctions
Shills, or "potted plants", are sometimes employed in auctions. Driving prices up with phony bids, they seek to provoke a bidding war among other participants. Often they are told by the seller precisely how high to bid, as the seller actually pays the price (to himself, of course) if the item does not sell, losing only the auction fees. Shilling has a substantially higher rate of occurrence in online auctions, where any user with multiple accounts (and IP addresses) can shill without aid of participants. Many online auction sites employ sophisticated (and usually secret) methods to detect collusion. The online auction site eBay forbids shilling; its rules do not allow friends or employees of a person selling an item to bid on the item. [5]
Journalism
The term is applied metaphorically to journalists or commentators who have vested interests in or associations with parties in a controversial issue. Usually this takes the form of a show or network pretending to be offering news when in fact they are simply repeating talking points offered by a political party. Journalistic ethics require full disclosure of conflicts of interest, and of any interference by other parties with the reportage. More specifically, there is historical cases of Journalists in private media organisations being covert representatives of government and/or businesses. In these roles the journalists will present positive stories about their respective interests at key moments in order to influence public opinion. This is often achieved by claiming to have access to anonymous government or business sources. At other times, the links may actually appear overt to some, but not to the intended audience such as with Radio Free Europe, a broadcaster which targeted Eastern European audiences on behalf of the Central Intelligence Agency. An extension of these tactics is the practice of monitoring news outlets prior to or during publication. Often when a negative story is discovered attempts are made first to stop it. However as this can, in some societies, draw attention to what could otherwise be a minor story, Shill's are used to put out alternative views, either to confuse the public about the legitimacy of the story or to outright convince them that it is a lie.
Shill
15
Interrogations
Police or military interrogators sometimes use undercover agents (called "plants") to assist with the interrogation of an individual or suspect. The plant can pose as a fellow inmate or internee, build a rapport and earn the confidence of the interviewee. The plant may subtly suggest that telling the interrogators what they want to know is the sensible or right thing to do. Even if no outright confessions are obtained, minor details and discrepancies that come out in supposedly innocent conversation can be used to chip away at the interviewee. Some plants are in reality inmates or prisoners of war who have been promised better treatment and conditions in return for helping with the interrogation, as in the character played by William Hurt in the film Kiss of the Spider Woman. One notorious UK case is that of Colin Stagg, a man who was falsely accused of the murder of Rachel Nickell, in which a policewoman posed as a potential love interest to try to tempt Stagg to implicate himself.
The experimenter (E) orders the teacher (S), the subject of the experiment, to give what the latter believes are painful electric shocks to a learner (A), who is actually an actor and confederate. The subject believes that for each wrong answer, the learner was receiving actual electric shocks, though in reality there were no such punishments. Being separated from the subject, the confederate set up a tape recorder integrated with the electro-shock generator, which played pre-recorded sounds for each shock level.
Shill more prominent voice. Another concept in foreign policy is seen in sovereign alliances. In these instances, an allied country acts on behalf of anothers interests so that it appears that the original power does not want to get involved. This is useful in situations where there is little public support in the original country for the actions. This type of collusion is typically practiced between countries that share common goals and are capable of returning favours. An example of this may be Cuba's role during the Cold War, in sending active combat troops to wars in Africa when it was unpalatable for the USSR to do so.
16
Undercover Operations
During covert operations or police investigations agents may routinely claim to be of political views or a part of an organisation in order to gain the confidence of the people they wish to surveil. Sometimes this goes further with the agents participating in acts on behalf of the organisations they infiltrate or falsely represent as was the case during the Operations like Gladio and Chaos. Often the end goal is not just to gain information about the organisation but to discredit them in the eyes of the public. However, these kinds of actions are more similar to False Flag Operations then typical Undercover Operations. In other examples, operatives may act in a manner they deem positive to assist an organisation they cannot have overt ties to.
References
[1] "FTC v. Greeting Cards of America, Inc. et al' - [[United States of America|USA (http:/ / www. ftc. gov/ bcp/ internet/ cases-internet. pdf)]"]. ftc.gov. . [2] "Shill" (http:/ / www. merriam-webster. com/ dictionary/ shill). merriam-webster.com. . [3] Note: Shillaber as a surname was known in the US during the 19th Century. [4] "Attorney General Cuomo secures settlement with plastic surgery franchise that flooded internet with false positive reviews. Cuomo's deal is first case in nation against growing practice of "astroturfing" on Internet 'Lifestyle Lift' Will Pay $300,000 in Penalties and Costs to New York State" (http:/ / www. oag. state. ny. us/ media_center/ 2009/ july/ july14b_09. html). oag.state.ny.us. . Retrieved 25 November 2010. [5] "Man fined over fake eBay auctions" (http:/ / news. bbc. co. uk/ newsbeat/ hi/ technology/ newsid_10500000/ newsid_10508900/ 10508913. stm). BBC. 2010-07-05. . [6] Reference: Volume 36, Number 4, August 2003, E-ISSN: 1530-9282 Print ISSN: 0024-094X, "Decon 2 (Decon Squared): Deconstructing Decontamination", August 2003, pp.285-290
External links
FTC v. Greeting Cards of America, Inc. et al (http://www.ftc.gov/bcp/internet/cases-internet.pdf) EBay's shill policy (http://pages.ebay.com/help/policies/seller-shill-bidding.html) Catalog of hundreds of examples of shilling in news, retail and on the streets (http://www. howtheychangeyourmind.com/) Political Shilling in India Elections (http://www.jeetegakaun.in/gujarat_elections_2007/thread.php?id=488) a live example
Sleight of hand
17
Sleight of hand
Sleight of hand, also known as prestidigitation ("quick fingers") or legerdemain, is the set of techniques used by a magician (or card sharp) to manipulate objects such as cards and coins secretly.[1] Sleight of hand is not a separate branch of magic, but rather one of the means used by a magician to produce an effect. It can be contrasted with the flourish, where the magician intentionally displays skills, such as the ability to cut cards one-handed, which is akin to juggling. Advanced sleight of hand requires months or years of practice before it can be performed proficiently in front of spectators. Sleight of hand is mostly employed in close-up magic, but it can also be used in stage magic. There are hundreds of different sleights at the performer's disposal, but they can generally be classified into groups such as switches, changes, and others. There are several stories about magicians using sleight of hand in real life, such as when American illusionist David Copperfield used sleight of hand to fool a mugger into thinking he had nothing in his pockets, even though he was carrying a cellphone, passport and wallet.[2]
Etymology
Sleight, meaning dexterity or deceptiveness, comes from the Old Norse slg,[3] meaning cleverness, cunning, slyness.[4] Sleight of hand is often mistakenly written as slight of hand or slide of hand. Slight descends from the Old Norse slettr, meaning plain, flat, even, smooth, level. [5] .
Sleight of hand
18
This concept of seven principles of sleight of hand was created by Penn & Teller for their effect and routine. In "The Trick Brain", Fitzkie identifies 17 fundamental effects in magic. However it is debatable that the changes in position, material, form, color, size, temperature and weight could all be classified as a change. 1. Production 2. Vanish 3. Change in position 4. Change in material 5. Change in form 6. Change in color 7. Change in size 8. Change in temperature 9. Change in weight 10. Magnetism 11. Levitation 12. Penetration 13. Restoration 14. Remote control 15. Sympathy 16. Divination (Comprising all feats of mental magic) 17. Prediction
Deceit
Sleight-of-hand techniques can also be used to cheat in gambling games, in street con games such as the three-shell game, or three-card monte to steal, or, in some cases, to claim supernatural powers, as in the performances of some 19th- and early 20th-century spirit mediums. For this reason, the term "sleight of hand" frequently carries negative associations of dishonesty and deceit, and is also used metaphorically outside the above contexts. The techniques used by gamblers, however, are often very different from those employed by magicians; similarly, the techniques used by some psychics or spirit mediums are often different from those found in "straight" close-up magic and mentalism. The differences, however, are due to the different working conditions and the different degrees of proximity between spectators and performer; the same basic techniques and approaches are common in all the areas of deception mentioned.
Sleight of hand
19
Performers
Some of the most influential figures in sleight-of-hand and close-up magic have been Doug Henning, John Scarne, Jay Sankey, Dai Vernon, Roy Walton, David Copperfield, Tony Slydini, David Roth, Ed Marlo, Deniz Gaberz-Mah, Tommy Wonder, Michael Ammar, Ricky Jay, David Blaine, Teller of Penn and Teller, Cyril Takayama, Aaron Fisher, David Stone, Ryan MIleti, Rocco Silano, Lu Chen, Larry Jennings, and Alexander Herrmann. Performers often encourage their audience to believe they have used sleight of hand when they are actually using another principle or gimmick as the means of misdirecting the audience. For example, if one is performing something as simple as the appearing/disappearing coins using a thumb tip, the trick lies in the gimmick, but the audience is led to believe that the performer has done something very complex to hide the coins. This directs them away from thinking of a method as simple as the thumb tip.
References
[1] "Conjuring" (http:/ / www. 1911encyclopedia. org/ Conjuring). 1911 Britannica. Love To Know Classic Encyclopedia. . Retrieved 2007-12-29. "The employment of purely manual dexterity without mechanical apparatus may be distinguished as legerdemain, prestidigitation or sleight of hand.". [2] "Magician David Copperfield robbed after show at Kravis Center" (http:/ / www. palmbeachpost. com/ localnews/ content/ local_news/ epaper/ 2006/ 04/ 25/ 0425copperfield. html). . Retrieved 2008-01-11. [3] [4] [5] [6] [7] [8] "Merriam-Webster On Line Dictionary" (http:/ / www. meriam-webster. com/ dictionary/ sleight). . Retrieved 2007-12-29. "Online Etymology Dictionary" (http:/ / www. etymonline. com/ index. php?term=sleight). . Retrieved 2009-03-16. "Germanic Lexicon Project" (http:/ / lexicon. ff. cuni. cz/ corrections/ pdf/ cv_b0567. pdf). . Retrieved 2008-11-22. Hay, Henry. Cyclopedia of Magic (1st Ed. ed.). USA: Philadelphia: David McKay Company. Hay, Henry. Cyclopedia of Magic (reprint ed.). Dover Publications. pp.498 pages. ISBN978-0486218083. "Penn and Teller Explain Sleight of Hand" (http:/ / www. youtube. com/ watch?v=_qQX-jayixQ& NR=1). You Tube. . Retrieved 2007-12-29.
Misdirection
Misdirection may refer to: a technique used when performing magic tricks (see Misdirection (magic)) a technique used in strategy games and warfare (see Feint) an incorrect charge given by a judge to a jury (see Misdirection (Legal)) a technique employed by criminals (see Pickpocketing) a technique used by the intelligence services (see Limited hangout) a technique used in American Football (see Counter Trey) a technique used in fast talk (see Psychobabble and Technobabble)
Fraud
20
Fraud
According to the Collins English Dictionary 10th Edition fraud can be defined as: "deceit, trickery, sharp practice, or breach of confidence, perpetrated for profit or to gain some unfair or dishonest advantage".[1] In the broadest sense, a fraud is an intentional deception made for personal gain or to damage another individual; the related adjective is fraudulent. The specific legal definition varies by legal jurisdiction. Fraud is a crime, and also a civil law violation. Defrauding people or entities of money or valuables is a common purpose of fraud, but there have also been fraudulent "discoveries", e.g. in science, to gain prestige rather than immediate monetary gain. A hoax also involves deception, but without the intention of gain, or of damaging or depriving the victim; the intention is often humorous.
Cost of fraud
The typical organization loses 5 percent of its annual revenue to fraud, with a median loss of $160,000. Frauds committed by owners and executives were more than nine times as costly as employee fraud. The industries most commonly affected are banking, manufacturing, and government.[2]
marriage fraud to obtain immigration rights without entitlement rigged gambling games such as the shell game
Fraud securities frauds such as pump and dump tax fraud, not reporting revenue or illegally avoiding taxes. In some countries, tax fraud is also prosecuted under false billing or tax forgery[3]
21
Elements of fraud
Common law fraud has nine elements:[4] [5] 1. 2. 3. 4. 5. 6. 7. 8. 9. a representation of an existing fact; its materiality; its falsity; the speaker's knowledge of its falsity; the speaker's intent that it shall be acted upon by the plaintiff; plaintiff's ignorance of its falsity; plaintiff's reliance on the truth of the representation; plaintiff's right to rely upon it; and consequent damages suffered by plaintiff.
Most jurisdictions in the United States require that each element be pled with particularity and be proved with clear, cogent, and convincing evidence (very probable evidence) to establish a claim of fraud. The measure of damages in fraud cases is to be computed by the "benefit of bargain" rule, which is the difference between the value of the property had it been as represented, and its actual value. Special damages may be allowed if shown proximately caused by defendant's fraud and the damage amounts are proved with specificity.
Action Fraud
Action Fraud is the UK's national fraud reporting service, run by the National Fraud Authority. Action Fraud is the place to go to get information and advice about fraud, as well as to report fraud. UK citizens can report fraud online or by calling 0300 123 2040. When a fraud is reported to Action Fraud, victims are given a crime reference number and their case is passed on to the National Fraud Intelligence Bureau (NFIB), which is run by the City of London's police service.
22 also has an A-Z of fraud describing different types of fraud, and offers prevention
Notable fraudsters
Frank Abagnale Jr., US impostor who wrote bad checks and falsely represented himself as a qualified member of professions such as airline pilot, doctor, and attorney. The film Catch Me If You Can is based on his life. Eddie Antar, founder of Crazy Eddie, who has about $1 billion worth of judgments against him stemming from fraudulent accounting practices at that company. Cassie Chadwick, who pretended to be Andrew Carnegie's illegitimate daughter to get loans. Salim Damji is a convicted fraud artist who defrauded millions of dollars in an affinity fraud. The money came mostly from relatives and members of the closely-knit Ismaili community. His $78 million scam was among the largest in Canadian history [7]. Charles Dawson, an amateur British archeologist who claimed to have found the Piltdown man. Marc Dreier, Managing founder of Attorney firm Dreir LLP. Prosecutors allege that from 2004 through December 2008, He sold approximately $700 million worth of fictitious promissory notes.[8] Bernard Ebbers, founder of WorldCom, which inflated its asset statements by about $11 billion. Ramn Bez Figueroa, banker from the Dominican Republic and former President of Banco Intercontinental. Sentenced on October 21, 2007 to ten years in prison for a US $2.2 billion fraud case that drove the Caribbean nation into an economic crisis in 2003. Martin Frankel is a former U.S. financier, convicted in 2002 of insurance fraud worth $208 million, racketeering and money laundering. Samuel Israel III, former hedge fund manager that ran the former fraudulent Bayou Hedge Fund Group. He faked suicide. Ashok Jadejahas been accused of cheating people from across India of scores of rupees on the pretext of having divine blessings. Konrad Kujau, German fraudster and forger responsible for the "Hitler Diaries". Kenneth Lay, the American businessman who built energy company Enron. He was one of the highest paid CEOs in America until he was ousted as Chairman and was convicted of fraud and conspiracy, although as a result of his death, his conviction was vacated.[9] Nick Leeson, English trader whose unsupervised speculative trading caused the collapse of Barings Bank. James Paul Lewis, Jr., ran one of the biggest ($311 million) and longest running Ponzi Schemes (20 years) in US history. Gregor MacGregor, Scottish conman who tried to attract investment and settlers for the non-existent country of Poyais. Bernard Madoff, creator of a $65 billion Ponzi scheme - the largest investor fraud ever attributed to a single individual. Colleen McCabe, British headmistress who stole million from her school. Gaston Means, a professional conman during U.S. President Warren G. Harding's administration. Matt the Knife, American born con artist, card cheat and pickpocket who, from the ages of approximately 14 through 21, bilked dozens of casinos, corporations and at least one Mafia crime family out of untold sums. Barry Minkow and the ZZZZ Best scam. Michael Monus, founder of Phar-Mor, which ultimately cost its investors more than $1 billion. F. Bam Morrison, who conned the town of Wetumka, Oklahoma by promoting a circus that never came. Lou Pearlman, former boy-band manager indicted by a federal grand jury in Orlando on charges that he schemed to bilk banks out of more than $100 million. Frederick Emerson Peters, US impersonator who wrote bad checks.
Fraud Thomas Petters is an American masquerading as a business man who turned out to be a con man and was the former CEO and chairman of Petters Group Worldwide.[10] Petters resigned his position as CEO on September 29, 2008, amid mounting criminal investigations.[11] He later was convicted for turning Petters Group Worldwide into a $3.65 billion Ponzi scheme[12] and was sentenced to 50 years in federal prison. Charles Ponzi and the Ponzi scheme. Alves Reis, who forged documents to print 100,000,000 PTE in official escudo banknotes (adjusted for inflation, it would be worth about US$150 million today). Christopher Rocancourt, a Rockefeller impersonator who defrauded Hollywood celebrities. Joseph Rothe, of Fonthill, Ontario, ordered to pay $500,000 in restitution, received a four-year prison sentence, along with Ewaryst Prokofiew, of Mississauga, Ontario, in the biggest GST fraud in Canadian history. Code named Project Phantom for the lengthy police investigation [13], the organizers lined up a steady supply of vehicles that were to be sold at the auctions. The cars never materialized and were never purchased. But the operators of the fraud claimed that they had been sold, and because of the natives' tax-exempt status were able to claim the GST exemption. Authorities could only guess at the full loss sustained by the Canada Revenue Agency. Madam Justice Lynda Templeton of Superior Court said the scheme siphoned at least $11-million from Ottawa, possibly a great deal more. [14] Scott W. Rothstein, a disbarred lawyer from Ft. Lauderdale, Florida, who perpetrated a Ponzi scheme which defrauded investors of over $1 billion. Michael Sabo, best known as a check, stocks and bonds forger. He became notorious in the 1960s throughout the 1990s as a "Great Impostor" over 100 aliases, and earned millions from such. John Spano, a struggling businessman who faked massive success in an attempt to buy out the New York Islanders of the NHL. John Stonehouse, the last Postmaster-General of the UK and MP who faked his death to marry his mistress. Kevin Trudeau, US writer and billiards promoter, convicted of fraud and larceny in 1991, known for a series of late-night infomercials and his series of books about "Natural Cures "They" Don't Want You to Know About". Andrew Wakefield, UK physician who claimed links between the MMR vaccine, autism and inflammatory bowel disease. He was found guilty of dishonesty in his research and banned from medicine by the UK General Medical Council following an investigation by Brian Deer of the London Sunday Times. Richard Whitney, who stole from the New York Stock Exchange Gratuity Fund in the 1930s. Robert Douglas Hartmann, an American con man & felon implicated in a real estate mortgage investment Ponzi scheme which defrauded both private lenders & banks in excess of $34 million.
23
Related
Apart from fraud, there are several related categories of intentional deceptions that may or may not include the elements of personal gain or damage to another individual: obstruction of justice 18 U.S.C.704 [15] which criminalizes false representation of being been awarded any decoration or medal authorized by Congress for the Armed Forces of the United States
Fraud
24
Notes
[1] fraud. Dictionary.com. Dictionary.com Unabridged. Random House, Inc. http:/ / dictionary. reference. com/ browse/ fraud (accessed: January 17, 2011). [2] Report to the Nations on Occupational Fraud and Abuse (http:/ / www. acfe. com/ rttn/ 2010-highlights. asp). Association of Certified Fraud Examiners. 2010. p. 4. . [3] Tax Fraud and the Problem of a Constitutionality Acceptable Definition of Religion. BJ Casino - American Criminal Law. Rev., 1987 [4] Morlan v. Kelly, No. 2009-UP-002, SC Supreme Court, 2009 (http:/ / www. judicial. state. sc. us/ opinions/ displayUnPubOpinion. cfm?caseNo=2009-UP-002) [5] Schnellmann v. Roettger, 373 S.C. 379, 382, 645 S.E.2d 239, 241 (2007) (http:/ / www. judicial. state. sc. us/ opinions/ displayOpinion. cfm?caseNo=4074) [6] http:/ / www. actionfraud. org. uk/ [7] http:/ / www. farberfinancial. com/ news-events/ case-studies/ whitewashed/ [8] retrieved on March 19, 2009 (http:/ / money. cnn. com/ 2009/ 03/ 19/ news/ hedge_fund_fraud/ index. htm?postversion=2009031914) [9] Lozano, Juan A. (17 October 2006). "Judge vacates conviction of Ken Lay" (http:/ / www. cbsnews. com/ stories/ 2006/ 10/ 17/ ap/ business/ mainD8KQMS5O0. shtml). Associated Press. . [10] Nicole Muehlhausen, BIO: Tom Petters (http:/ / kstp. com/ article/ stories/ s592708. shtml?cat=63), KSTP.com, September 24, 2008. Retrieved October 8, 2008. [11] Tom Petters Resigns As Petters Group CEO (http:/ / wcco. com/ business/ tom. petters. ceo. 2. 828534. html), WCCO.com, September 29, 2008. Retrieved October 8, 2008. [12] Hughes, Art (December 2, 2009). "UPDATE 2-Tom Petters found guilty of Ponzi scheme fraud" (http:/ / www. reuters. com/ article/ idUSN024978920091202). Reuters (Thomson Reuters). . Retrieved December 10, 2009. [13] http:/ / www. cbc. ca/ canada/ story/ 2004/ 07/ 12/ gst_ont040712. html [14] http:/ / www. wikidfranchise. org/ 20040714-two-get [15] http:/ / www. law. cornell. edu/ uscode/ 18/ 704. html
References
Fred Cohen Frauds, Spies, and Lies - and How to Defeat Them. ISBN 1-878109-36-7 (2006). ASP Press. Review Fraud - Alex Copola (http://www.wcl.american.edu/journal/lawrev/48/48-4.cfm) Podgor, Ellen S. Criminal Fraud, (1999) Vol, 48, No. 4 American Law Review 1. The Nature, Extent and Economic Impact of Fraud in the UK. Feb,2007. (http://www.acpo.police.uk/asp/ policies/Data/Fraud in the UK.pdf) The Fraudsters - How Con Artists Steal Your Money (http://www.dilloninvestigates.com/index_files/Page390. htm)(ISBN 978-1-903582-82-4) by Eamon Dillon, published September 2008 by Merlin Publishing
External links
Association of Certified Fraud Examiners (http://www.acfe.com/) Immigration Marriage Fraud Amendments of 1986 (http://www.uscis.gov/propub/ProPubVAP. jsp?dockey=e95bc8f7591b3c6caa51b7cc51f8d255) FBI Home page for fraud (http://www.fbi.gov/majcases/fraud/fraudschemes.htm) U.S. Department of Justice Fraud Section (http://justice.gov/criminal/fraud)
Ponzi scheme
25
Ponzi scheme
A Ponzi scheme is a fraudulent investment operation that pays returns to separate investors, not from any actual profit earned by the organization, but from their own money or money paid by subsequent investors. The Ponzi scheme usually entices new investors by offering returns other investments cannot guarantee, in the form of short-term returns that are either abnormally high or unusually consistent. The perpetuation of the returns that a Ponzi scheme advertises and pays requires an ever-increasing flow of money from investors to keep the scheme going. The system is destined to collapse because the earnings, if any, are less than the payments to investors. Usually, the scheme is interrupted by legal authorities before it collapses because a Ponzi scheme is suspected or because the promoter is selling unregistered securities. As more investors become involved, the likelihood of the scheme coming to the attention of authorities increases. While the system eventually will collapse under its own weight, the example of Bernard Madoff's 1910 police mugshot of Charles Ponzi. investment scandal demonstrates the ability of a Ponzi scheme to delude both individual and institutional investors as well as securities authorities for long periods: Madoff's variant of the Ponzi scheme stands as the largest financial investor fraud committed by a single person in history. Prosecutors estimate losses at Madoff's hand totaling roughly $21 billion, as estimated by the money invested by his victims. If the promised returns are added, the losses amount to $64.8 billion, but a New York court dismissed this estimation method during the Madoff trial. The scheme is named after Charles Ponzi[1] who became notorious for using the technique in early 1920. Ponzi did not invent the scheme (for example Charles Dickens' 1857 novel Little Dorrit described such a scheme decades before Ponzi was born), but his operation took in so much money that it was the first to become known throughout the United States. Ponzi's original scheme was based on the arbitrage of international reply coupons for postage stamps, however he soon diverted investors' money to support payments to earlier investors and himself. Knowingly entering a Ponzi scheme, even at the last round of the scheme, can be rational economically if there is a reasonable expectation that government or other person or organisation will bail out those participating in the scheme.[2]
Hypothetical example
Suppose an advertisement is placed that promises extraordinary returns on an investment for example, 20 percent on a 30-day contract. The objective is usually to deceive laymen who have no in-depth knowledge of finance or financial jargon. Verbal constructions that sound impressive but are essentially meaningless will be used to dazzle investors: terms such as "hedge futures trading," "high-yield investment programs," "offshore investment" might be used. The promoter will then proceed to sell stakes to investorswho are essentially victims of a confidence trickby taking advantage of a lack of investor knowledge or competence. Claims of a "proprietary" investment strategy, which must be kept secret to ensure a competitive edge, may also be used to hide the nature of the scheme. Without the benefit of precedent or objective prior information about the investment, only a few investors are tempted, usually for small sums. Thirty days later, the investor receives the original capital plus the 20 percent return. At this point, the investor will have more incentive to put in additional money and, as word begins to spread, other investors grab the "opportunity" to participate, leading to a cascade effect deriving from the promise of
Ponzi scheme extraordinary returns. However, the "return" to the initial investors is being paid out of the investments of new entrants, and not out of profits. One reason that the scheme initially works so well is that early investors, those who actually got paid the large returns, commonly reinvest their money in the scheme (it does, after all, pay out much better than any alternative investment). Thus, those running the scheme do not actually have to pay out very much (net); they simply have to send statements to investors showing them how much they earned by keeping the money, maintaining the deception that the scheme is a fund with high returns. Promoters also try to minimize withdrawals by offering new plans to investors, often where money is frozen for a longer period of time, in exchange for higher returns. The promoter sees new cash flows as investors are told they could not transfer money from the first plan to the second. If a few investors do wish to withdraw their money in accordance with the terms allowed, the requests are usually promptly processed, which gives the illusion to all other investors that the fund is solvent.
26
Similar schemes
A pyramid scheme is a form of fraud similar in some ways to a Ponzi scheme, relying as it does on a mistaken belief in a nonexistent financial reality, including the hope of an extremely high rate of return. However, several characteristics distinguish these schemes from Ponzi schemes: In a Ponzi scheme, the schemer acts as a "hub" for the victims, interacting with all of them directly. In a pyramid scheme, those who recruit additional participants benefit directly. (In fact, failure to recruit typically means no investment return.) A Ponzi scheme claims to rely on some esoteric investment approach (insider connections, etc.) and often attracts well-to-do investors; whereas pyramid schemes explicitly claim that new money will be the source of payout for the initial investments. A pyramid scheme is bound to collapse much faster because it requires exponential increases in participants to sustain it. By contrast, Ponzi schemes can survive simply by persuading most existing participants to "reinvest" their money, with a relatively small number of new participants. A bubble: A bubble is similar to a Ponzi scheme in that one participant gets paid by contributions from a subsequent participant (until inevitable collapse), but it is not the same as a Ponzi scheme. A bubble involves ever-rising prices in an open market (for example stock, housing, or tulip bulbs) where prices rise because buyers bid more because prices are rising. Bubbles are often said to be based on the "greater fool" theory. As with the Ponzi scheme, the price exceeds the intrinsic value of the item, but unlike the Ponzi scheme, there is no person
Ponzi scheme misrepresenting the intrinsic value. With the greater fool theory in mind, some may invest even though they believe the securities are overpriced due to a bubble. "Robbing Peter to pay Paul": When debts are due and the money to pay them is lacking, whether because of bad luck or deliberate theft, debtors often make their payments by borrowing or stealing from other investors they have. It does not follow that this is a Ponzi scheme, because from the basic facts set out there is no indication that the lenders were promised unrealistically high rates of return via claims of unusual financial investments. Nor (from these basic facts) is there any indication that the borrower (banker) is progressively increasing the amount of borrowing ("investing") to cover payments to initial investors.
27
References
[1] "Ponzi Schemes" (http:/ / web. archive. org/ web/ 20041001-20051231re_/ http:/ / www. ssa. gov/ history/ ponzi. html). US Social Security Administration. . Retrieved 2008-12-24. [2] Bhattacharya, Utpal (2003). "The optimal design of Ponzi schemes in finite economies". Journal of Financial Intermediation 12: 224. doi:10.1016/S1042-9573(02)00007-4.
Further reading
Dunn, Donald (2004). Ponzi: The Incredible True Story of the King of Financial Cons (Library of Larceny) (Paperback). New York: Broadway. ISBN0767914996. Zuckoff, Mitchell (2005). Ponzis Scheme: The True Story of a Financial Legend. Random House. ISBN1400060397.
External links
What is a Ponzi scheme? (http://www.mijiki.com/what-is-a-ponzi-scheme.html) Ponzi scheme definition with distinctions, history, and other information] Ponzi scheme (http://dillonthompson.com/wp-content/uploads/2010/09/ponzi.swf) Illustration of a Ponzi scheme The Ponzi Scheme and Tax Loss (http://www.ponzischemetaxloss.com) Describing tax recovery methods.
Pyramid scheme
28
Pyramid scheme
A pyramid scheme is a non-sustainable business model that involves promising participants payment, services or ideals, primarily for enrolling other people into the scheme or training them to take part, rather than supplying any real investment or sale of products or services to the public. Pyramid schemes are a form of fraud.[1] [2] Pyramid schemes are illegal in many countries including Albania, Denmark, Australia[3] , Brazil, Bulgaria, Canada, The unsustainable exponential progression of a classic pyramid scheme China[4] , Colombia[5] , Dominican Republic[6] , Estonia[7] , France, Germany, Hungary, Iceland, Iran[8] , Italy[9] , Japan,[10] , Malaysia, Mexico, Nepal, The Netherlands[11] , New Zealand[12] , Norway[13] , the Philippines[14] , Poland, Portugal, Romania,[15] , South Africa[16] , Spain, Sri Lanka[17] , Switzerland, Taiwan, Thailand[18] , Turkey[19] , the United Kingdom, and the United States[20] . These types of schemes have existed for at least a century, some with variations to hide their true nature, and many people believe that multilevel marketing is also a pyramid scheme.[21] [22] [23] [24]
Pyramid scheme
29
The "eight-ball" model contains a total of fifteen members. Note that unlike in the picture, the triangular setup in the cue game of eight-ball corresponds to an arithmetic progression 1 + 2 + 3 + 4 + 5 = 15. The pyramid scheme in the picture in contrast is a geometric progression 1 + 2 + 4 + 8 = 15.
The eight passengers must each pay (or "gift") a sum (e.g. $1000) to join the scheme. This sum (e.g. $8000) goes to the captain who leaves, with everyone remaining moving up one tier. There are now two new captains so the group splits in two with each group requiring eight new passengers. A person who joins the scheme as a passenger will not see a return until they advance through the crew and co-pilot tiers and exit the scheme as a captain. Therefore, the participants in the bottom 3 tiers of the pyramid lose their money if the scheme collapses. If a person is using this model as a scam, the confidence trickster would make the lion's share of the money. They would do this by filling in the first 3 tiers (with 1, 2, and 4 people) with phony names, ensuring they get the first 7 payouts, at 8 times the buy-in sum, without paying a single penny themselves. So if the buy-in were $1000, they would receive $8,000, paid for by the first 8 investors. They would continue to buy in underneath the real investors, and promote and prolong the scheme for as long as possible to allow them to skim even more from it before it collapses. Although the 'Captain' is the person at the top of the tree, having received the payment from the 8 paying passengers, once he or she leaves the scheme is able to re-enter the pyramid as a 'Passenger' and hopefully recruit enough to reach captain again, thereby earning a second payout.
Matrix schemes
Matrix schemes use the same fraudulent non-sustainable system as a pyramid; here, the participants pay to join a waiting list for a desirable product which only a fraction of them can ever receive. Since matrix schemes follow the same laws of geometric progression as pyramids, they are subsequently as doomed to collapse. Such schemes operate as a queue, where the person at head of the queue receives an item such as a television, games console, digital camcorder, etc. when a certain number of new people join the end of the queue. For example ten joiners may be required for the person at the front to receive their item and leave the queue. Each joiner is required to buy an expensive but potentially worthless item, such as an e-book, for their position in the queue. The scheme organizer profits because the income from joiners far exceeds the cost of sending out the item to the person at the front. Organizers can further profit by starting a scheme with a queue with shill names that must be cleared out before
Pyramid scheme genuine people get to the front. The scheme collapses when no more people are willing to join the queue. Schemes may not reveal, or may attempt to exaggerate, a prospective joiner's queue position which essentially means the scheme is a lottery. Some countries have ruled that matrix schemes are illegal on that basis.
30
Some believe MLMs in general are nothing more than legalized pyramid schemes[21] [22] [23] [24] making the issue of a particular MLM being legal or not moot.
Pyramid scheme
31
Others
The 1997 rebellion in Albania was partially motivated by the collapse of pyramid schemes. In early 2006 , Ireland was hit by a wave of schemes with major activity in Cork and Galway. Participants were asked to contribute 20,000 each to a "Liberty" scheme which followed the classic eight-ball model. Payments were made in Munich, Germany to skirt Irish tax laws concerning gifts. Spin-off schemes called "Speedball" and "People in Profit" prompted a number of violent incidents and calls were made by politicians to tighten existing legislation.[37] Ireland has launched a website to better educate consumers to pyramid schemes and other scams.[38] On 12 November 2008, riots broke out in the municipalities of Pasto, Tumaco, Popayan and Santander de Quilichao, Colombia after the collapse of several pyramid schemes. Thousands of victims had invested their money in pyramids that promised them extraordinary interest rates. The lack of regulation laws allowed those pyramids to grow excessively during several years. Finally, after the riots, the Colombian government was forced to declare the country in economical emergency to seize and stop those schemes. Several of the pyramid's managers were arrested, and these are being prosecuted for the crime of "illegal massive money reception."[39] The Kyiv Post reported on 26 November 2008 that American citizen Robert Fletcher (Robert T. Fletcher III; aka "Rob") was arrested by the SBU (Ukraine State Police) after being accused by Ukrainian investors of running a Ponzi scheme and associated pyramid scam netting US$20 million. (The Kiev Post also reports that some estimates are as high as US$150M.)
In popular culture
The feature film Children of Invention tells the story of a mother who gets entangled in a pyramid scheme. The novel Welcome to the N.H.K. features a story arc wherein the main character is caught up in a crooked multi-level marketing scam called 'Mouse Road'. On the NBC sitcom The Office, it is revealed that Michael Scott did not attend college because he lost all his tuition money in a pyramid scheme. At a later date, the same character unintentionally attempts to recruit members of his staff into selling calling cards, not realizing that he had been conned into a pyramid scheme until it is made clear by an employee.
References
[1] Common Fraud Schemes: Pyramid Scheme (http:/ / www. fbi. gov/ majcases/ fraud/ fraudschemes. htm#pyramid) Federal Bureao of Investigation [2] Debra A. Valentine (1998-05-13). "Pyramid Schemes" (http:/ / www. ftc. gov/ speeches/ other/ dvimf16. shtm). United States Federal Trade Commission. . Retrieved 2010-09-01. [3] Trade Practices Amendment Act (No. 1) 2002 (http:/ / www. comlaw. gov. au/ comlaw/ Legislation/ Act1. nsf/ 0/ 5A0DC6C047FFEA5ACA256F72000F75F1/ $file/ 1282002. pdf) Trade Practices Act 1974 (Cth) ss 65AAA - 65AAE, 75AZO [4] Regulations for the Prohibition of Pyramid Sales (http:/ / tradeinservices. mofcom. gov. cn/ en/ b/ 2005-08-23/ 24294. shtml) [5] "Colombia scam: 'I lost my money'" (http:/ / news. bbc. co. uk/ 1/ hi/ world/ americas/ 7736124. stm). BBC News. November 18, 2008. . Retrieved April 12, 2010. [6] "Proyecto De Ley Que Prohbe La Venta Bajo El Esquema Piramidal" (http:/ / www. camaradediputados. gov. do/ masterlex/ mlx/ docs/ 24/ 106/ 1BA5/ 5FFE/ 6000. pdf) (in Spanish). . [7] "Tarbijakaitseseadus [The Consumer Protection Law of Estonia]" (https:/ / www. riigiteataja. ee/ ert/ act. jsp?id=13328494) (in Estonian). 12(8) #14. . Retrieved October 11, 2010. [8] Key GoldQuest members arrested in Iran Airport (http:/ / www. presstv. ir/ detail. aspx?id=113056& sectionid=3510212) [9] Legge 17 agosto 2005, n. 173 (http:/ / www. parlamento. it/ parlam/ leggi/ 05173l. htm) (Italian) [10] (http:/ / law. e-gov. go. jp/ htmldata/ S53/ S53HO101. html) (in Japanese) [11] Sentence by the High Council of the Netherlands regarding a pyramid scheme (http:/ / zoeken. rechtspraak. nl/ resultpage. aspx?snelzoeken=true& searchtype=ljn& ljn=AR8424& u_ljn=AR8424) [12] Laws and Regulations Covering Multi-Level Marketing Programs and Pyramid Schemes (http:/ / www. consumerfraudreporting. org/ pyramidschemes_laws. htm) Consumer Fraud Reporting.com [13] Lovdata.no (http:/ / www. lovdata. no/ all/ tl-19950224-011-004. html#16)
Pyramid scheme
[14] NYtimes.com (http:/ / query. nytimes. com/ gst/ fullpage. html?res=9C05E4DA1539F933A05750C0A9659C8B63), "Investors in Philippine Pyramid Scheme Lose over $2 Billion" [15] Explozia piramidelor (http:/ / www. ziua. ro/ display. php?data=2006-07-12& id=203369) Ziarul Ziua, 12.07.2006 [16] Whitecollarcrime.co.za (http:/ / www. whitecollarcrime. co. za/ news. php?item. 95), Pyramid Schemes [17] Pyramid Schemes Illegal Under Section 83c of the Banking Act of Sri Lanka (http:/ / www. documents. gov. lk/ Acts/ 2006/ Banking (Amendment) Act No. 15 of 2006/ Banking (Amendment) Act (E). pdf) Department of Government Printing, Sri Lanka [18] TDSA.gov (http:/ / www. tdsa. org/ download/ piramid. pdf), by Thai Direct Selling Association (in Thai) [19] Saadet zinciri operasyonu: 60 gzalt (http:/ / www. cnnturk. com/ 2010/ turkiye/ 05/ 14/ saadet. zinciri. operasyonu. 60. gozalti/ 576283. 0/ index. html) [20] Pyramid Schemes (http:/ / www. ftc. gov/ speeches/ other/ dvimf16. shtm) Debra A. Valentine, General Counsel, Federal Trade Commission [21] Carroll, Robert Todd (2003). The Skeptic's Dictionary: A Collection of Strange Beliefs, Amusing Deceptions, and Dangerous Delusions. Wiley. pp.235. ISBN0471272426. [22] Coenen, Tracy (2009). Expert Fraud Investigation: A Step-by-Step Guide. Wiley. pp.168. ISBN0470387963. [23] Ogunjobi, Timi (2008). SCAMS - and how to protect yourself from them. Tee Publishing. pp.1319. [24] Salinger (Editor), Lawrence M. (2005). Encyclopedia of White-Collar & Corporate Crime. 2. Sage Publishing. pp.880. ISBN0761930043. [25] Pyramid selling scam that preys on women to be banned (http:/ / www. guardian. co. uk/ uk/ 2001/ aug/ 05/ tracymcveigh. theobserver) [26] Pyramid Schemes, May 13, 1998" (http:/ / www. ftc. gov/ speeches/ other/ dvimf16. shtm) Federal Trade Commission [27] Edwards, Paul (1997). Franchising & licensing: two powerful ways to grow your business in any economy. Tarcher. pp.356. ISBN0874778980. [28] Clegg, Brian (2000). The invisible customer: strategies for successive customer service down the wire. Kogan Page. pp.112. ISBN074943144X. [29] Higgs, Philip; Smith, Jane (2007). Rethinking Our World. Juta Academic. pp.30. ISBN0702172553. [30] Kitching, Trevor (2001). Purchasing scams and how to avoid them. Gower Publishing Company. pp.4. ISBN0566082810. [31] Mendelsohn, Martin (2004). The guide to franchising. Cengage Learning Business Press. pp.36. ISBN1844801624. [32] Blythe, Jim (2004). Sales & Key Account Management. Cengage Learning Business Press. pp.278. ISBN1844800237. [33] Facts for Consumers; The Bottom Line About Multilevel Marketing Plans and Pyramid Schemes (http:/ / www. ftc. gov/ bcp/ edu/ pubs/ consumer/ invest/ inv08. shtm) Federal Trade Commission [34] Facts for Consumers; The Bottom Line About Multilevel Marketing Plans and Pyramid Schemes (http:/ / www. ftc. gov/ bcp/ edu/ pubs/ consumer/ invest/ inv08. shtm) Federal Trade Commission [35] http:/ / www. fbi. gov/ scams-safety/ fraud [36] FTC Charges Internet Mall Is a Pyramid Scam (http:/ / www. ftc. gov/ opa/ 2003/ 07/ nexgen. htm) Federal Trade Commission [37] Garda hold firearm after pyramid scheme incident (http:/ / archives. tcm. ie/ irishexaminer/ 2006/ 03/ 23/ story514972170. asp) Irish Examiner [38] National Consumer Agency Ireland (http:/ / www. consumerconnect. ie/ eng/ ) [39] Colombians riot over pyramid scam (http:/ / news. bbc. co. uk/ 2/ hi/ americas/ 7726069. stm). Colombia: BBC news. Nov 13, 2008. .
32
The Fraudsters - How Con Artists Steal Your Money Chapter 9, Pyramids of Sand (ISBN 978-1-903582-82-4) by Eamon Dillon, published September 2008 by Merlin Publishing, Ireland
External links
An information graphic that describes a pyramid scheme (http://dillonthompson.com/wp-content/uploads/ 2010/09/pyramid1.swf) FTC consumer complaint form (https://www.ftccomplaintassistant.gov/) Article by Financial Crimes Investigator, Bill E. Branscum (http://www.fraudsandscams.com/pyramid.htm) Spoof article (http://www.mr-shouty-trousers.com/ You-re-only-5-Minutes-Away-From-Becoming-a-Millionaire) IMF feature on "The Rise and Fall of Albania's Pyramid Schemes" (http://www.imf.org/external/pubs/ft/ fandd/2000/03/jarvis.htm) Cockeyed.com presents: Pyramid Schemes (http://www.cockeyed.com/ebay/scam/laptop_pyramids.html) A description of the 8-ball model and matrix schemes which is a close cousin to pyramid schemes. National Consumer Agency on Pyramid Schemes (http://www.consumerconnect.ie/eng/Hot_Topics/Scams/ Pyramid Schemes/) - Irish consumer site describes two local pyramid schemes and offers advice to would-be participants.
Pyramid scheme PyramidSim.com (http://www.pyramidsim.com/index.php) simulation, graphing and calculation of various pyramid schemes. National Consumer Agency Ireland (http://www.consumerconnect.ie/eng/) Australian Trade Practices Amendment Act (No. 1) 2002 (http://www.comlaw.gov.au/comlaw/Legislation/ Act1.nsf/0/5A0DC6C047FFEA5ACA256F72000F75F1/$file/1282002.pdf) Australian Law Online Public Warning on Pyramid Schemes (http://www.cbsl.gov.lk/pics_n_docs/02_prs/_docs/notices/ notice_20070430.pdf) Central Bank of Sri Lanka
33
Soapy Smith
34
Soapy Smith
Jefferson Randolph "Soapy" SmithII
Soapy Smith Born Died November 2, 1860Coweta County, Georgia July 8, 1898 (aged37)Skagway, Alaska
Occupation confidence man, gambler, saloon proprietor Spouse Children Parents Mary Eva Noonan Jefferson Randolph Smith III, Mary Eva Smith, James Luther Smith Jefferson Randolph Smith I Emily Dawson Edmondson
Jefferson Randolph "Soapy" Smith II (November 2, 1860 July 8, 1898) was an American con artist and gangster who had a major hand in the organized criminal operations of Denver, Colorado; Creede, Colorado; and Skagway, Alaska, from 1879 to 1898. He was killed in the famed Shootout on Juneau Wharf. He is perhaps the most famous confidence man of the old west.
Early years
Jefferson Smith was born in Coweta County, Georgia, to a family of education and wealth. His grandfather was a plantation owner and his father a lawyer.[1] The family met with financial ruin at the close of the American Civil War. In 1876 they moved to Round Rock, Texas, to start anew.[2] Smith left his home shortly after the death of his mother, but not before witnessing the shooting of the outlaw Sam Bass.[3] It was in Fort Worth, Texas, that Jefferson Smith began his career as a confidence man. He formed a close-knit, disciplined gang of shills and thieves to work for him. Soon he became a well-known crime boss, known as the "king of the frontier con men".[4]
Career
Smith spent the next 22 years as a professional bunko man and boss of an infamous gang of swindlers. They became known as the Soap Gang, and included famous men such as Texas Jack Vermillion and Ed "Big Ed" Burns.[4] [5] The gang moved from town to town, plying their trade on their unwary victims. Their principal method of separating victims from their cash was the use of "short cons", swindles that were quick and needed little setup and few helpers. The short cons included the shell game, three-card monte, and any game in which they could cheat.
Soapy Smith
35
Tivoli Club
In 1888 Soapy opened the Tivoli Club, on the southeast corner of Market and 17th streets, a saloon and gambling hall. Legend has it that above the entrance was a sign that read caveat emptor, Latin for "Let the buyer beware".[10] Soapy's younger brother, Bascomb Smith, joined the gang and operated a cigar store that was a "front" for dishonest poker games and other swindles, operating in one of the back rooms.[11] Other "businesses" included fraudulent lottery shops, a "sure-thing" stock exchange, fake watch and bogus diamond auctions, and the sale of stocks in nonexistent businesses.
Soapy Smith
36
Creede, Colorado
In 1892, with Denver in the midst of anti-gambling and saloon reforms, Smith sold the Tivoli and moved to Creede, Colorado, a mining boomtown that had formed around a major silver strike. Using Denver-based prostitutes to cozy up to property owners and convince them to sign over leases, he acquired numerous lots along Creede's main street, renting them to his associates.[14] Once having gained enough allies, he announced that he was the camp boss. With brother-in-law and gang member William Sidney "Cap" Light as deputy sheriff, Soapy began his second empire, opening a gambling hall and saloon called the Orleans Club.[15] He purchased and briefly exhibited a petrified man nicknamed "McGinty" for an admission of 10 cents. While customers were waiting in line to pay their dime, Soapy's shell and three-card monte games were winning dollars out of their pockets.[16] Smith provided an order of sorts, protecting his friends and associates from the town's council and expelling violent troublemakers. Many of the influential newcomers were sent to meet him. Soapy grew rich in the process, but again was known to give money away freely, using it to build churches, help the poor, and to bury unfortunate prostitutes. Creede's boom very quickly waned and the corrupt Denver officials sent word that the reforms there were coming to an end. Soapy took McGinty back to Denver. He left at the right time, as Creede soon lost most of its business district in a huge fire on 5 June 1892. Amongst the buildings lost was the Orleans Club.[17]
Back to Denver
On his return to Denver, Smith opened new businesses that were nothing more than fronts for his many short cons. One of these sold discounted railroad tickets to various destinations. Potential purchasers were told that the ticket agent was out of the office, but would soon return, and then offered an even bigger discount by playing any of several rigged games.[18] Soapy's power grew to the point that he admitted to the press that he was a con man and saw nothing wrong with it. In 1896 he told a newspaper reporter, "I consider bunco steering more honorable than the life led by the average politician."[19] Colorado's new governor Davis Hanson Waite, elected on a Populist Party reform platform, fired three Denver officials whom he felt were not abiding by his new mandates. They refused to leave their positions and were quickly joined by others who felt their jobs were threatened. The governor called out the state militia to assist removing those fortified in city hall. The military brought with them two cannon and two Gatling guns. Soapy joined in with the corrupt officeholders and police at the hall and found himself commissioned as a deputy sheriff. He and several of his men climbed to the top of City Hall's central tower with rifles and dynamite to fend off any attackers.[20] Cooler heads prevailed, however, and the struggle over corruption was fought in the courts, not on the streets. Soapy Smith was an important witness in court.
Soapy Smith Governor Waite agreed to withdraw the militia and allow the Colorado Supreme Court to decide the case. The court ruled that the governor had authority to replace the commissioners, but he was reprimanded for bringing in the militia, in what became known as the "City Hall War".[21] Waite ordered the closure of all Denver's gambling dens, saloons and bordellos. Soapy exploited the situation, using the recently acquired deputy sheriff's commissions to perform fake arrests in his own gambling houses, apprehending patrons who had lost large sums in rigged poker games.[22] The victims were happy to leave when the "officers" allowed them to walk away from the crime scene rather than be arrested, naturally without recouping their losses. Eventually, Soapy and his brother Bascomb Smith became too well known, and even the most corrupt city officials could no longer protect them. Their influence and Denver-based empire began to crumble. When they were charged with attempted murder for the beating of a saloon manager, Bascomb was jailed, but Soapy managed to escape, becoming a wanted man in Colorado. Lou Blonger and his brother Sam, rivals of the Soap Gang, acquired his former control of Denver's criminals.[23] Before leaving, Soapy tried to perform a swindle started in Mexico, where he tried to convince President Porfirio Diaz that his country needed the services of a foreign legion made up of American toughs. Soapy became known as Colonel Smith, and managed to organize a recruiting office before the deal failed.[24]
37
Soapy Smith On 4 July 1898, Soapy rode as marshal of the Fourth Division of the parade, not grand marshal (Daily Alaskan, July 2, 1898), leading his army on his gray horse. Not exactly a place of honor, the last division of the parade, after all the horses had deposited their manure. On the grandstand, he sat beside the territorial governor and other officials.
38
Death
On 7 July 1898, John Douglas Stewart, a returning Klondike miner, came to Skagway with a sack of gold valued at $2,700 ($71,093 in 2009 dollars.[33] ) Three gang members convinced the miner to participate in a game of three-card monte. When Stewart balked at having to pay his losses, the three men grabbed the sack and ran. The "Committee of 101" demanded that Soapy return the gold, but he refused, claiming that Stewart had lost it "fairly". On the evening of 8 July 1898, the vigilantes organized a meeting on the Juneau Company wharf. With a Winchester rifle draped over his shoulder, Soapy began an argument with Frank Reid, one of four guards blocking his way to the wharf. A gunfight, known as the Shootout on Juneau Wharf began unexpectedly, and both men were fatally wounded.
Newspaper headline of the fight.
Soapy's last words were "My God, don't shoot!"[34] Letters from J. M. Tanner, one of the guards with Reid that night, indicate that another guard fired the fatal shot.[35] Soapy died on the spot with a bullet to the heart. He also received a bullet in his left leg and a severe wound on the left arm by the elbow. Reid died 12 days later with a bullet in his leg and groin area. The three gang members who robbed Stewart received jail sentences. Soapy Smith was buried several yards outside the city cemetery. Every year on 8 July, wakes are held around the United States in Soapy's honor.[36] His grave and saloon are on most tour itineraries of Skagway.
Popular culture
Festivals
Skagway, Alaska, 8 July is the annual (since 1974) Soapy Smith Wake, which is held at the Eagles Hall. This event used to take place at Soapy's graveside in the city cemetery but is now held in the downtown area. Magic Castle, Hollywood, California, 8 July is the annual Soapy Smith Party, complete with costume contests, charity gambling, and magic shows.
Frank Reid's grave
Soapy Smith
39
Fiction
In at least one episode of the radio drama Challenge of the Yukon, Sergeant Preston of the North-West Mounted Police travels to Skagway and confronts Soapy. In the John M. Ford Star Trek novel How Much for Just the Planet?, a Federation exploration and prospecting starship is named USS Jefferson Randolph Smith. (NCC-29402) Sulek-class, under the command of Captain Tatyana Trofimov. Soapy Smith is the villain in the Lucky Luke album Le Klondike, by Morris, Yann and Jean Lturgie. The story features Smith's saloon and fake telegraph, but set in Dawson rather than Skagway. A fictionalized version of Soapy Smith (and his death) features in George Markstein's 1978 novel Tara Kane. Soapy Slick is the crooked saloon operator and profiteer, based on Soapy Smith, in the Uncle Scrooge comic series. In the 1994 video game The Yukon Trail, the player meets Soapy and his gang. If the player plays Soapy's shell game, Soapy will swindle the player out of any money the player bets. Smith is mentioned in James A. Michener's novel Alaska. Soapy Sid is a character in P.G. Wodehouse's short story Pearls Mean Tears. Bertie Wooster is vacationing in France with his Aunt Agatha when Agatha's pearls go missing. The main villain of the 1978 novel Yukon Gold by William D. Blankenship. He is the villain in the novel Lili Klondike by Mylne Gilbert-Dumas. He appears in Denver, Colorado in Jack Black's autobiography, You Can't Win. [37]
Movies
By year of release: The Girl Alaska (1919) This film is believed to be the first portrayal of Soapy Smith. The film was shown in a theater in St. Louis, where Soapy's widow and son lived and caused them enough grief for them to sue the production company. Call of the Wild 20th Century Pictures. Harry Woods portrays Soapy. Honky Tonk (1941) Clark Gable portrayed Soapy Smith in this MGM film, Honky Tonk. Due to legal pressures from the descendants, the name "Soapy Smith" was changed to "Candy Johnson." The Great Jesse James Raid (1953) Earl Hodgins portrays Soapy. The Far Country (1955) John McIntire portrays a likable badman, clearly, but loosely based on Soapy Smith. The film, starring James Stewart, is set in Skagway, Alaska during the Klondike gold rush. Two-Way Stretch (1960) Soapy Stevens is a dishonest merchant and bogus vicar played by Wilfred Hyde-White in this British comedy. Klondike Fever (1980) Rod Steiger portrays Soapy in a Canadian produced, fictional adaptation of the adventures of Jack London. The Sting (prequel) (1983) This film was never produced, due to the failure of the sequel. Soapy Smith was to be portrayed as the mentor of Henry Gondorff (Paul Newman).
Television
The Alaskans (19591960). Actor John Dehner portrayed Soapy. In one episode, "Remember the Maine", the story of the Skaguay Military Company is dramatized. Alias Smith and Jones (19711972). Actor Sam Jaffe portrayed Soapy in three episodes: "The Great Shell Game" (aired February 18, 1971), "A Fistful of Diamonds" (aired March 4, 1971), and "Bad Night in Big Butte" (aired March 2, 1972). "The Saga of Soapy Smith" (1968) An episode on Bill Burrud's, Treasure!.
Soapy Smith Deadwood (20042006) Gill Gayle plays the Huckster, a prize soap package salesman based on Soapy, in all three seasons.
40
Other
The Ballad of Soapy Smith (1983) A play by Michael Weller featuring Denis Arndt as Soapy.[38] "The Ballad of Soapy Smith" (1965) A song by Al Oster, Northland Music Company (Call of Alaska, FR-1009). Soapy Smith's Pioneer Restaurant 543 2nd Avenue, Fairbanks, AK 99701-4728 "The Days of 98 Show with Soapy Smith" Eagles Hall, Gold Rush Productions Inc., Skagway,AK.
Soapy Smith
41
Further reading
Collier, William R. and Edwin V. Westrate, The Reign of Soapy Smith: Monarch of Misrule, New York: Doubleday, Doran, 1935. Pullen, Harriet S., Soapy Smith Bandit of Skagway: How He Lived; How He Died, Stroller's Weekly Print, undated (early 1900s). Robertson, Frank G. and Beth Kay Harris, Soapy Smith: King of the Frontier Con Men, New York: Hastings House, 1961. Shea & Patten, The Soapy Smith Tragedy, The Daily Alaskan Print, 1907. Smith, Jeff, Alias Soapy Smith: The Life and Death of a Scoundrel, Juneau, Alaska: Klondike Research (http:// www.klondikeresearch.com/order.html), 2009. ISBN 0-9819743-0-9
External links
Friends of Bad Man Soapy Smith (http://www.soapysmith.net/) - website for The Soapy Smith Preservation Trust. Soapy Smith's Soap Box (http://soapysmiths.blogspot.com/) - New found information pertaining to Soapy Smith. Run by a descendant. Magic Castle (http://www.magiccastle.com/ama/eventphotos.cfm) - Photographs taken at the 20032010 Soapy Smith annual wakes. Find A Grave (http://www.findagrave.com/cgi-bin/fg.cgi?page=gr&GRid=958&pt= Jefferson 'Soapy' Smith/) - Leave a message on Soapy's virtual gravesite. Owlhoots of the Old West (http://www.mtnguy.com/owlhoots/smith.htm) Denver history (http://www.denvergov.org/aboutdenver/history_char_smith.asp) Leadville.com (http://www.leadville.com/history/soapy.htm) Alaska's Villains Vamps and Vagabonds (http://www.margaretdeefholts.com/soapysmith.html) Soapy Smith and the Blonger Bros. (http://www.blongerbros.com/news/Lou_Soapy.asp) The "Sure Thing" man. (http://www.tombstonetimes.com/stories/soapy.html) Photo of group of vigilantes in Skagway about to go after Soapy Smith and his gang (http://content.lib. washington.edu/cdm4/item_viewer.php?CISOROOT=/alaskawcanada&CISOPTR=279&CISOBOX=1& REC=14), U.Wash Digital Collections
Franchise fraud
42
Franchise fraud
Franchise fraud is defined by the United States Federal Bureau of Investigation as a pyramid scheme.
Franchise fraud "[T]he gag order . . . prohibits me from being able to answer questions, you know, and give cautionary remarks to other people who might be considering the franchise that I was with." "the use of gag orders is almost 100 percent in some franchise systems." "Three franchisees Raymond Buckley, Roger C. Haines, and David E. Myklebustbelieved that they were kept in the dark about the failure of their franchisors system due to confidentiality clauses imposed on current and former franchisees." "confidentiality clauses "typically release the franchisor from legal liability and bar the franchisee (under threat of legal action) from making any oral or written statements about the franchise system or their experience with the franchised business. The purpose of such clauses is to shut down any negative public comment about the franchise system." "franchisee, related: "I had spoken to some of the franchisees that had left the system. I now feel certain that they painted a picture that was not close to being the truth based on the gag order that [the franchisor] imposed. Had I gotten the truth from these people, my decision certainly would have been different. Every franchisee leaving the system has had a gag order placed on them, making it impossible for current and future franchisees to get the facts." By having former franchisees under a gag order, franchisors that practice business franchise fraud or franchise churning "inhibit prospective franchisees from learning the truth about the franchising opportunity as they conduct their due diligence investigation of a franchise offer." (page 15505 of the Federal Register Franchise Rule)
43
Franchise fraud
44
Indiana
In Indiana fraud, deceit, and misrepresentation during the process of franchise contract formation or performance is actionable at civil law under the Indiana Franchise Act. There is no general right of action, only a specific right of private action by a party on the aforementioned grounds. The scope of franchise fraud is also narrower than the scope of ordinary common law fraud action. The Indiana Supreme Court holds that "the circumstances of fraud would be the time, the place, the substance of the false representations, the facts mispresented, and the identification of what was procured by the fraud. [ However,] the plaintiff in a franchise fraud action must nevertheless plead the facts and circumstances alleged to constitute fraud, deceit, or misrepresentation with at least the same degree of particularity and detail as would be necessary to maintain an action for common law fraud".[10] Also held by the Supreme Court is that scienter is not an element of franchise fraud. Nor does failure to disclose on the part of a franchisor a pending civil lawsuit at the time of making a franchise agreement constitute franchise fraud, so long as any such representations as to legal action are not relied upon by either party as part of their decision-making process. Statements by the franchisor as to potential earnings by the franchisee do not constitute franchise fraud, since they do not constitute a material (mis-)representation of past or existing facts.[11] Civil action under the Franchise Disclosure Act must be brought within three years of discovery of the violation. Action brought under the Deceptive Franchise Practices Act must be brought within two.[11]
References
[1] FBI Common Fraud Schemes (http:/ / www. fbi. gov/ scams-safety/ fraud). Fbi.gov. Retrieved on 2010-12-06. [2] "AN OVERVIEW OF FRANCHISE REGULATION IN THE UNITED STATES" (http:/ / www. franchiselawsource. com/ overview_franchise_regulation. html). Franchise Law Source. Kern & Hillman LLC. . [3] Franchise and Business Opportunities | BCP Business Center (http:/ / business. ftc. gov/ documents/ inv07-franchise-and-business-opportunities). Business.ftc.gov. Retrieved on 2010-12-06. [4] FTC Issues Updated Franchise Rule (http:/ / www. ftc. gov/ opa/ 2007/ 01/ franchiserule. shtm). Ftc.gov. Retrieved on 2010-12-06. [5] http:/ / www. corp. ca. gov/ srd/ ccfil. asp [6] http:/ / www. leginfo. ca. gov/ cgi-bin/ calawquery?codesection=corp& codebody=& hits=20 [7] http:/ / www. leginfo. ca. gov/ cgi-bin/ waisgate?WAISdocID=31520114725+ 1+ 0+ 0& WAISaction=retrieve [8] http:/ / www. leginfo. ca. gov/ cgi-bin/ displaycode?section=corp& group=31001-32000& file=31210-31211 [9] http:/ / www. leginfo. ca. gov/ cgi-bin/ displaycode?section=corp& group=31001-32000& file=31220 [10] Garner 2001, pp.278279. [11] Garner 2001, p.279.
Bibliography
Garner, W. Michael (2001). "Indiana". Franchise desk book: selected state laws, commentary and annotations (2nd ed.). American Bar Association. ISBN9781570739729.
Further reading
Books and papers
Purvin, Robert (2008). The Franchise Fraud: How to protect yourself before and after you invest (2008 ed.). John Wiley & Sons. p.307. ISBN9781419688621. Bertrand, Marsha (1999). Fraud! How to Protect Yourself from Schemes, Scams, and Swindles (1999 ed.). Amcom American Management Association. p.307. ISBN9780814470329. Bertrand, Marsha (2000). "Have I Got a Franchise for You! Be Your Own Boss, Easy Money..." (http://www. businessweek.com/smallbiz/news/coladvice/book/bk991029.htm). Fraud! How to Protect Yourself from Schemes, Scams, and Swindles. AMACOM. ISBN9780814470329. "Rules and Regulations" (http://www.ftc.gov/os/fedreg/2007/march/070330franchiserulefrnotice. pdf#page=102) (PDF). Federal Register 72 (61): 1554415575. 30 March 2007.
Franchise fraud
45
Newspapers
Bradsher, Keith (1999-03-21). "Fax Corp. Is Accused of Franchise Fraud" (http://www.nytimes.com/1990/03/ 21/business/fax-corp-is-accused-of-franchise-fraud.html). The New York Times. Mencimer, Stephanie (February 2009). "Franchise Fraud: Wake Up and Smell the Fine Print" (http:// motherjones.com/politics/2009/02/franchise-fraud-wake-and-smell-fine-print). MotherJones. "Franchise Fraud: Hard to Swallow" (http://motherjones.com/politics/2009/02/franchise-fraud-hard-swallow). MotherJones. February 2009. "Report: Speedy Sign-A-Rama, USA" (http://www.ripoffreport.com/Franchises/Speedy-Sign-A-Rama-U/ sign-a-rama-speedy-sign-a-rama-2a266.htm). Ripoff Report. 2010-05-20. Maze, Jonathan (May 2008). "Developers of Dagwood's Sandwich sue for fraud" (http://www.franchisetimes. com/content/story.php?article=00871). Franchise Times. Mount, Ian (2008-02-29). "New franchise rule: More disclosure, same high risks" (http://money.cnn.com/ 2008/02/29/smbusiness/franchising.fsb/index.htm). Fortune.
White-collar crime
46
White-collar crime
Criminology and penology Theories Anomie Differential association theory Deviance Labeling theory Psychopathy Rational choice theory (criminology) Social control theory Social disorganization theory Social learning theory Strain theory Subcultural theory Symbolic interactionismVictimology Types of crimes Blue-collar crimeCorporate crime Juvenile crime Organized crime Political crimePublic order crime Public order case law in the U.S. State crimeState-corporate crime White-collar crimeVictimless crime Penology DeterrencePrison Prison reformPrisoner abuse Prisoners' rightsRehabilitation RecidivismRetribution Utilitarianism
Criminal justice portal
Within the field of criminology, white-collar crime has been defined by Edwin Sutherland as "a crime committed by a person of respectability and high social status in the course of his occupation" (1939). Sutherland was a proponent of Symbolic Interactionism, and believed that criminal behavior was learned from interpersonal
White-collar crime interaction with others. White-collar crime, therefore, overlaps with corporate crime because the opportunity for fraud, bribery, insider trading, embezzlement, computer crime, copyright infringement, money laundering, identity theft, and forgery are more available to white-collar employees.
47
Historical background
The term white-collar crime only dates back to 1939. Professor Edwin Hardin Sutherland was the first to coin the term, and hypothesize white-collar criminals attributed different characteristics and motives than typical street criminals. Mr. Sutherland originally presented his theory in an address to the American Sociological Society in attempt to study two fields, crime and high society, which had no previous empirical correlation. He defined his idea as "crime committed by a person of respectability and high social status in the course of his occupation" (Sutherland, 1939). Many denote the invention of Sutherland's idiom to the explosion of U.S business in the years following the Great Depression. Sutherland noted that in his time, "less than two percent of the persons committed to prisons in a year belong to the upper-class." His goal was to prove a relation between money, social status, and likelihood of going to jail for a white-collar crime, compared to more visible, typical crimes. Although the percentage is a bit higher today, numbers still show a large majority of those in jail are poor, "blue-collar" criminals, despite efforts to crack down on white-collar, and corporate crime. Other fiscal laws were passed in the years prior to Sutherland's studies including antitrust laws in the 1920's, and social welfare laws in the 1930's. After the Depression, people went to great lengths to rebuild their financial security, and it is theorized this led many hard workers, who felt they were underpaid, to take advantage of their positions. Much of Sutherland's work was to separate and define the differences in blue collar street crimes, such as arson, burglary, theft, assault, rape and vandalism, which are often blamed on psychological, associational, and structural factors. Instead, white-collar criminals are opportunists, who over time learn they can take advantage of their circumstances to accumulate financial gain. They are educated, intelligent, affluent, confident individuals, who were qualified enough to get a job which allows them the unmonitored access to often large sums of money. Many also use their intelligence to con their victims into believing and trusting in their credentials. Many do not start out as criminals, and in many cases never see themselves as such.[1]
Definitional issues
Modern criminology generally rejects a limitation of the term by reference, rather classifies the type of crime and the topic: By the type of offense, e.g. property crime, economic crime, and other corporate crimes like environmental and health and safety law violations. Some crime is only possible because of the identity of the offender, e.g. transnational money laundering requires the participation of senior officers employed in banks. But the Federal Bureau of Investigation has adopted the narrow approach, defining white-collar crime as "those illegal acts which are characterized by deceit, concealment, or violation of trust and which are not dependent upon the application or threat of physical force or violence" (1989, 3). This approach is relatively pervasive in the United States, the record-keeping does not adequately collect data on the socioeconomic status of offenders which, in turn, makes research and policy evaluation problematic. While the true extent and cost of white-collar crime are unknown, it is estimated to cost the United States somewhere between $300-$660 billion annually, according to the FBI (Lane and Wall 2006, cited; in Friedrichs, 2007, p46). By the type of offender, e.g. by social class or high socioeconomic status, the occupation of positions of trust or profession, or academic qualification, researching the motivations for criminal behavior, e.g. greed or fear of loss of face if economic difficulties become obvious. Shover and Wright (2000) point to the essential neutrality of a crime as enacted in a statute. It almost inevitably describes conduct in the abstract, not by reference to the character of the persons performing it. Thus, the only way that one crime differs from another is in the
White-collar crime backgrounds and characteristics of its perpetrators. Most if not all white-collar offenders are distinguished by lives of privilege, much of it with origins in class inequality. By organizational culture rather than the offender or offense which overlaps with organized crime. Appelbaum and Chambliss (1997, 117) offer a twofold definition: Occupational crime which occurs when crimes are committed to promote personal interests, say, by altering records and overcharging, or by the cheating of clients by professionals. Organizational or corporate crime which occurs when corporate executives commit criminal acts to benefit their company by overcharging or price fixing, false advertising, etc.
48
State-corporate crime
The negotiation of agreements between a state and a corporation will be at a relatively senior level on both sides, this is almost exclusively a white-collar "situation" which offers the opportunity for crime. White-collar crime has become a priority of law enforcement[2] When senior levels of a corporation engage in criminal activity using the company this is sometimes called control fraud.
White-collar crime Leap, Terry L. (2007) Dishonest Dollars: The Dynamics of White-Collar Crime. Ithaca: Cornell University Press. ISBN 978-0-8014-4520-0 Newman, Graeme R. & Clarke, Ronald V. (2003). Superhighway Robbery: Preventing E-commerce Crime. Portland, Or: Willan Publishing. ISBN 1-84392-018-2 Reiman, J. (1998). The Rich get Richer and the Poor get Prison. Boston: Allyn & Bacon. Pontell, H. & Tillman, R. (1998). Profit Without Honor: White-collar Crime and the Looting of America. Upper Saddle River, NJ: Prentice Hall. Shapiro, Susan P. (1990). "Collaring the Crime, not the Criminal: Reconsidering the Concept of White-collar Crime", American Sociological Review 55: 346-65. Simon, D. & Eitzen, D. (1993). Elite Deviance. Boston: Allyn & Bacon. Simon, D. & Hagan, F. (1999). White-collar Deviance. Boston: Allyn & Bacon Shover, Neal & Wright, John Paul (eds.) (2000). Crimes of Privilege: Readings in White-Collar Crime. Oxford: Oxford University Press. ISBN 0-19-513621-7 Sutherland, Edwin Hardin (1949). White Collar Crime. New York: Dryden Press. Thiollet, J.P. (2002). Beau linge et argent sale Fraude fiscale internationale et blanchiment des capitaux, Paris, Anagramme ed. ISBN 2 914571178 U.S. Department of Justice, Federal Bureau of Investigation (1989). White Collar Crime: A Report to the Public. Washington, D.C.: Government Printing Office.
49
References
[1] [2] [3] [4] [5] Providence.edu (http:/ / www. providence. edu/ polisci/ students/ corporate_crime/ history. htm) .Charles Anzalone, "White-Collar Crime Has Become Priority of Law Enforcement" FBI.com (http:/ / www. fbi. gov/ ucr/ whitecollarforweb. pdf) http:/ / www. dilloninvestigates. com/ index_files/ Page390. htm Blueyonder.do.uk (http:/ / www. bunker8. pwp. blueyonder. co. uk/ misc/ crimgov. htm)
External links
White Collar Crime Legal Blog (http://lawprofessors.typepad.com/whitecollarcrime_blog/) National White Collar Crime Center (http://www.nw3c.org/) White Collar Crime Blog for Public (http://informant.nw3c.org/)
50
Living people
Frank Abagnale (1948): U.S. check forger and impostor; his autobiography was made into the movie Catch Me If You Can.[11] Marc Dreier (1950): Managing founder of Attorney firm Dreir LLP. Prosecutors allege that from 2004 through December 2008, he sold approximately $700 million worth of fictitious promissory notes.[12] Robert Hendy-Freegard (1971): Briton who kidnapped people by impersonating an MI5 agent and conned them out of money.[13] James Arthur Hogue (1959): U.S. impostor who most famously entered Princeton University by posing as a self-taught orphan[14] Bernard Madoff (1938): Former American stock broker, investment adviser, and non-executive chairman of the NASDAQ stock market who admitted to the operation of the largest Ponzi scheme in history[15] Matt the Knife (1981): American-born con artist, card cheat and pickpocket who, from the ages of approximately 14 through 21, bilked dozens of casinos, corporations and at least one Mafia crime family.[16] [17] [18] Barry Minkow (1967): Known for the ZZZZ Best scam.[19] Richard Allen Minsky (1944): Scammed female victims for sex by pretending to be jailed family members over the phone.[20]
List of real-life con artists Kevin Trudeau (1963): US writer and billiards promoter, convicted of fraud and larceny in 1991, known for a series of late-night infomercials and his series of books about "Natural Cures "They" Don't Want You to Know About".[21] [22] [23] Jonny Craig (1986): Singer of the alternative bands Dance Gavin Dance and Emarosa, in early 2011 Craig convinced numerous fans to send him money in exchange for a MacBook laptop. The laptop was never sent out, and it is estimated that he pocketed at least $6,000 USD from the illicit dealings.[24]
51
References
[1] Oxford Dictionary of National Biography, Oxford University Press, Sept 2004; Paul Hopkins and Stuart Handley, 'Chaloner, William (d. 1699)' (http:/ / www. oxforddnb. com/ view/ article/ 66841,) [2] "Document of the Month January 2005" (http:/ / www. scotland. gov. uk/ News/ News-Extras/ docJan2005). The Scottish Executive. January 2005. . Retrieved 19 August 2007. [3] Maurer, David W. (1940). The Big Con: The Story of the Confidence Man and the Confidence Game. Bobbs Merrill. ISBN0-7869-1850-8 [4] Johnson, James F.; Miller, Floyd (1961). The Man Who Sold the Eiffel Tower. Doubleday [5] Cohen, Gabriel (27 November 2005). "For You, Half Price" (http:/ / www. nytimes. com/ 2005/ 11/ 27/ nyregion/ thecity/ 27brid. html?ex=1290747600& en=d5b19f580f176c64& ei=5090& partner=rssuserland& emc=rss). The New York Times. . Retrieved 19 August 2007. [6] Zuckoff, Mitchell (March 8, 2005). Ponzi's Scheme: The True Story of a Financial Legend. Random House. ISBN1-4000-6039-7 [7] "Arrest of the Confidence Man" (http:/ / chnm. gmu. edu/ lostmuseum/ lm/ 328/ ). New York Herald. 1849. . Retrieved 19 August 2007. [8] Weil, Joseph (1948). "Yellow Kid" Weil: The Autobiography of America's Master Swindler. Ziff-Davis. ISBN0-7812-8661-1 [9] "The Fund Industry's Black Eye" (http:/ / www. stocksandnews. com/ wall-street-history. php?aid=MTA0N19XUw==). Brian Trumbore, StocksandNews.com. 2002-04-19. . Retrieved 19 August 2007. [10] Lozano, Juan A. (17 October 2006). "Judge vacates conviction of Ken Lay" (http:/ / www. cbsnews. com/ stories/ 2006/ 10/ 17/ ap/ business/ mainD8KQMS5O0. shtml). Associated Press. . [11] Frank W. Abagnale Jr.; with Stan Redding (1980). Catch Me if You Can. New York: Simon & Schuster. ISBN0-671-64091-7. [12] "N.Y. lawyer arraigned in alleged $700M fraud" (http:/ / money. cnn. com/ 2009/ 03/ 19/ news/ hedge_fund_fraud/ index. htm?postversion=2009031914). CNNMoney.com. March 19, 2009. . Retrieved 2011-02-14. [13] "Fake spy guilty of kidnapping con" (http:/ / news. bbc. co. uk/ 1/ hi/ england/ nottinghamshire/ 4114640. stm). BBC. 2005-06-23. . Retrieved 19 August 2007. [14] "Princeton 'Student' Gets Jail Sentence" (http:/ / www. nytimes. com/ 1992/ 10/ 25/ nyregion/ princeton-student-gets-jail-sentence. html). The New York Times. 1992-10-25. . Retrieved 19 August 2007. [15] "Madoff Confessed $50 Billion Fraud Before FBI Arrest" (http:/ / www. bloomberg. com/ apps/ news?pid=newsarchive& sid=atUk. QnXAvZY). Bloomberg. 2008-12-12. . Retrieved 26 August 2010. [16] "American Voices". American Voices. October 12, 2008. [17] Schwartz, Dan (August 2007). "From Grifter To Guinness". Providence Monthly: 14. [18] Perry, Rachel (January 17, 2007). "Matt The Knife: Fire-Teething Never Looked So Good". Play (Philadelphia Edition): 1012. [19] "It Takes One To Know One". [ Minutes (http:/ / www. cbsnews. com/ stories/ 2005/ 05/ 19/ 60minutes/ main696669. shtml|60)]. May 22, 2005. [20] Gorman, Anna (2001-12-01). "Rapist in Sex Scam Case Sentenced to Life in Prison" (http:/ / articles. latimes. com/ 2001/ dec/ 01/ local/ me-10262). Los Angeles Times. . Retrieved 2010-06-27. [21] King Con -- Selling Questionable Cures?. January 20, 2006. Retrieved on 2011-02-14. [22] Warner, Melanie (August 28, 2005). "After Jail and More, Salesman Scores Big With Cure-All Book" (http:/ / www. nytimes. com/ 2005/ 08/ 28/ business/ media/ 28trudeau. html?_r=2& oref=slogin). New York Times. . [23] "FTC: Marketer Kevin Trudeau Violated Prior Court Order" (http:/ / www. ftc. gov/ opa/ 2007/ 09/ trudeau. shtm). Federal Trade Commission. September 14, 2007. . Retrieved 2011-02-14. [24] "The fallacies of social networking...a fan shares his story." (http:/ / grafwall. indiestar. tv/ 2011/ 02/ fallacies-of-social-networkinga-fan. html). Indiestar.tv. February 18,2011. .
Scam baiting
52
Scam baiting
Scam baiting is a form of Internet vigilantism where the vigilante poses as a potential victim to the scammer in order to waste their time and resources, gather information that will be of use to authorities, or publicly humiliate the scammer. It is, in essence, a form of social engineering that may have an altruistic motive or may be motivated by malice. It is primarily used to thwart the 419 Nigerian advance-fee scam and can be done either out of a sense of civic duty or as a form of amusement. Scam baiting is usually done simply by gaining access to an e-mail address that has already been targeted by scammers, which given the prevalence of the spam is not a difficult proposition. Once access is gained, the baiter impersonates a person that is receptive to the financial hook that the scammer is using. The objective is to keep the scam going as long as possible, costing the scammer time and energy. Secondary goals include gathering as much information as possible to share with authorities. Amusement that the baiter may gain from the interaction include fooling the scammer into falling for claims just as ludicrous as the ones that the scammer is using to bilk the victim of money. Many baiters will use joke names (Hugh Janus, Jenny Talwarts, Dick Head and so on) which while obviously ludicrous to a native or fluent English speaker will go unnoticed by the scammer. Similarly baiters may introduce characters and even plot-lines from movies or television shows for comedic effect. In February 2011, the Belgian television show Basta portraited with hidden cameras how a scammer was fooled during a meeting with baiters, raising the stakes by involving a one-armed man, two dwarves and a pony. Eventually, a police raid was faked, during which the baiters were arrested and the scammer went free, abandoning the money, and without any suspicion.[1]
References
[1] Pest eens een internetfraudeur (http:/ / www. youtube. com/ watch?v=FsIAfvcC52E) Basta on YouTube (in Dutch)
53
References
[1] Ellison, David (August 18, 2008). "Don't get duped by back-to-school 'scad'" (http:/ / blogs. chron. com/ consumerwatch/ 2008/ 08/ dont_get_duped_by_backtoschool_1. html). Houston Chronicle. . Retrieved 2009-04-13. [2] Brendler, Beau (July 24, 2008). "Protecting Brands from Bogus Sponsored Links" (http:/ / blog. consumerwebwatch. org/ 2008/ 07/ industry_group_wants_to_protec. html). Consumer Reports WebWatch. . Retrieved 2009-04-13. [3] Finney, Michael (December 29, 2009). "Bait-and-switch scams move to Internet" (http:/ / abclocal. go. com/ kgo/ story?section=news/ 7_on_your_side& id=6577060). ABC KGO-TV Seven On Your Side. . Retrieved 2009-04-13. [4] Edelman, Ben; Rosenbaum, Hannah (June 4, 2007). "The State of Search Engine Safety. McAfee Inc." (http:/ / www. siteadvisor. com/ studies/ search_safety_may2007). McAfee Site Advisor. . Retrieved 2009-04-13. [5] Keats, Shane (February 3, 2006). "How Much Does 'Free' Cost?" (http:/ / blog. siteadvisor. com/ 2006/ 02/ how_would_you_like_to_pay_3795. shtml). McAfee SiteAdvisor Blog. . Retrieved 2009-04-13.
54
Payloads
Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.[1] While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. Social Engineering has also been employed by bill collectors, skiptracers, and bounty hunters. "Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick. The term had previously been associated with the social sciences, but its usage has caught on among computer professionals.[2]
Pretexting
Pretexting is the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances. It is more than a simple lie, as it most often involves some prior research or setup and the use of prior information for impersonation (e.g., date of birth, Social Security Number, last bill amount) to establish legitimacy in the mind of the target.[4] This technique can be used to trick a business into disclosing customer information as well as by private investigators to obtain telephone records, utility records, banking records and other information directly from junior company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager, e.g., to make account changes, get specific balances, etc. Pretexting has been an observed law enforcement technique, under the auspices of which, a law officer may leverage the threat of an alleged infraction to detain a suspect for questioning and conduct close inspection of a vehicle or premises.
Social engineering (security) Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, or insurance investigators or any other individual who could have perceived authority or right-to-know in the mind of the targeted victim. The pretexter must simply prepare answers to questions that might be asked by the victim. In some cases all that is needed is a voice that sounds authoritative, an earnest tone, and an ability to think on one's feet.
55
Diversion theft
Diversion theft, also known as the "Corner Game"[5] or "Round the Corner Game", originated in the East End of London. In summary, diversion theft is a "con" exercised by professional thieves, normally against a transport or courier company. The objective is to persuade the persons responsible for a legitimate delivery that the consignment is requested elsewhere hence, "round the corner". With a load/consignment redirected, the thieves persuade the driver to unload the consignment near to, or away from, the consignee's address, in the pretense that it is "going straight out" or "urgently required somewhere else". The "con" or deception has many different facets, which include social engineering techniques to persuade legitimate administrative or traffic personnel of a transport or courier company to issue instructions to the driver to redirect the consignment or load. Another variation of diversion theft is stationing a security van outside a bank on a Friday evening. Smartly dressed guards use the line "Night safe's out of order, Sir". By this method shopkeepers etc. are gulled into depositing their takings into the van. They do of course obtain a receipt but later this turns out to be worthless. A similar technique was used many years ago to steal a Steinway grand piano from a radio studio in London. "Come to overhaul the piano, guv" was the chat line. The social engineering skills of these thieves are well rehearsed, and are extremely effective. Most companies do not prepare their staff for this type of deception.
Phishing
Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate businessa bank, or credit card companyrequesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimatewith company logos and contentand has a form requesting everything from a home address to an ATM card's PIN. For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user's account was about to be suspended unless a link provided was clicked to update a credit card (information that the genuine eBay already had). Because it is relatively simple to make a Web site resemble a legitimate organization's site by mimicking the HTML code, the scam counted on people being tricked into thinking they were being contacted by eBay and subsequently, were going to eBay's site to update their account information. By spamming large groups of people, the "phisher" counted on the e-mail being read by a percentage of people who already had listed credit card numbers with eBay legitimately, who might respond. IVR or phone phishing This technique uses a rogue Interactive voice response (IVR) system to recreate a legitimate-sounding copy of a bank or other institution's IVR system. The victim is prompted (typically via a phishing e-mail) to call in to the "bank" via a (ideally toll free) number provided in order to "verify" information. A typical system will reject log-ins continually, ensuring the victim enters PINs or passwords multiple times, often disclosing several different passwords. More advanced systems transfer the victim to the attacker posing as a customer service agent for further questioning.
Social engineering (security) One could even record the typical commands ("Press one to change your password, press two to speak to customer service"...) and play back the direction manually in real time, giving the appearance of being an IVR without the expense. Phone phishing is also called vishing. Baiting Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or greed of the victim.[6] In this attack, the attacker leaves a malware infected floppy disk, CD ROM, or USB flash drive in a location sure to be found (bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and curiosity-piquing label, and simply waits for the victim to use the device. For example, an attacker might create a disk featuring a corporate logo, readily available from the target's web site, and write "Executive Salary Summary Q2 2010" on the front. The attacker would then leave the disk on the floor of an elevator or somewhere in the lobby of the targeted company. An unknowing employee might find it and subsequently insert the disk into a computer to satisfy their curiosity, or a good samaritan might find it and turn it in to the company. In either case as a consequence of merely inserting the disk into a computer to see the contents, the user would unknowingly install malware on it, likely giving an attacker unfettered access to the victim's PC and perhaps, the targeted company's internal computer network. Unless computer controls block the infection, PCs set to "auto-run" inserted media may be compromised as soon as a rogue disk is inserted.
56
Other types
Common confidence tricksters or fraudsters also could be considered "social engineers" in the wider sense, in that they deliberately deceive and manipulate people, exploiting human weaknesses to obtain personal benefit. They may, for example, use social engineering techniques as part of an IT fraud. A very recent type of social engineering techniques include spoofing or hacking IDs of people having popular e-mail IDs such as Yahoo!, GMail, Hotmail, etc. Among the many motivations for deception are: Phishing credit-card account numbers and their passwords. Hacking private e-mails and chat histories, and manipulating them by using common editing techniques before using them to extort money and creating distrust among individuals. Hacking websites of companies or organizations and destroying their reputation. Computer virus hoaxes
57
Countermeasures
Organizations must decide which information is sensitive. Then they must tell their employees which information is sensitive. Employees must be trained to verify the identity of a person who request sensitive information. If that person's identity cannot be verified, then the employee must be trained to politely refuse the request. Security must be tested periodically, and these tests must be unannounced.[9]
Badir Brothers
Brothers Ramy, Muzher, and Shadde Badirall of whom were blind from birthmanaged to set up an extensive phone and computer fraud scheme in Israel in the 1990s using social engineering, voice impersonation, and Braille-display computers.[11]
Federal legislation
The 1999 "GLBA" is a U.S. Federal law that specifically addresses pretexting of banking records as an illegal act punishable under federal statutes. When a business entity such as a private investigator, SIU insurance investigator, or an adjuster conducts any type of deception, it falls under the authority of the Federal Trade Commission (FTC). This federal agency has the obligation and authority to ensure that consumers are not subjected to any unfair or deceptive business practices. US Federal Trade Commission Act, Section 5 of the FTCA states, in part: "Whenever the Commission shall have reason to believe that any such person, partnership, or corporation has been or is using any unfair method of competition or unfair or deceptive act or practice in or affecting commerce, and if it shall appear to the Commission that a proceeding by it in respect thereof would be to the interest of the public, it shall issue and serve upon such person, partnership, or corporation a complaint stating its charges in that respect." The statute states that when someone obtains any personal, non-public information from a financial institution or the consumer, their action is subject to the statute. It relates to the consumer's relationship with the financial institution. For example, a pretexter using false pretenses either to get a consumer's address from the consumer's bank, or to get a consumer to disclose the name of his or her bank, would be covered. The determining principle is that pretexting only occurs when information is obtained through false pretenses. While the sale of cell telephone records has gained significant media attention, and telecommunications records are the focus of the two bills currently before the United States Senate, many other types of private records are being
Social engineering (security) bought and sold in the public market. Alongside many advertisements for cell phone records, wireline records and the records associated with calling cards are advertised. As individuals shift to VoIP telephones, it is safe to assume that those records will be offered for sale as well. Currently, it is legal to sell telephone records, but illegal to obtain them.[14]
58
Hewlett Packard
Patricia Dunn, former chairman of Hewlett Packard, reported that the HP board hired a private investigation company to delve into who was responsible for leaks within the board. Dunn acknowledged that the company used the practice of pretexting to solicit the telephone records of board members and journalists. Chairman Dunn later apologized for this act and offered to step down from the board if it was desired by board members.[15] Unlike Federal law, California law specifically forbids such pretexting. The four felony charges brought on Dunn were dismissed.[16]
In popular culture
In the film Hackers, the protagonist used pretexting when he asked a security guard for the telephone number to a TV station's modem while posing as an important executive. In Jeffrey Deaver's book The Blue Nowhere, social engineering to obtain confidential information is one of the methods used by the killer, Phate, to get close to his victims. In the movie Live Free or Die Hard, Justin Long is seen pretexting that his father is dying from a heart attack to have a BMW Assist representative start what will become a stolen car. In the movie Sneakers, one of the characters poses as a low level security guard's superior in order to convince him that a security breach is just a false alarm. In the movie The Thomas Crown Affair, one of the characters poses over the telephone as a museum guard's superior in order to move the guard away from his post. In the James Bond movie Diamonds Are Forever, Bond is seen gaining entry to the Whyte laboratory with a then-state-of-the-art card-access lock system by "tailgating". He merely waits for an employee to come to open the door, then posing himself as a rookie at the lab, fakes inserting a non-existent card while the door is unlocked for him by the employee.
59
References
Notes
[1] Goodchild, Joan (January 11, 2010). "Social Engineering: The Basics" (http:/ / www. csoonline. com/ article/ 514063/ Social_Engineering_The_Basics). csoonline. . Retrieved 14 January 2010. [2] Security engineering:a guide to building dependable distributed systems, second edition, Ross Anderson, Wiley, 2008 - 1040 pages ISBN 978-0-470.06852-6, Chapter 2, page 17 [3] Mitnick, K: "CSEPS Course Workbook" (2004), unit 3, Mitnick Security Publishing. [4] " Pretexting: Your Personal Information Revealed (http:/ / www. ftc. gov/ bcp/ edu/ pubs/ consumer/ credit/ cre10. shtm),"Federal Trade Commission [5] http:/ / trainforlife. co. uk/ onlinecourses. php [6] http:/ / www. darkreading. com/ document. asp?doc_id=95556& WT. svl=column1_1 [7] Office workers give away passwords (http:/ / www. theregister. co. uk/ content/ 55/ 30324. html) [8] Passwords revealed by sweet deal (http:/ / news. bbc. co. uk/ 1/ hi/ technology/ 3639679. stm) [9] Mitnick, K., & Simon, W. (2005). The Art Of Intrusion. Indianapolis, IN: Wiley Publishing. [10] Mitnick, K: "CSEPS Course Workbook" (2004), p. 4, Mitnick Security Publishing. [11] http:/ / www. wired. com/ wired/ archive/ 12. 02/ phreaks_pr. html [12] Restatement 2d of Torts 652C. [13] Congress outlaws pretexting (http:/ / arstechnica. com/ news. ars/ post/ 20061211-8395. html), Eric Bangeman, 12/11/2006 11:01:01, Ars Technica [14] Mitnick, K (2002): "The Art of Deception", p. 103 Wiley Publishing Ltd: Indianapolis, Indiana; United States of America. ISBN 0-471-23712-4 [15] HP chairman: Use of pretexting 'embarrassing' (http:/ / news. com. com/ HP+ chairman+ Use+ of+ pretexting+ embarrassing/ 2100-1014_3-6113715. html?tag=nefd. lede) Stephen Shankland, 2006-09-08 1:08 PM PDT CNET News.com [16] Calif. court drops charges against Dunn (http:/ / news. cnet. com/ Calif. -court-drops-charges-against-Dunn/ 2100-1014_3-6167187. html)
Further reading
Boyington, Gregory. (1990). Baa Baa Black Sheep Published by Bantam Books ISBN 0-553-26350-1 Harley, David. 1998 Re-Floating the Titanic: Dealing with Social Engineering Attacks (http:// smallbluegreenblog.files.wordpress.com/2010/04/eicar98.pdf) EICAR Conference. Laribee, Lena. June 2006 Development of methodical social engineering taxonomy project (http://faculty.nps. edu/ncrowe/oldstudents/laribeethesis.htm) Master's Thesis, Naval Postgraduate School. Leyden, John. April 18, 2003. Office workers give away passwords for a cheap pen (http://www.theregister.co. uk/2003/04/18/office_workers_give_away_passwords/). The Register. Retrieved 2004-09-09. Long, Johnny. (2008). No Tech Hacking - A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing Published by Syngress Publishing Inc. ISBN 978-1-59749-215-7 Mann, Ian. (2008). Hacking the Human: Social Engineering Techniques and Security Countermeasures Published by Gower Publishing Ltd. ISBN 0-566-08773-1 or ISBN 978-0-566-08773-8 Mitnick, Kevin, Kasperaviius, Alexis. (2004). CSEPS Course Workbook. Mitnick Security Publishing. Mitnick, Kevin, Simon, William L., Wozniak, Steve,. (2002). The Art of Deception: Controlling the Human Element of Security Published by Wiley. ISBN 0-471-23712-4 or ISBN 0-7645-4280-X
60
External links
Socialware.ru (http://www.socialware.ru/) - The most major runet community devoted to social engineering. Spylabs on vimeo (http://vimeo.com/spylabs/) - Video chanel devoted to social engineering. Social Engineering Fundamentals (http://www.securityfocus.com/infocus/1527) - Securityfocus.com. Retrieved on August 3, 2009. Social Engineering, the USB Way (http://www.darkreading.com/document.asp?doc_id=95556&WT. svl=column1_1) - DarkReading.com. Retrieved on July 7, 2006. Should Social Engineering be a part of Penetration Testing? (http://www.darknet.org.uk/2006/03/ should-social-engineering-a-part-of-penetration-testing/) - Darknet.org.uk. Retrieved on August 3, 2009. "Protecting Consumers' Phone Records" (http://www.epic.org/privacy/iei/sencomtest2806.html) - US Committee on Commerce, Science, and Transportation. Retrieved on February 8, 2006. Plotkin, Hal. Memo to the Press: Pretexting is Already Illegal (http://www.plotkin.com/blog-archives/2006/ 09/memo_to_the_pre.html). Retrieved on September 9, 2006. Striptease for passwords (http://www.msnbc.msn.com/id/21566341/) - MSNBC.MSN.com. Retrieved on November 1, 2007. Social-Engineer.org (http://www.social-engineer.org) - social-engineer.org. Retrieved on September 16, 2009. (http://www.jocktoday.com/2010/02/08/social-engineering-manipulating-caller-id/) - Social Engineering: Manipulating Caller-Id
Phishing
Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging,[1] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is An example of a phishing e-mail, disguised as an official e-mail from a (fictional) an example of social engineering techniques [2] bank. The sender is attempting to trick the recipient into revealing confidential used to fool users, and exploits the poor information by "confirming" it at the phisher's website. Note the misspelling of the usability of current web security words received and discrepancy. Such mistakes are common in most phishing [3] technologies. Attempts to deal with the emails. Also note that although the URL of the bank's webpage appears to be legitimate, it actually links to the phisher's webpage. growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996. The term is a variant of fishing,[4] probably influenced by phreaking,[5] [6] and alludes to baits used to "catch" financial information and passwords.
Phishing
61
Phishing
62
Phishing techniques
Recent phishing attempts
Phishers are targeting the customers of banks and online payment services. E-mails, supposedly from the Internal Revenue Service, have been used to glean sensitive data from U.S. taxpayers.[16] While the first such examples were sent indiscriminately in the expectation that some would be received by customers of a given bank or service, recent research has shown that phishers may in principle be able to determine which banks potential victims use, and target bogus e-mails accordingly.[17] Targeted versions of phishing have been termed spear phishing.[18] Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks.[19]
A chart showing the increase in phishing reports from October 2004 to June 2005.
Social networking sites are now a prime target of phishing, since the personal details in such sites can be used in identity theft;[20] in late 2006 a computer worm took over pages on MySpace and altered links to direct surfers to websites designed to steal login details.[21] Experiments show a success rate of over 70% for phishing attacks on social networks.[22] The RapidShare file sharing site has been targeted by phishing to obtain a premium account, which removes speed caps on downloads, auto-removal of uploads, waits on downloads, and cooldown times between downloads.[23] Attackers who broke into TD Ameritrade's database (containing all 6.3 million customers' social security numbers, account numbers and email addresses as well as their names, addresses, dates of birth, phone numbers and trading activity) also wanted the account usernames and passwords, so they launched a follow-up spear phishing attack.[24] Almost half of phishing thefts in 2006 were committed by groups operating through the Russian Business Network based in St. Petersburg.[25] Some people are being victimized by a Facebook Scam, the link being hosted by T35 Web Hosting and people are losing their accounts.[26] There are anti-phishing websites which publish exact messages that have been recently circulating the internet, such as FraudWatch International and Millersmiles. Such sites often provide specific details about the particular messages.[27] [28]
Link manipulation
Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the "yourbank" (i.e. phishing) section of the example website. Another common trick is to make the displayed text for a link (the text between the <A> tags) suggest a reliable destination, when the link actually goes to the phishers' site. The following example link, http:/ / en. wikipedia. org/ wiki/ Genuine, appears to take you to an article entitled "Genuine"; clicking on it will in fact take you to the article entitled "Deception". In the lower left hand corner of most browsers you can preview and verify where the link is going to take you.[29] Hovering your cursor over the link for a couple of seconds will do a similar thing. An old method of spoofing used links containing the '@' symbol, originally intended as a way to include a username and password (contrary to the standard).[30] For example, the link
Phishing http://www.google.com@members.tripod.com/ might deceive a casual observer into believing that it will open a page on www.google.com, whereas it actually directs the browser to a page on members.tripod.com, using a username of www.google.com: the page opens normally, regardless of the username supplied. Such URLs were disabled in Internet Explorer,[31] while Mozilla Firefox[32] and Opera present a warning message and give the option of continuing to the site or cancelling. A further problem with URLs has been found in the handling of Internationalized domain names (IDN) in web browsers, that might allow visually identical web addresses to lead to different, possibly malicious, websites. Despite the publicity surrounding the flaw, known as IDN spoofing[33] or homograph attack,[34] phishers have taken advantage of a similar risk, using open URL redirectors on the websites of trusted organizations to disguise malicious URLs with a trusted domain.[35] [36] [37] Even digital certificates do not solve this problem because it is quite possible for a phisher to purchase a valid certificate and subsequently change content to spoof a genuine website.
63
Filter evasion
Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails.[38]
Website forgery
Once a victim visits the phishing website the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar.[39] This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL.[40] An attacker can even use flaws in a trusted website's own scripts against the victim.[41] These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, making it very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal.[42] A Universal Man-in-the-middle (MITM) Phishing Kit, discovered in 2007, provides a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site.[43] To avoid anti-phishing techniques that scan websites for phishing-related text, phishers have begun to use Flash-based websites. These look much like the real website, but hide the text in a multimedia object.[44]
Phone phishing
Not all phishing attacks require a fake website. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts.[45] Once the phone number (owned by the phisher, and provided by a Voice over IP service) was dialed, prompts told users to enter their account numbers and PIN. Vishing (voice phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.[46]
Other techniques
Another attack used successfully is to forward the client to a bank's legitimate website, then to place a popup window requesting credentials on top of the website in a way that it appears the bank is requesting this sensitive information.[47] One of the latest phishing techniques is tabnabbing. It takes advantage of the multiple tabs that users use and silently redirects a user to the affected site.
Phishing Evil twins is a phishing technique that is hard to detect. A phisher creates a fake wireless network that looks similar to a legitimate public network that may be found in public places such as airports, hotels or coffee shops. Whenever someone logs on to the bogus network, fraudsters try to capture their passwords and/or credit card information.
64
Anti-phishing
There are several different techniques to combat phishing, including legislation and technology created specifically to protect against phishing. Most new internet browsers come with anti-phishing software.
Social responses
One strategy for combating phishing is to train people to recognize phishing attempts, and to deal with them. Education can be effective, especially where training provides direct feedback.[56] One newer phishing tactic, which uses phishing e-mails targeted at a specific company, known as spear phishing, has been harnessed to train individuals at various locations, including United States Military Academy at West Point, NY. In a June 2004 experiment with spear phishing, 80% of 500 West Point cadets who were sent a fake e-mail were tricked into revealing personal information.[57] People can take steps to avoid phishing attempts by slightly modifying their browsing habits. When contacted about an account needing to be "verified" (or any other topic used by phishers), it is a sensible precaution to contact the company from which the e-mail apparently originates to check that the e-mail is legitimate. Alternatively, the address that the individual knows is the company's genuine website can be typed into the address bar of the browser, rather than trusting any hyperlinks in the suspected phishing message.[58] Nearly all legitimate e-mail messages from companies to their customers contain an item of information that is not readily available to phishers. Some companies, for example PayPal, always address their customers by their username in e-mails, so if an e-mail addresses the recipient in a generic fashion ("Dear PayPal customer") it is likely to be an attempt at phishing.[59] E-mails from banks and credit card companies often include partial account numbers. However, recent research[60] has shown that the public do not typically distinguish between the first few digits and the last few digits of an account numbera significant problem since the first few digits are often the same for all clients of a financial institution. People can be trained to have their suspicion aroused if the message does not contain any specific personal information. Phishing attempts in early 2006, however, used personalized information, which makes it unsafe to assume that the presence of personal information alone guarantees that a message is legitimate.[61] Furthermore, another recent study concluded in part that the presence of personal
Phishing information does not significantly affect the success rate of phishing attacks,[62] which suggests that most people do not pay attention to such details. The Anti-Phishing Working Group, an industry and law enforcement association, has suggested that conventional phishing techniques could become obsolete in the future as people are increasingly aware of the social engineering techniques used by phishers.[63] They predict that pharming and other uses of malware will become more common tools for stealing information. Everyone can help educate the public by encouraging safe practices, and by avoiding dangerous ones. Unfortunately, even well-known players are known to incite users to hazardous behaviour, e.g. by requesting their users to reveal their passwords for third party services, such as email.[64]
65
Technical responses
Anti-phishing measures have been implemented as features embedded in browsers, as extensions or toolbars for browsers, and as part of website login procedures. The following are some of the main approaches to the problem. Helping to identify legitimate websites Most websites targeted for phishing are secure websites meaning that SSL with strong PKI cryptography is used for server authentication, where the website's URL is used as identifier. In theory it should be possible for the SSL authentication to be used to confirm the site to the user, and this was SSL v2's design requirement and the meta of secure browsing. But in practice, this is easy to trick. The superficial flaw is that the browser's security user interface (UI) is insufficient to deal with today's strong threats. There are three parts to secure authentication using TLS and certificates: indicating that the connection is in authenticated mode, indicating which site the user is connected to, and indicating which authority says it is this site. All three are necessary for authentication, and need to be confirmed by/to the user. Secure Connection The standard display for secure browsing from the mid-1990s to mid-2000s was the padlock. In 2005, Mozilla fielded a yellow URL bar 2005 as a better indication of the secure connection. This innovation was later reversed due to the EV certificates, which replaced certain certificates providing a high level of organization identity verification with a green display, and other certificates with an extended blue favicon box to the left of the URL bar (in addition to the switch from "http" to "https" in the url itself). Which Site The user is expected to confirm that the domain name in the browser's URL bar was in fact where they intended to go. URLs can be too complex to be easily parsed. Users often do not know or recognise the URL of the legitimate sites they intend to connect to, so that the authentication becomes meaningless.[3] A condition for meaningful server authentication is to have a server identifier that is meaningful to the user; many ecommerce sites will change the domain names within their overall set of websites, adding to the opportunity for confusion. Simply displaying the domain name for the visited website[65] as some anti-phishing toolbars do is not sufficient. Some newer browsers, such as Internet Explorer 8, display the entire URL in grey, with just the domain name itself in black, as a means of assisting users in identifying fraudulent URLs. An alternate approach is the petname extension for Firefox which lets users type in their own labels for websites, so they can later recognize when they have returned to the site. If the site is not recognised, then the software may either warn the user or block the site outright. This represents user-centric identity management of server identities.[66] Some suggest that a graphical image selected by the user is better than a petname.[67] With the advent of EV certificates, browsers now typically display the organisation's name in green, which is much more visible and is hopefully more consistent with the user's expectations. Unfortunately, browser vendors have
Phishing chosen to limit this prominent display only to EV certificates, leaving the user to fend for himself with all other certificates. Who is the Authority The browser needs to state who the authority is that makes the claim of who the user is connected to. At the simplest level, no authority is stated, and therefore the browser is the authority, as far as the user is concerned. The browser vendors take on this responsibility by controlling a root list of acceptable CAs. This is the current standard practice. The problem with this is that not all certification authorities (CAs) employ equally good nor applicable checking, regardless of attempts by browser vendors to control the quality. Nor do all CAs subscribe to the same model and concept that certificates are only about authenticating ecommerce organisations. Certificate Manufacturing is the name given to low-value certificates that are delivered on a credit card and an email confirmation; both of these are easily perverted by fraudsters. Hence, a high-value site may be easily spoofed by a valid certificate provided by another CA. This could be because the CA is in another part of the world, and is unfamiliar with high-value ecommerce sites, or it could be that no care is taken at all. As the CA is only charged with protecting its own customers, and not the customers of other CAs, this flaw is inherent in the model. The solution to this is that the browser should show, and the user should be familiar with, the name of the authority. This presents the CA as a brand, and allows the user to learn the handful of CAs that she is likely to come into contact within her country and her sector. The use of brand is also critical to providing the CA with an incentive to improve their checking, as the user will learn the brand and demand good checking for high-value sites. This solution was first put into practice in early IE7 versions, when displaying EV certificates.[68] In that display, the issuing CA is displayed. This was an isolated case, however. There is resistance to CAs being branded on the chrome, resulting in a fallback to the simplest level above: the browser is the user's authority. Fundamental flaws in the security model of secure browsing Experiments to improve the security UI have resulted in benefits, but have also exposed fundamental flaws in the security model. The underlying causes for the failure of the SSL authentication to be employed properly in secure browsing are many and intertwined. Security before threat Because secure browsing was put into place before any threat was evident, the security display lost out in the "real estate wars" of the early browsers. The original design of Netscape's browser included a prominent display of the name of the site and the CA's name, but these were dropped in the first release. Users are now highly experienced in not checking security information at all. Click-through syndrome However, warnings to poorly configured sites continued, and were not down-graded. If a certificate had an error in it (mismatched domain name, expiry), then the browser would commonly launch a popup to warn the user. As the reason was generally a minor misconfiguration, the users learned to bypass the warnings, and now, users are accustomed to treat all warnings with the same disdain, resulting in Click-through syndrome. For example, Firefox 3 has a 4-click process for adding an exception, but it has been shown to be ignored by an experienced user in a real case of MITM. Even today, as the vast majority of warnings will be for misconfigurations not real MITMs, it is hard to see how click-through syndrome will ever be avoided.
66
Phishing Lack of interest Another underlying factor is the lack of support for virtual hosting. The specific causes are a lack of support for Server Name Indication in TLS webservers, and the expense and inconvenience of acquiring certificates. The result is that the use of authentication is too rare to be anything but a special case. This has caused a general lack of knowledge and resources in authentication within TLS, which in turn has meant that the attempts by browser vendors to upgrade their security UIs have been slow and lacklustre. Lateral communications The security model for secure browser includes many participants: user, browser vendor, developers, CA, auditor, webserver vendor, ecommerce site, regulators (e.g., FDIC), and security standards committees. There is a lack of communication between different groups that are committed to the security model. E.g., although the understanding of authentication is strong at the protocol level of the IETF committees, this message does not reach the UI groups. Webserver vendors do not prioritise the Server Name Indication (TLS/SNI) fix, not seeing it as a security fix but instead a new feature. In practice, all participants look to the others as the source of the failures leading to phishing, hence the local fixes are not prioritised. Matters improved slightly with the CAB Forum, as that group includes browser vendors, auditors and CAs. But the group did not start out in an open fashion, and the result suffered from commercial interests of the first players, as well as a lack of parity between the participants. Even today, CAB forum is not open, and does not include representation from small CAs, end-users, ecommerce owners, etc. Standards gridlock Vendors commit to standards, which results in an outsourcing effect when it comes to security. Although there have been many and good experiments in improving the security UI, these have not been adopted because they are not standard, or clash with the standards. Threat models can re-invent themselves in around a month; Security standards take around 10 years to adjust. Venerable Certificate Authority model Control mechanisms employed by the browser vendors over the CAs have not been substantially updated; the threat model has. The control and quality process over CAs is insufficiently tuned to the protection of users and the addressing of actual and current threats. Audit processes are in great need of updating. The recent EV Guidelines documented the current model in greater detail, and established a good benchmark, but did not push for any substantial changes to be made. Browsers alerting users to fraudulent websites Another popular approach to fighting phishing is to maintain a list of known phishing sites and to check websites against the list. Microsoft's IE7 browser, Mozilla Firefox 2.0, Safari 3.2, and Opera all contain this type of anti-phishing measure.[69] [70] [71] [72] Firefox 2 used Google anti-phishing software. Opera 9.1 uses live blacklists from PhishTank and GeoTrust, as well as live whitelists from GeoTrust. Some implementations of this approach send the visited URLs to a central service to be checked, which has raised concerns about privacy.[73] According to a report by Mozilla in late 2006, Firefox 2 was found to be more effective than Internet Explorer 7 at detecting fraudulent sites in a study by an independent software testing company.[74] An approach introduced in mid-2006 involves switching to a special DNS service that filters out known phishing domains: this will work with any browser,[75] and is similar in principle to using a hosts file to block web adverts. To mitigate the problem of phishing sites impersonating a victim site by embedding its images (such as logos), several site owners have altered the images to send a message to the visitor that a site may be fraudulent. The image may be moved to a new filename and the original permanently replaced, or a server can detect that the image was not
67
Phishing requested as part of normal browsing, and instead send a warning image.[76] [77] and its totally safe Augmenting password logins The Bank of America's website[78] [79] is one of several that ask users to select a personal image, and display this user-selected image with any forms that request a password. Users of the bank's online services are instructed to enter a password only when they see the image they selected. However, a recent study suggests few users refrain from entering their password when images are absent.[80] [81] In addition, this feature (like other forms of two-factor authentication) is susceptible to other attacks, such as those suffered by Scandinavian bank Nordea in late 2005,[82] and Citibank in 2006.[83] A similar system, in which an automatically-generated "Identity Cue" consisting of a colored word within a colored box is displayed to each website user, is in use at other financial institutions.[84] Security skins[85] [86] are a related technique that involves overlaying a user-selected image onto the login form as a visual cue that the form is legitimate. Unlike the website-based image schemes, however, the image itself is shared only between the user and the browser, and not between the user and the website. The scheme also relies on a mutual authentication protocol, which makes it less vulnerable to attacks that affect user-only authentication schemes. Still another technique [87] relies on a dynamic grid of images that is different for each login attempt. The user must identify the pictures that fit their pre-chosen categories (such as dogs, cars and flowers). Only after they have correctly identified the pictures that fit their categories are they allowed to enter their alphanumeric password to complete the login. Unlike the static images used on the Bank of America website, a dynamic image-based authentication method creates a one-time passcode for the login, requires active participation from the user, and is very difficult for a phishing website to correctly replicate because it would need to display a different grid of randomly generated images that includes the user's secret categories.
68
Eliminating phishing mail Specialized spam filters can reduce the number of phishing e-mails that reach their addressees' inboxes. These approaches rely on machine learning and natural language processing approaches to classify phishing e-mails.[88] [89] Monitoring and takedown Several companies offer banks and other organizations likely to suffer from phishing scams round-the-clock services to monitor, analyze and assist in shutting down phishing websites.[90] Individuals can contribute by reporting phishing to both volunteer and industry groups,[91] such as PhishTank.[92] Individuals can also contribute by reporting phone phishing attempts to Phone Phishing,[93] Federal Trade Commission.[94]
Legal responses
On January 26, 2004, the U.S. Federal Trade Commission filed the first lawsuit against a suspected phisher. The defendant, a Californian teenager, allegedly created a webpage designed to look like the America Online website, and used it to steal credit card information.[95] Other countries have followed this lead by tracing and arresting phishers. A phishing kingpin, Valdir Paulo de Almeida, was arrested in Brazil for leading one of the largest phishing crime rings, which in two years stole between US$18 million and US$37 million.[96] UK authorities jailed two men in June 2005 for their role in a phishing scam,[97] in a case connected to the U.S. Secret Service Operation Firewall,
Phishing which targeted notorious "carder" websites.[98] In 2006 eight people were arrested by Japanese police on suspicion of phishing fraud by creating bogus Yahoo Japan Web sites, netting themselves 100 million (US$870,000).[99] The arrests continued in 2006 with the FBI Operation Cardkeeper detaining a gang of sixteen in the U.S. and Europe.[100] In the United States, Senator Patrick Leahy introduced the Anti-Phishing Act of 2005 in Congress on March 1, 2005. This bill, if it had been enacted into law, would have subjected criminals who created fake web sites and sent bogus e-mails in order to defraud consumers to fines of up to US$250,000 and prison terms of up to five years.[101] The UK strengthened its legal arsenal against phishing with the Fraud Act 2006,[102] which introduces a general offence of fraud that can carry up to a ten year prison sentence, and prohibits the development or possession of phishing kits with intent to commit fraud.[103] Companies have also joined the effort to crack down on phishing. On March 31, 2005, Microsoft filed 117 federal lawsuits in the U.S. District Court for the Western District of Washington. The lawsuits accuse "John Doe" defendants of obtaining passwords and confidential information. March 2005 also saw a partnership between Microsoft and the Australian government teaching law enforcement officials how to combat various cyber crimes, including phishing.[104] Microsoft announced a planned further 100 lawsuits outside the U.S. in March 2006,[105] followed by the commencement, as of November 2006, of 129 lawsuits mixing criminal and civil actions.[106] AOL reinforced its efforts against phishing[107] in early 2006 with three lawsuits[108] seeking a total of US$18 million under the 2005 amendments to the Virginia Computer Crimes Act,[109] [110] and Earthlink has joined in by helping to identify six men subsequently charged with phishing fraud in Connecticut.[111] In January 2007, Jeffrey Brett Goodin of California became the first defendant convicted by a jury under the provisions of the CAN-SPAM Act of 2003. He was found guilty of sending thousands of e-mails to America Online users, while posing as AOL's billing department, which prompted customers to submit personal and credit card information. Facing a possible 101 years in prison for the CAN-SPAM violation and ten other counts including wire fraud, the unauthorized use of credit cards, and the misuse of AOL's trademark, he was sentenced to serve 70 months. Goodin had been in custody since failing to appear for an earlier court hearing and began serving his prison term immediately.[112] [113] [114] [115]
69
References
[1] Tan, Koontorm Center. "Phishing and Spamming via IM (SPIM)" (http:/ / isc. sans. org/ diary. php?storyid=1905). . Retrieved December 5, 2006. [2] Microsoft Corporation. "What is social engineering?" (http:/ / www. microsoft. com/ protect/ yourself/ phishing/ engineering. mspx). . Retrieved August 22, 2007. [3] Jsang, Audun et al.. "Security Usability Principles for Vulnerability Analysis and Risk Assessment." (http:/ / www. unik. no/ people/ josang/ papers/ JAGAM2007-ACSAC. pdf) (PDF). Proceedings of the Annual Computer Security Applications Conference 2007 (ACSAC'07). . Retrieved 2007. [4] "Spam Slayer: Do You Speak Spam?" (http:/ / www. pcworld. com/ article/ id,113431-page,1/ article. html). PCWorld.com. . Retrieved August 16, 2006. [5] "Phishing, n. OED Online, March 2006, Oxford University Press." (http:/ / dictionary. oed. com/ cgi/ entry/ 30004304/ ). Oxford English Dictionary Online. . Retrieved August 9, 2006. [6] "Phishing" (http:/ / itre. cis. upenn. edu/ ~myl/ languagelog/ archives/ 001477. html). Language Log, September 22, 2004. . Retrieved August 9, 2006. [7] Felix, Jerry and Hauck, Chris (September 1897). "System Security: A Hacker's Perspective". 1987 Interex Proceedings 1: 6. [8] ""phish, v." OED Online, March 2006, Oxford University Press." (http:/ / dictionary. oed. com/ cgi/ entry/ 30004303/ ). Oxford English Dictionary Online. . Retrieved August 9, 2006. [9] Ollmann, Gunter. "The Phishing Guide: Understanding and Preventing Phishing Attacks" (http:/ / www. technicalinfo. net/ papers/ Phishing. html). Technical Info. . Retrieved July 10, 2006. [10] "Phishing" (http:/ / www. wordspy. com/ words/ phishing. asp). Word Spy. . Retrieved September 28, 2006. [11] Stutz, Michael (January 29, 1998). "AOL: A Cracker's Paradise?" (http:/ / wired-vig. wired. com/ news/ technology/ 0,1282,9932,00. html). Wired News. . [12] "History of AOL Warez" (http:/ / www. rajuabju. com/ warezirc/ historyofaolwarez. htm). . Retrieved September 28, 2006. [13] "GP4.3 - Growth and Fraud Case #3 - Phishing" (https:/ / financialcryptography. com/ mt/ archives/ 000609. html). Financial Cryptography. December 30, 2005. .
Phishing
[14] "In 2005, Organized Crime Will Back Phishers" (http:/ / itmanagement. earthweb. com/ secu/ article. php/ 3451501). IT Management. December 23, 2004. . [15] Abad, Christopher (September 2005). "The economy of phishing: A survey of the operations of the phishing market" (http:/ / firstmonday. org/ htbin/ cgiwrap/ bin/ ojs/ index. php/ fm/ article/ view/ 1272/ 1192). First Monday. . [16] "Suspicious e-Mails and Identity Theft" (http:/ / www. irs. gov/ newsroom/ article/ 0,,id=155682,00. html). Internal Revenue Service. . Retrieved July 5, 2006. [17] "Phishing for Clues" (http:/ / www. browser-recon. info/ ). Indiana University Bloomington. September 15, 2005. . [18] "What is spear phishing?" (http:/ / www. microsoft. com/ athome/ security/ email/ spear_phishing. mspx). Microsoft Security At Home. . Retrieved July 10, 2006. [19] Goodin, Dan (April 17, 2008). "Fake subpoenas harpoon 2,100 corporate fat cats" (http:/ / www. theregister. co. uk/ 2008/ 04/ 16/ whaling_expedition_continues/ . ). The Register. . [20] Kirk, Jeremy (June 2, 2006). "Phishing Scam Takes Aim at [[MySpace.com (http:/ / www. pcworld. com/ resource/ article/ 0,aid,125956,pg,1,RSS,RSS,00. asp)]"]. IDG Network. . [21] "Malicious Website / Malicious Code: MySpace XSS QuickTime Worm" (http:/ / web. archive. org/ web/ 20061205104430/ http:/ / www. websense. com/ securitylabs/ alerts/ alert. php?AlertID=708). Websense Security Labs. Archived from the original (http:/ / www. websense. com/ securitylabs/ alerts/ alert. php?AlertID=708) on December 5, 2006. . Retrieved December 5, 2006. [22] Tom Jagatic and Nathan Johnson and Markus Jakobsson and Filippo Menczer. "Social Phishing" (http:/ / www. indiana. edu/ ~phishing/ social-network-experiment/ phishing-preprint. pdf) (PDF). To appear in the CACM (October 2007). . Retrieved June 3, 2006. [23] "1-Click Hosting at RapidTec Warning of Phishing!" (http:/ / web. archive. org/ web/ 20080430101024/ http:/ / rapidshare. de/ en/ phishing. html). Archived from the original (http:/ / rapidshare. de/ en/ phishing. html) on 2008-04-30. . Retrieved December 21, 2008. [24] "Torrent of spam likely to hit 6.3 million TD Ameritrade hack victims" (http:/ / www. webcitation. org/ 5gY2R1j1g). Archived from the original (http:/ / www. sophos. com/ pressoffice/ news/ articles/ 2007/ 09/ ameritrade. html) on 2009-05-05. . [25] Shadowy Russian Firm Seen as Conduit for [[Cybercrime (http:/ / www. washingtonpost. com/ wp-dyn/ content/ story/ 2007/ 10/ 12/ ST2007101202661. html?hpid=topnews)]], by Brian Krebs, Washington post, October 13, 2007 [26] Phishsos.Blogspot.com (http:/ / phishsos. blogspot. com/ 2010/ 01/ facebook-scam. html) [27] "Millersmiles Home Page" (http:/ / www. millersmiles. co. uk). Oxford Information Services. . Retrieved 2010-01-03. [28] "FraudWatch International Home Page" (http:/ / www. fraudwatchinternational. com). FraudWatch International. . Retrieved 2010-01-03. [29] HSBCUSA.com (http:/ / www. hsbcusa. com/ security/ recognize_fraud. html) [30] Berners-Lee, Tim. "Uniform Resource Locators (URL)" (http:/ / www. w3. org/ Addressing/ rfc1738. txt). IETF Network Working Group. . Retrieved January 28, 2006. [31] Microsoft. "A security update is available that modifies the default behavior of Internet Explorer for handling user information in HTTP and in HTTPS URLs" (http:/ / support. microsoft. com/ kb/ 834489). Microsoft Knowledgebase. . Retrieved August 28, 2005. [32] Fisher, Darin. "Warn when HTTP URL auth information isn't necessary or when it's provided" (https:/ / bugzilla. mozilla. org/ show_bug. cgi?id=232567). Bugzilla. . Retrieved August 28, 2005. [33] Johanson, Eric. "The State of Homograph Attacks Rev1.1" (http:/ / www. shmoo. com/ idn/ homograph. txt). The Shmoo Group. . Retrieved August 11, 2005. [34] Evgeniy Gabrilovich and Alex Gontmakher (February 2002). "The Homograph Attack" (http:/ / www. cs. technion. ac. il/ ~gabr/ papers/ homograph_full. pdf) (PDF). Communications of the ACM 45 (2): 128. . [35] Leyden, John (August 15, 2006). "Barclays scripting SNAFU exploited by phishers" (http:/ / www. theregister. co. uk/ 2006/ 08/ 15/ barclays_phish_scam/ ). The Register. . [36] Levine, Jason. "Goin' phishing with eBay" (http:/ / q. queso. com/ archives/ 001617). Q Daily News. . Retrieved December 14, 2006. [37] Leyden, John (December 12, 2007). "Cybercrooks lurk in shadows of big-name websites" (http:/ / www. theregister. co. uk/ 2007/ 12/ 12/ phishing_redirection/ ). The Register. . [38] Mutton, Paul. "Fraudsters seek to make phishing sites undetectable by content filters" (http:/ / news. netcraft. com/ archives/ 2005/ 05/ 12/ fraudsters_seek_to_make_phishing_sites_undetectable_by_content_filters. html). Netcraft. . Retrieved July 10, 2006. [39] Mutton, Paul. "Phishing Web Site Methods" (http:/ / www. fraudwatchinternational. com/ phishing-fraud/ phishing-web-site-methods/ ). FraudWatch International. . Retrieved December 14, 2006. [40] "Phishing con hijacks browser bar" (http:/ / news. bbc. co. uk/ 1/ hi/ technology/ 3608943. stm). BBC News. April 8, 2004. . [41] Krebs, Brian. "Flaws in Financial Sites Aid Scammers" (http:/ / blog. washingtonpost. com/ securityfix/ 2006/ 06/ flaws_in_financial_sites_aid_s. html). Security Fix. . Retrieved June 28, 2006. [42] Mutton, Paul. "PayPal Security Flaw allows Identity Theft" (http:/ / news. netcraft. com/ archives/ 2006/ 06/ 16/ paypal_security_flaw_allows_identity_theft. html). Netcraft. . Retrieved June 19, 2006. [43] Hoffman, Patrick (January 10, 2007). "RSA Catches Financial Phishing Kit" (http:/ / www. eweek. com/ article2/ 0,1895,2082039,00. asp). eWeek. . [44] Miller, Rich. "Phishing Attacks Continue to Grow in Sophistication" (http:/ / news. netcraft. com/ archives/ 2007/ 01/ 15/ phishing_attacks_continue_to_grow_in_sophistication. html). Netcraft. . Retrieved December 19, 2007. [45] Gonsalves, Antone (April 25, 2006). "Phishers Snare Victims With VoIP" (http:/ / www. techweb. com/ wire/ security/ 186701001). Techweb. .
70
Phishing
[46] "Identity thieves take advantage of VoIP" (http:/ / www. silicon. com/ research/ specialreports/ voip/ 0,3800004463,39128854,00. htm). Silicon.com. March 21, 2005. . [47] "Internet Banking Targeted Phishing Attack" (http:/ / www. met. police. uk/ fraudalert/ docs/ internet_bank_fraud. pdf). Metropolitan Police Service. 2005-06-03. . Retrieved 2009-03-22. [48] Kerstein, Paul (July 19, 2005). "How Can We Stop Phishing and Pharming Scams?" (http:/ / web. archive. org/ web/ 20080324080028/ http:/ / www. csoonline. com/ talkback/ 071905. html). CSO. Archived from the original (http:/ / www. csoonline. com/ talkback/ 071905. html) on 2008-03-24. . [49] McCall, Tom (December 17, 2007). "Gartner Survey Shows Phishing Attacks Escalated in 2007; More than $3 Billion Lost to These Attacks" (http:/ / www. gartner. com/ it/ page. jsp?id=565125). Gartner. . [50] "A Profitless Endeavor: Phishing as Tragedy of the Commons" (http:/ / research. microsoft. com/ ~cormac/ Papers/ PhishingAsTragedy. pdf) (PDF). Microsoft. . Retrieved November 15, 2008. [51] "UK phishing fraud losses double" (http:/ / www. finextra. com/ fullstory. asp?id=15013). Finextra. March 7, 2006. . [52] Richardson, Tim (May 3, 2005). "Brits fall prey to phishing" (http:/ / www. theregister. co. uk/ 2005/ 05/ 03/ aol_phishing/ ). The Register. . [53] Miller, Rich. "Bank, Customers Spar Over Phishing Losses" (http:/ / news. netcraft. com/ archives/ 2006/ 09/ 13/ bank_customers_spar_over_phishing_losses. html). Netcraft. . Retrieved December 14, 2006. [54] "Latest News" (http:/ / applications. boi. com/ updates/ Article?PR_ID=1430). . [55] "Bank of Ireland agrees to phishing refunds vnunet.com" (http:/ / www. vnunet. com/ vnunet/ news/ 2163714/ bank-ireland-backtracks). . [56] Ponnurangam Kumaraguru, Yong Woo Rhee, Alessandro Acquisti, Lorrie Cranor, Jason Hong and Elizabeth Nunge (November 2006). "Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System" (http:/ / www. cylab. cmu. edu/ files/ cmucylab06017. pdf) (PDF). Technical Report CMU-CyLab-06-017, CyLab, Carnegie Mellon University.. . Retrieved November 14, 2006. [57] Bank, David (August 17, 2005). "'Spear Phishing' Tests Educate People About Online Scams" (http:/ / online. wsj. com/ public/ article/ 0,,SB112424042313615131-z_8jLB2WkfcVtgdAWf6LRh733sg_20060817,00. html?mod=blogs). The Wall Street Journal. . [58] "Anti-Phishing Tips You Should Not Follow" (http:/ / web. archive. org/ web/ 20080320035409/ http:/ / www. hexview. com/ sdp/ node/ 24). HexView. Archived from the original (http:/ / www. hexview. com/ sdp/ node/ 24) on 2008-03-20. . Retrieved June 19, 2006. [59] "Protect Yourself from Fraudulent Emails" (https:/ / www. paypal. com/ us/ cgi-bin/ webscr?cmd=_vdc-security-spoof-outside). PayPal. . Retrieved July 7, 2006. [60] Markus Jakobsson, Alex Tsow, Ankur Shah, Eli Blevis, Youn-kyung Lim.. "What Instills Trust? A Qualitative Study of Phishing." (http:/ / www. informatics. indiana. edu/ markus/ papers/ trust_USEC. pdf) (PDF). USEC '06. . [61] Zeltser, Lenny (March 17, 2006). "Phishing Messages May Include Highly-Personalized Information" (http:/ / isc. incidents. org/ diary. php?storyid=1194). The SANS Institute. . [62] Markus Jakobsson and Jacob Ratkiewicz. "Designing Ethical Phishing Experiments" (http:/ / www2006. org/ programme/ item. php?id=3533). WWW '06. . [63] Kawamoto, Dawn (August 4, 2005). "Faced with a rise in so-called pharming and crimeware attacks, the Anti-Phishing Working Group will expand its charter to include these emerging threats." (http:/ / www. zdnetindia. com/ news/ features/ stories/ 126569. html). ZDNet India. . [64] "Social networking site teaches insecure password practices" (http:/ / blog. anta. net/ 2008/ 11/ 09/ social-networking-site-teaches-insecure-password-practices/ ). blog.anta.net. 2008-11-09. ISSN1797-1993. . Retrieved 2008-11-09. [65] Brandt, Andrew. "Privacy Watch: Protect Yourself With an Antiphishing Toolbar" (http:/ / www. pcworld. com/ article/ 125739-1/ article. html). PC World Privacy Watch. . Retrieved September 25, 2006. [66] Jsangm Audun and Pope, Simon. "User Centric Identity Management" (http:/ / www. unik. no/ people/ josang/ papers/ JP2005-AusCERT. pdf) (PDF). Proceedings of AusCERT 2005. . Retrieved 2008. [67] " Phishing - What it is and How it Will Eventually be Dealt With (http:/ / www. arraydev. com/ commerce/ jibc/ 2005-02/ jibc_phishing. HTM)" by Ian Grigg 2005 [68] " Brand matters (IE7, Skype, Vonage, Mozilla) (https:/ / financialcryptography. com/ mt/ archives/ 000645. html)" Ian Grigg [69] Franco, Rob. "Better Website Identification and Extended Validation Certificates in IE7 and Other Browsers" (http:/ / blogs. msdn. com/ ie/ archive/ 2005/ 11/ 21/ 495507. aspx). IEBlog. . Retrieved May 20, 2006. [70] "Bon Echo Anti-Phishing" (http:/ / www. mozilla. org/ projects/ bonecho/ anti-phishing/ ). Mozilla. . Retrieved June 2, 2006. [71] "Safari 3.2 finally gains phishing protection" (http:/ / arstechnica. com/ journals/ apple. ars/ 2008/ 11/ 13/ safari-3-2-finally-gains-phishing-protection). Ars Technica. November 13, 2008. . Retrieved November 15, 2008. [72] "Gone Phishing: Evaluating Anti-Phishing Tools for Windows" (http:/ / web. archive. org/ web/ 20080114211315/ http:/ / www. 3sharp. com/ projects/ antiphish/ index. htm). 3Sharp. September 27, 2006. Archived from the original (http:/ / www. 3sharp. com/ projects/ antiphish/ index. htm) on 2008-01-14. . Retrieved 2006-10-20. [73] "Two Things That Bother Me About Googles New Firefox Extension" (http:/ / www. oreillynet. com/ onlamp/ blog/ 2005/ 12/ two_things_that_bother_me_abou. html). Nitesh Dhanjani on O'Reilly ONLamp. . Retrieved July 1, 2007. [74] "Firefox 2 Phishing Protection Effectiveness Testing" (http:/ / www. mozilla. org/ security/ phishing-test. html). . Retrieved January 23, 2007. [75] Higgins, Kelly Jackson. "DNS Gets Anti-Phishing Hook" (http:/ / www. darkreading. com/ document. asp?doc_id=99089& WT. svl=news1_1). Dark Reading. . Retrieved October 8, 2006. [76] Krebs, Brian (August 31, 2006). "Using Images to Fight Phishing" (http:/ / blog. washingtonpost. com/ securityfix/ 2006/ 08/ using_images_to_fight_phishing. html). Security Fix. .
71
Phishing
[77] Seltzer, Larry (August 2, 2004). "Spotting Phish and Phighting Back" (http:/ / www. eweek. com/ article2/ 0,1759,1630161,00. asp). eWeek. . [78] Bank of America. "How Bank of America SiteKey Works For Online Banking Security" (http:/ / www. bankofamerica. com/ privacy/ sitekey/ ). . Retrieved January 23, 2007. [79] Brubaker, Bill (July 14, 2005). "Bank of America Personalizes Cyber-Security" (http:/ / www. washingtonpost. com/ wp-dyn/ content/ article/ 2005/ 07/ 13/ AR2005071302181. html). Washington Post. . [80] Stone, Brad (February 5, 2007). "Study Finds Web Antifraud Measure Ineffective" (http:/ / www. nytimes. com/ 2007/ 02/ 05/ technology/ 05secure. html?ex=1328331600& en=295ec5d0994b0755& ei=5090& partner=rssuserland& emc=rss). New York Times. . Retrieved February 5, 2007. [81] Stuart Schechter, Rachna Dhamija, Andy Ozment, Ian Fischer (May 2007). "The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies" (http:/ / web. archive. org/ web/ 20080406062148/ http:/ / www. deas. harvard. edu/ ~rachna/ papers/ emperor-security-indicators-bank-sitekey-phishing-study. pdf) (PDF). IEEE Symposium on Security and Privacy, May 2007. Archived from the original (http:/ / www. deas. harvard. edu/ ~rachna/ papers/ emperor-security-indicators-bank-sitekey-phishing-study. pdf) on 2008-04-06. . Retrieved February 5, 2007. [82] "Phishers target Nordea's one-time password system" (http:/ / www. finextra. com/ fullstory. asp?id=14384). Finextra. October 12, 2005. . [83] Krebs, Brian (July 10, 2006). "Citibank Phish Spoofs 2-Factor Authentication" (http:/ / blog. washingtonpost. com/ securityfix/ 2006/ 07/ citibank_phish_spoofs_2factor_1. html). Security Fix. . [84] Graham Titterington. "More doom on phishing" (http:/ / www. ovum. com/ news/ euronews. asp?id=4166). Ovum Research, April 2006. . [85] Schneier, Bruce. "Security Skins" (http:/ / www. schneier. com/ blog/ archives/ 2005/ 07/ security_skins. html). Schneier on Security. . Retrieved December 3, 2006. [86] Rachna Dhamija, J.D. Tygar (July 2005). "The Battle Against Phishing: Dynamic Security Skins" (http:/ / web. archive. org/ web/ 20080406062148/ http:/ / people. deas. harvard. edu/ ~rachna/ papers/ securityskins. pdf) (PDF). Symposium On Usable Privacy and Security (SOUPS) 2005. Archived from the original (http:/ / people. deas. harvard. edu/ ~rachna/ papers/ securityskins. pdf) on 2008-04-06. . Retrieved February 5, 2007. [87] http:/ / www. confidenttechnologies. com/ products/ anti-phishing [88] Madhusudhanan Chandrasekaran, Krishnan Narayanan, Shambhu Upadhyaya (March 2006). "Phishing E-mail Detection Based on Structural Properties" (http:/ / web. archive. org/ web/ 20080216101637/ http:/ / www. albany. edu/ iasymposium/ 2006/ chandrasekaran. pdf) (PDF). NYS Cyber Security Symposium. Archived from the original (http:/ / www. albany. edu/ iasymposium/ 2006/ chandrasekaran. pdf) on 2008-02-16. . [89] Ian Fette, Norman Sadeh, Anthony Tomasic (June 2006). "Learning to Detect Phishing Emails" (http:/ / reports-archive. adm. cs. cmu. edu/ anon/ isri2006/ CMU-ISRI-06-112. pdf) (PDF). Carnegie Mellon University Technical Report CMU-ISRI-06-112. . [90] "Anti-Phishing Working Group: Vendor Solutions" (http:/ / www. antiphishing. org/ solutions. html#takedown). Anti-Phishing Working Group. . Retrieved July 6, 2006. [91] McMillan, Robert (March 28, 2006). "New sites let users find and report phishing" (http:/ / www. linuxworld. com. au/ index. php/ id;1075406575;fp;2;fpid;1. ). LinuxWorld. . [92] Schneier, Bruce (2006-10-05). "PhishTank" (http:/ / www. schneier. com/ blog/ archives/ 2006/ 10/ phishtank. html). Schneier on Security. . Retrieved 2007-12-07. [93] "Phone Phishing" (http:/ / phonephishing. info). Phone Phishing. . Retrieved Feb 25, 2009. [94] "Federal Trade Commission" (http:/ / www. ftc. gov/ phonefraud). Federal Trade Commission. . Retrieved Mar 6, 2009. [95] Legon, Jeordan (January 26, 2004). "'Phishing' scams reel in your identity" (http:/ / www. cnn. com/ 2003/ TECH/ internet/ 07/ 21/ phishing. scam/ index. html). CNN. . [96] Leyden, John (March 21, 2005). "Brazilian cops net 'phishing kingpin'" (http:/ / www. channelregister. co. uk/ 2005/ 03/ 21/ brazil_phishing_arrest/ ). The Register. . [97] Roberts, Paul (June 27, 2005). "UK Phishers Caught, Packed Away" (http:/ / www. eweek. com/ article2/ 0,1895,1831960,00. asp). eWEEK. . [98] "Nineteen Individuals Indicted in Internet 'Carding' Conspiracy" (http:/ / www. cybercrime. gov/ mantovaniIndict. htm). . Retrieved November 20, 2005. [99] "8 held over suspected phishing fraud". The Daily Yomiuri. May 31, 2006. [100] "Phishing gang arrested in USA and Eastern Europe after FBI investigation" (http:/ / www. sophos. com/ pressoffice/ news/ articles/ 2006/ 11/ phishing-arrests. html). . Retrieved December 14, 2006. [101] "Phishers Would Face 5 Years Under New Bill" (http:/ / informationweek. com/ story/ showArticle. jhtml?articleID=60404811). Information Week. March 2, 2005. . [102] "Fraud Act 2006" (http:/ / www. opsi. gov. uk/ ACTS/ en2006/ 2006en35. htm). . Retrieved December 14, 2006. [103] "Prison terms for phishing fraudsters" (http:/ / www. theregister. co. uk/ 2006/ 11/ 14/ fraud_act_outlaws_phishing/ ). The Register. November 14, 2006. . [104] "Microsoft Partners with Australian Law Enforcement Agencies to Combat Cyber Crime" (http:/ / web. archive. org/ web/ 20051103190357/ http:/ / www. microsoft. com/ australia/ presspass/ news/ pressreleases/ cybercrime_31_3_05. aspx). Archived from the original (http:/ / www. microsoft. com/ australia/ presspass/ news/ pressreleases/ cybercrime_31_3_05. aspx) on November 3, 2005. . Retrieved August 24, 2005.
72
Phishing
[105] Espiner, Tom (March 20, 2006). "Microsoft launches legal assault on phishers" (http:/ / news. zdnet. co. uk/ 0,39020330,39258528,00. htm). ZDNet. . [106] Leyden, John (November 23, 2006). "MS reels in a few stray phish" (http:/ / www. theregister. co. uk/ 2006/ 11/ 23/ ms_anti-phishing_campaign_update/ ). The Register. . [107] "A History of Leadership - 2006" (http:/ / web. archive. org/ web/ 20070522231137/ http:/ / www. corp. aol. com/ whoweare/ history/ 2006. shtml). Archived from the original (http:/ / corp. aol. com/ whoweare/ history/ 2006. shtml) on 2007-05-22. . [108] "AOL Takes Fight Against Identity Theft To Court, Files Lawsuits Against Three Major Phishing Gangs" (http:/ / web. archive. org/ web/ 20070131204118/ http:/ / media. aoltimewarner. com/ media/ newmedia/ cb_press_view. cfm?release_num=55254535). Archived from the original (http:/ / media. aoltimewarner. com/ media/ newmedia/ cb_press_view. cfm?release_num=55254535) on 2007-01-31. . Retrieved March 8, 2006. [109] "HB 2471 Computer Crimes Act; changes in provisions, penalty." (http:/ / leg1. state. va. us/ cgi-bin/ legp504. exe?051+ sum+ HB2471). . Retrieved March 8, 2006. [110] Brulliard, Karin (April 10, 2005). "Va. Lawmakers Aim to Hook Cyberscammers" (http:/ / www. washingtonpost. com/ wp-dyn/ articles/ A40578-2005Apr9. html). Washington Post. . [111] "Earthlink evidence helps slam the door on phisher site spam ring" (http:/ / web. archive. org/ web/ 20070705211932/ http:/ / www. earthlink. net/ about/ press/ pr_phishersite/ ). Archived from the original (http:/ / www. earthlink. net/ about/ press/ pr_phishersite/ ) on 2007-07-05. . Retrieved December 14, 2006. [112] Prince, Brian (January 18, 2007). "Man Found Guilty of Targeting AOL Customers in Phishing Scam" (http:/ / www. pcmag. com/ article2/ 0,1895,2085183,00. asp). PCMag.com. . [113] Leyden, John (January 17, 2007). "AOL phishing fraudster found guilty" (http:/ / www. theregister. co. uk/ 2007/ 01/ 17/ aol_phishing_fraudster/ ). The Register. . [114] Leyden, John (June 13, 2007). "AOL phisher nets six years' imprisonment" (http:/ / www. theregister. co. uk/ 2007/ 06/ 13/ aol_fraudster_jailed/ ). The Register. . [115] Gaudin, Sharon (June 12, 2007). "California Man Gets 6-Year Sentence For Phishing" (http:/ / www. informationweek. com/ story/ showArticle. jhtml?articleID=199903450). InformationWeek. .
73
External links
Anti-Phishing Working Group (http://www.antiphishing.org/) Center for Identity Management and Information Protection (http://www.utica.edu/academic/institutes/cimip/ ) Utica College How the bad guys actually operate (http://ha.ckers.org/blog/20060609/how-phishing-actually-works/) Ha.ckers.org Application Security Lab Plugging the "phishing" hole: legislation versus technology (http://www.law.duke.edu/journals/dltr/articles/ 2005dltr0006.html) Duke Law & Technology Review Know Your Enemy: Phishing (http://www.honeynet.org/papers/phishing/) Honeynet project case study Banking Scam Revealed (http://www.securityfocus.com/infocus/1745) forensic examination of a phishing attack on SecurityFocus The Phishing Guide: Understanding and Preventing Phishing Attacks (http://www.technicalinfo.net/papers/ Phishing.html) TechnicalInfo.net A Profitless Endeavor: Phishing as Tragedy of the Commons (http://research.microsoft.com/en-us/um/people/ cormac/Papers/PhishingAsTragedy.pdf) Microsoft Corporation Database for information on phishing sites reported by the public (http://www.phishtank.com/) - PhishTank The Impact of Incentives on Notice and Take-down (http://www.cl.cam.ac.uk/~rnc1/takedown.pdf) Computer Laboratory, University of Cambridge (PDF, 344 kB) One Gang Responsible For Most Phishing Attacks - InternetNews.com (http://www.internetnews.com/ security/article.php/3882136/One+Gang+Responsible+For+Most+Phishing+Attacks.htm)
Penetration test
74
Penetration test
A penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities. Any security issues that are found will be presented to the system owner, together with an assessment of their impact, and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine the feasibility of an attack and the amount of business impact of a successful exploit, if discovered. It is a component of a full security audit. For example, the Payment Card Industry Data Security Standard (PCI DSS), and security and auditing standard, requires both annual and ongoing penetration testing (after system changes).
Rationale
A penetration test should be carried out on any computer system that is to be deployed in a hostile environment, in particular any Internet facing site, before it is deployed. This provides a level of practical assurance that any malicious user will not be able to penetrate the system. Black box penetration testing is useful in the cases where the tester assumes the role of an outside hacker and tries to intrude into the system without adequate knowledge of it.
Risks
Penetration testing can be an invaluable technique to any organization's information security program. Basic white box penetration testing is often done as a fully automated inexpensive process. However, black box penetration testing is a labor-intensive activity and requires expertise to minimize the risk to targeted systems. At a minimum, it may slow the organization's networks response time due to network scanning and vulnerability scanning. Furthermore, the possibility exists that systems may be damaged in the course of penetration testing and may be rendered inoperable, even though the organization benefits in knowing that the system could have been rendered
Penetration test inoperable by an intruder. Although this risk is mitigated by the use of experienced penetration testers, it can never be fully eliminated.
75
Methodologies
The Open Source Security Testing Methodology Manual is a peer-reviewed methodology for performing security tests and metrics. The OSSTMM test cases are divided into five channels which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases. The OSSTMM focuses on the technical details of exactly which items need to be tested, what to do before, during, and after a security test, and how to measure the results. OSSTMM is also known for its Rules of Engagement which define for both the tester and the client how the test needs to properly run starting from denying false advertising from testers to how the client can expect to receive the report. New tests for international best practices, laws, regulations, and ethical concerns are regularly added and updated. The National Institute of Standards and Technology (NIST) discusses penetration testing in SP800-115.[1] [2] NIST's methodology is less comprehensive than the OSSTMM; however, it is more likely to be accepted by regulatory agencies. For this reason, NIST refers to the OSSTMM. The Information Systems Security Assessment Framework (ISSAF) is a peer reviewed structured framework from the Open Information Systems Security Group that categorizes information system security assessment into various domains and details specific evaluation or testing criteria for each of these domains. It aims to provide field inputs on security assessment that reflect real life scenarios. The ISSAF should primarily be used to fulfill an organization's security assessment requirements and may additionally be used as a reference for meeting other information security needs. It includes the crucial facet of security processes and, their assessment and hardening to get a complete picture of the vulnerabilities that might exist. The ISSAF, however, is still in its infancy.
Penetration test Offensive Security offers an Ethical Hacking certification (Offensive Security Certified Professional) - a training spin off of the BackTrack Penetration Testing distribution. The OSCP is a real-life penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. Upon completion of the course students become eligible to take a certification challenge, which has to be completed within twenty-four hours. Documentation must include procedures used and proof of successful penetration including special marker files. Government-backed testing also exists in the US with standards such as the NSA Infrastructure Evaluation Methodology (IEM). For web applications, the Open Web Application Security Project (OWASP) provides a framework of recommendations that can be used as a benchmark. The Tiger Scheme offers two certifications: Qualified Tester (QST) and Senior Security Tester (SST). The SST is technically equivalent to CHECK Team Leader and QST is technically equivalent to the CHECK Team Member certification[6] . Tiger Scheme certifies the individual, not the company. The International Council of E-Commerce consultants certifies individuals in various e-business and information security skills. These include the Certified Ethical Hacker course, Computer Hacking Forensics Investigator program, Licensed Penetration Tester program and various other programs, which are widely available worldwide.
76
Penetration test
77
References
[1] Special Publication 800-42, Guideline on Network Security Testing (http:/ / csrc. nist. gov/ publications/ nistpubs/ 800-42/ NIST-SP800-42. pdf) [2] Special Publication 800-115, Technical Guide to Information Security Testing and Assessment, September 2008 (replaces SP800-42) (http:/ / csrc. nist. gov/ publications/ nistpubs/ 800-115/ SP800-115. pdf) [3] "Infosec 2008: UK association of penetration testers launched" (http:/ / www. computerweekly. com/ Articles/ 2008/ 04/ 24/ 230417/ infosec-2008-uk-association-of-penetration-testers. htm). Computer Weekly. 2008-04-24. . Retrieved 2008-08-16. [4] King, Leo (2008-04-24). "Security testing standards council launched" (http:/ / www. computerworlduk. com/ management/ security/ cybercrime/ news/ index. cfm?newsid=8730). Computerworld UK. . Retrieved 2008-08-16. [5] http:/ / www. sans. org/ why_certify. php SANS Institute [6] http:/ / www. cesg. gov. uk/ products_services/ iacs/ check/ index. shtml [7] http:/ / www. owasp. org/ index. php/ OWASP_Guide_Project [8] http:/ / www. owasp. org/ index. php/ OWASP_Top_Ten_Project [9] https:/ / addons. mozilla. org/ en-US/ firefox/ collection/ webappsec [10] http:/ / www. dvwa. co. uk/ [11] http:/ / www. foundstone. com/ us/ resources/ proddesc/ hacmebank. htm
Johnny Long; Google Hacking for Penetration Testers, Syngress, 2007. ISBN 978-1597491761 Stuart McClure; Hacking Exposed: Network Security Secrets and Solutions, McGraw-Hill, 2009. ISBN 978-0071613743
External links
List of Network Penetration Testing software (https://mosaicsecurity.com/categories/ 27-network-penetration-testing), Mosaic Security Research
Background
Many individuals and companies consider it important to protect their information for a variety of reasons, including financial, competitive, and privacy-related purposes. People who wish to obtain this information may be computer crackers, corporate spies, or other malicious individuals. This information may be directly beneficial to them, such as industrial secrets or credit card numbers. It may also be indirectly beneficial to them. For example, computer passwords do not have inherent value. However, they provide computer system access that may be used to get other information or to disable a person/company electronically. Sometimes these malicious individuals use electronic means or social engineering to gain information. However, sometimes they use direct physical attacks.
78
Dumpster diving
Dumpster diving is the practice of searching through the trash of an individual or business in attempt to obtain something useful. In the realm of information security, this frequently means looking for documents containing sensitive information. However, as more and more information is being stored electronically, it is becoming increasingly useful to those seeking information through this means to search for computer disks or other computer hardware which may contain data. Sometimes this data can be restored to provide a wealth of information.
References
[1] Granger, Sarah (2001-12-18). "Social Engineering Fundamentals, Part I: Hacker Tactics" (http:/ / www. securityfocus. com/ infocus/ 1527). Security Focus. . Retrieved 2006-08-27.
External links
Social Engineering Fundamentals (http://www.securityfocus.com/infocus/1527)
SMiShing
79
SMiShing
In computing, Smishing is a form of criminal activity using social engineering techniques similar to phishing. The name is derived from "SMs phISHING". SMS (Short Message Service) is the technology used for text messages on cell phones. Similar to phishing, smishing uses cell phone text messages to deliver the "bait" to get you to divulge your personal information. The "hook" (the method used to actually "capture" your information) in the text message may be a web site URL, however it has become more common to see a phone number that connects to automated voice response system. The smishing message usually contains something that wants your "immediate attention", some examples include "Were confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order on this URL: www.?????.com."; "(Name of popular online bank) is confirming that you have purchase a $1500 computer from (name of popular computer company). Visit www.?????.com if you did not make this online purchase"; and "(Name of a financial institution): Your account has been suspended. Call ###.###.#### immediately to reactivate". The "hook" will be a legitimate looking web site that asks you to "confirm" (enter) your personal financial information, such as your credit/debit card number, CVV code (on the back of your credit card), your ATM card PIN, SSN, email address, and other personal information. If the "hook" is a phone number, it normally directs to a legitimate sounding automated voice response system, similar to the voice response systems used by many financial institutions, which will ask for the same personal information. This is an example of a (complete) smishing message in current circulation: "Notice - this is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent at 866-###-####." In many cases, the smishing message will show that it came from "5000" instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, and not sent from another cell phone. This information is then used to create duplicate credit/debit/ATM cards. There are documented cases where information entered on a fraudulent web site (used in a phishing, smishing, or vishing attack) was used to create a credit or debit card that was used halfway around the world, within 30 minutes.
External links
Smishing article at ConsumerAffairs.com (http://www.consumeraffairs.com/news04/2006/11/smishing. html) Smishing advice from Get Safe Online (http://www.getsafeonlineblog.org/?p=118)
Vishing
80
Vishing
Vishing is the criminal practice of using social engineering over the telephone system, most often using features facilitated by Voice over IP (VoIP), to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of "voice" and phishing. Vishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations known to the telephone company, and associated with a bill-payer. The victim is often unaware that VoIP makes formerly difficult-to-abuse tools/features of caller ID spoofing, complex automated systems (IVR), low cost, and anonymity for the bill-payer widely available. Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals. Vishing is very hard for legal authorities to monitor or trace. To protect themselves, consumers are advised to be highly suspicious when receiving messages directing them to call and provide credit card or bank numbers. Rather than provide any information, if speaking to a human ask them for an incident number and then hang up. Then place a call to the number printed on your credit card or billing statement from a telephone number the bank has on file, usually your home land line. While consumer caller id is trivial to fake the bank's call center gets much more reliable billing information provided by trunked 1-800 service and thus both parties have high confidence the other party is who they claim to be. There is technology that monitors all public switched telephone network (PSTN)-based traffic and can identify vishing attempts as a result of patterns and anomalies in call activity. One example is a multiple calls from a limited set of skype numbers to call centers.
Example
1. The criminal either configures a war dialer to call phone numbers in a given region or accesses a legitimate voice messaging company with a list of phone numbers stolen from a financial institution. 2. Typically, when the victim answers the call, an automated recording, often generated with a text to speech synthesizer, is played to alert the consumer that their credit card has had fraudulent activity or that their bank account has had unusual activity. The message instructs the consumer to call the following phone number immediately. The same phone number is often shown in the spoofed caller ID and given the same name as the financial company they are pretending to represent. 3. When the victim calls the number, it is answered by automated instructions to enter their credit card number or bank account number on the key pad. 4. Once the consumer enters their credit card number or bank account number, the visher has the information necessary to make fraudulent use of the card or to access the account. 5. The call is often used to harvest additional details such as security PIN, expiration date, date of birth, etc. Although the use of automated responders and war dialers is preferred by the vishers, there have been reported cases where human operators play an active role in these scams, trying to persuade the victims. According to a study [1] conducted during 2009 on data collected from United States customers, the most recurrent words used in automated, recorded scams are different from those leveraged by human scammers. For instance, it is very frequent that automated voices contain words such as "press" (a button) or "number", while humans typically resort to more complex social engineering techniques. (In a common variation, an email "phish" is sent instead of war-dialing - the victim is instructed to call the following phone number immediately and credit card or bank account information is gathered) Another variation encourages a victim to install Scareware on an unrelated computer system at the same address as the Phone connection.
Vishing
81
External links
vnunet.com story: Cyber-criminals switch to VoIP 'vishing' [2] BBC News story: Criminals exploit net phone calls [3] The Paper PC: Messaging Security 2006: Vishing: The Next Big Cyber Headache? [4] The Register: FBI warns over "alarming" rise in american "vishing" [5] Phone Phishing: Phone Phishing - The First Phone Phishing and Scams Report Site [6] Anti Vishing: Anti-Vishing Video featuring excerpt from BBC Watchdog program [7]
References
[1] Federico Maggi (Are the con artists back? A preliminary analysis of modern phone frauds). IEEE Computer Society. ed. Proceedings of the 10th IEEE International Conference on Computer and Information Technology (CIT 2010) (Bradford, UK). http:/ / home. dei. polimi. it/ fmaggi/ downloads/ publications/ 2010_maggi_vishing. pdf. [2] http:/ / www. vnunet. com/ vnunet/ news/ 2160004/ cyber-criminals-talk-voip [3] http:/ / news. bbc. co. uk/ 1/ hi/ technology/ 5187518. stm [4] http:/ / paperpc. blogspot. com/ 2006/ 10/ messaging-security-2006-vishing-next. html [5] http:/ / www. theregister. co. uk/ 2008/ 01/ 21/ fbi_vishing_warning/ [6] http:/ / phonephishing. info [7] http:/ / www. youtube. com/ watch?v=4CKagCrX_XI
Moving scam
The moving industry in the United States was deregulated with the Household Goods Transportation Act of 1980. This act allowed interstate movers to issue binding or fixed estimates for the first time. Doing so opened the door to hundreds of new moving companies to enter the industry. This lead to an increase in competition and soon movers were no longer competing on services but on price. As competition drove prices lower and decreased what were already slim profit margins, "rogue" movers began hijacking personal property as part of a new scam. There are many versions to the moving scam but the basic scam takes place as follows. A prospective client contacts a moving company and requests a cost estimate. In today's market this often happens online via moving directories or brokers, or phone calls. These moving brokers are salesmen prone to quoting sometimes low, but usually reasonable prices with no room for the movers to provide a quality service. Once the rogue "moving company" has secured a move by providing a non-binding estimate, they arrive to pack and deliver the goods. Often the scam movers use deceptive pricing or weight measurements including prices based on the gross weight of the moving vehicle. After packing and loading, the client is informed that their goods went over the expected weight estimate and the additional weight will be charged at a substantially higher rate (often double the original price per pound). Rogue movers will not inform a client of these discrepancies until the client's goods have been weighed at a certifiable scale, far from the clients original pickup location. The new price may be four or five times higher than the original estimate. The scam movers know that most people will be forced to pay these exorbitant rates based on their need for the personal effects. The interstate moving industry in America is regulated by the Federal Motor Carrier Safety Administration (FMCSA), part of the U.S. Department of Transportation. Only a small staff (fewer than 20 people) is available to patrol hundreds of moving companies, making enforcement difficult. Before moving, always check with the DOT/FMCSA to verify that your mover is licensed and insured. This information is made available on their website. A moving resource provided by the FMCSA, called 'Your Rights And Responsibilities When You Move' is made available to citizens free of charge via request and goes into great depth of the topic and moving in general.
Moving scam
82
External links
Protect Your Move [1] - a US government Web site on interstate moving regulations American Moving & Storage Association [2] - provides consumer guidance when hiring a professional mover
References
[1] http:/ / www. protectyourmove. gov [2] http:/ / www. moving. org
Get-rich-quick schemes
Get-rich-quick schemes are extremely varied; these include fake franchises, real estate sure things, get-rich-quick books, wealth-building seminars, self-help gurus, sure-fire inventions, useless products, chain letters, fortune tellers, quack doctors, miracle pharmaceuticals, Nigerian money scams, and charms and talismans. Variations include the pyramid scheme, the Ponzi scheme, and the Matrix sale. Count Victor Lustig sold the money-printing machine which could copy $100 bills. The client, sensing huge profits, would buy the machines for a high price (usually over $30,000). Over the next twelve hours, the machine would produce just two more $100 bills, but after that it produced only blank paper, as its supply of hidden $100 bills would have become exhausted. This type of scheme is also called the money box scheme.
Salting
Salting or salting the mine are terms for a scam in which gemstones or gold ore are planted in a mine or on the landscape, duping the greedy mark into purchasing shares in a worthless or non-existent mining company.[1] During gold rushes, scammers would load shotguns with gold dust and shoot into the sides of the mine to give the appearance of a rich ore, thus salting the mine. Examples include the diamond hoax of 1872 and the Bre-X gold fraud of the mid-1990s. This trick was popularized in the HBO series Deadwood, when Al Swearingen and E. B. Farnum trick Brom Garret into believing gold is to be found on the claim Swearingen intends to sell him.
Spanish Prisoner
The Spanish Prisoner scamand its modern variant, the advance-fee fraud or Nigerian scamtake advantage of the victims greed. The basic premise involves enlisting the mark to aid in retrieving some stolen money from its hiding place. The victim sometimes believes they can cheat the con artists out of their money, but anyone trying this has already fallen for the essential con by believing that the money is there to steal (see also Black money scam). Note that the classic Spanish Prisoner trick also contains an element of the romance scam (see below). Many conmen employ extra tricks to keep the victim from going to the police. A common ploy of investment scammers is to encourage a mark to use money concealed from tax authorities. The mark cannot go to the authorities without revealing that they have committed tax fraud. Many swindles involve a minor element of crime or some other misdeed. The mark is made to think that they will gain money by helping fraudsters get huge sums out of a country (the classic advance-fee fraud/Nigerian scam); hence marks cannot go to the police without revealing that
List of confidence tricks they planned to commit a crime themselves. In a recent twist on the Nigerian fraud scheme, the mark is told they are helping someone overseas collect debts from corporate clients. Large cheques stolen from businesses are mailed to the mark. These cheques are altered to reflect the mark's name, and the mark is then asked to cash them and transfer all but a percentage of the funds (his commission) to the con artist. The cheques are often completely genuine, except that the "pay to" information has been expertly changed. This exposes the mark not only to enormous debt when the bank reclaims the money from their account, but also to criminal charges for money laundering. A more modern variation is to use laser-printed counterfeit cheques with the proper bank account numbers and payer information.
83
Televised infomercial
Certain infomercials feature enthusiastic hosts and highlights of satisfied customers testimony extolling the benefits of get-rich-quick methods such as Internet auctioneering, real estate investment and marketing, for-profit toll phone business, classified advertising and unique products of questionable value requiring active marketing by the paying customers. Infomercials which fall under the aforementioned descriptions are highly likely to be scams devised and engineered to bamboozle the unsuspecting viewers for the express purpose of enriching the scheme inventors who produced the infomercials which often grossly exaggerate their claims, in conjunction with the clips of satisfied customers' over-excited testimonies with the superimposed captions of the alleged profits made. Don Lapre, creator of "Money Making Secrets", "The Ultimate Road to Success", "The Greatest Vitamin in the World" and other schemes, was reported by Internet customer watchdog organizations Ripoff Report, Better Business Bureau and Quackwatch, plus alternative newspaper publications such as Phoenix New Times as one of the premier confidence artists whose characteristic traits of overly positive attitude and over-enthusiastically cheerful and charismatic personality depend on the gullibility of the infomercial viewers to purchase the essentially useless products to gain substantial sums of profit by deception.
Wire game
The wire or delayed-wire game, as depicted in the movie The Sting, trades on the promise of insider knowledge to beat a gamble, stock trade or other monetary action. In the wire game, a "mob" composed of dozens of grifters simulates a "wire store", i.e., a place where results from horse races are received by telegram and posted on a large board, while also being read aloud by an announcer. The griftee is given secret foreknowledge of the race results minutes before the race is broadcast, and is therefore able to place a sure bet at the wire store. In reality, of course, the con artists who set up the wire store are the providers of the inside information, and the mark eventually is led to place a large bet, thinking it to be a sure win. At this point, some mistake is made, which actually makes the bet a loss. The grifters in The Sting use miscommunication about the race results to simulate a big mistake, and the bet is lost.[2]
Persuasion tricks
Persuasion fraud, when fraudsters persuade people only to target their money, is an old-fashioned type of fraud.
Missionary conspiracy
A missionary conspiracy is a scam that involves illegitimate missionaries who are part of a cult that converts an entire community to quasi-religious beliefs. This usually involves an authority figure like Jim Jones who then uses his authority to abuse followers or to use them for gain. Usually these communities are rural, isolated, and have no money, instead they are used for manual labor, in particular on plantations and manufacturing. This is referred to as a "conspiracy" because of the difficulty to prove and the scale of the scam. These faux missionaries tend to be the representative of these communities to and from the outside world which includes the handling of money. In addition, community members either revere the missionaries as people of their new deity or refuse to admit they had
List of confidence tricks fallen victim to the scam. This scam is particularly attributed to cults with strong authority figures and has taken place in Asia, Africa, Central and South America.
84
Romance scam
The traditional romance scam has now moved into internet dating sites. The con actively cultivates a romantic relationship which often involves promises of marriage. However, after some time it becomes evident that this Internet "sweetheart" is stuck in his home country, lacking the money to leave the country and thus unable to be united with the mark. The scam then becomes an advance-fee fraud or a check fraud. A wide variety of reasons can be offered for the trickster's lack of cash, but rather than just borrow the money from the victim (advance fee fraud), the con man normally declares that they have checks which the victim can cash on their behalf and remit the money via a non-reversible transfer service to help facilitate the trip (check fraud). Of course, the checks are forged or stolen and the con man never makes the trip: the hapless victim ends up with a large debt and an aching heart. This scam can be seen in the movie Nights of Cabiria.
Coin collecting
The coin collecting scam is a scam preying on inexperienced collectors. The conman convinces the mark by stating that a high-priced collection is for sale at a lower amount. The coin collector then buys the entire collection, believing it is valuable.
Pig-in-a-poke
Pig-in-a-poke originated in the late Middle Ages. The con entails a sale of a (suckling) "pig" in a "poke" (bag). The bag ostensibly contains a live healthy little pig, but actually contains a cat (not particularly prized as a source of meat). If one buys the bag without looking inside it, the person has bought something of less value than was assumed, and has learned firsthand the lesson caveat emptor. "Buying a pig in a poke" has become a colloquial expression in many European languages, including English, for when someone buys something without examining it beforehand. In Poland, Denmark, France, Belgium, Latvia, Israel and Germany, the "pig" in the phrase is replaced by "cat", referring to the bag's actual content, but the saying is otherwise identical. This is also said to be where the
List of confidence tricks phrase "letting the cat out of the bag" comes from, although there may be other explanations.
85
Thai gem
The Thai gem scam involves layers of con men and helpers who tell a tourist in Bangkok of an opportunity to earn money by buying duty-free jewelry and having it shipped back to the tourist's home country. The mark is driven around the city in a tuk-tuk operated by one of the con men, who ensures that the mark meets one helper after another, until the mark is persuaded to buy the jewelry from a store also operated by the swindlers. The gems are real but significantly overpriced. This scam has been operating for 20 years in Bangkok, and is said to be protected by Thai police and politicians. A similar scam usually runs in parallel for custom-made suits. Many tourists are hit by conmen touting both goods. People shopping for pirated software, illegal pornographic images, bootleg music, drugs, firearms or other forbidden or controlled goods may be legally hindered from reporting swindles to the police. An example is the "big screen TV in back of the truck": the TV is touted as "hot" (stolen), so it will be sold for a very low price. The TV is in fact defective or broken; it may, in fact, not even be a television at all, since some scammers have discovered that a suitably decorated oven door will suffice.[9] The buyer has no legal recourse without admitting to attempted purchase of stolen goods. This con is also known as "The Murphy Game".
Clip joint
A clip joint or fleshpot is an establishment, usually a strip club or entertainment bar, typically one claiming to offer adult entertainment or bottle service, in which customers are tricked into paying money and receive poor, or no, goods or services in return. Typically, clip joints suggest the possibility of sex, charge excessively high prices for watered-down drinks, then eject customers when they become unwilling or unable to spend more money. The product or service may be illicit, offering the victim no recourse through official or legal channels.
86
Hydrophobia lie
The hydrophobia lie was popular in the 1920s, in which the con man pretended to have been bitten by the mark's allegedly rabid dog, hydrophobia being an alternative term for rabies.
Insurance fraud
Insurance fraud includes a wide variety of schemes which attempt insureds to defraud their own insurance carriers, but when the victim is a private individual, the con artist tricks the mark into damaging, for example, the con artist's car, or injuring the con artist, in a manner that the con artist can later exaggerate. One relatively common scheme involves two cars, one for the con artist, and the other for the shill. The con artist will pull in front of the victim, and the shill will pull in front of the con artist before slowing down. The con artist will then slam on his brakes to "avoid" the shill, causing the victim to rear-end the con artist. The shill will accelerate away, leaving the scene. The con artist will then claim various exaggerated injuries in an attempt to collect from the victim's insurance carrier despite having intentionally caused the accident. Insurance carriers, who must spend money to fight even those claims they believe are fraudulent, frequently pay out thousands of dollarsa tiny amount to the carrier despite being a significant amount to an individualto settle these claims instead of going to court.[11] A variation of this scam occurs in countries where insurance premiums are generally tied to a Bonus-Malus rating: the con artist will offer to avoid an insurance claim, settling instead for a cash compensation. Thus, the con artist is able to evade a professional damage assessment, and get an untraceable payment in exchange for sparing the mark the expenses of a lowered merit class. The con can take up an insurance policy while traveling then claim theft when no wrong doing has occurred. The con will approach the police and create a false statement to fulfill the requirements of the insurance policy.
Melon drop
The melon drop is a scam in which the scammer will intentionally bump into the mark and drop a package containing (already broken) glass. He will blame the damage on the clumsiness of the mark, and demand money in compensation. This con arose when artists discovered that the Japanese paid large sums of money for watermelons. The scammer would go to a supermarket to buy a cheap watermelon, then bump into a Japanese tourist and set a high price.
Gambling tricks
Barred winner
Visitors to Las Vegas or other gambling towns often encounter the barred winner scam, a form of advance fee fraud performed in person. The artist will approach his mark outside a casino with a stack or bag of high-value casino chips and say that he just won big, but the casino accused him of cheating and threw him out without letting him redeem the chips. The artist asks the mark to go in and cash the chips for him. The artist will often offer a percentage of the winnings to the mark for his trouble. But, when the mark agrees, the artist feigns suspicion and asks the mark to put up something of value "for insurance". The mark agrees, hands over jewelry, a credit card or their wallet, then
List of confidence tricks goes in to cash the chips. When the mark arrives at the cashier, they are informed the chips are fake. The artist, by this time, is long gone with the mark's valuables.
87
Fake reward
The fake reward scam involves getting the mark to believe he has won some prizes after being randomly chosen. He is then required to get to a specific location to 'collect his prizes'. Once there, he is told that he only has to sign some papers to receive the rewards. These papers can range from agreeing to financial fraud or signing up for memberships.
Fiddle game
The fiddle game uses the pigeon drop technique. A pair of con men work together, one going into an expensive restaurant in shabby clothes, eating, and claiming to have left his wallet at home, which is nearby. As collateral, the con man leaves his only worldly possession, the violin that provides his livelihood. After he leaves, the second con man swoops in, offers an outrageously large amount (for example $50,000) for such a rare instrument, then looks at his watch and runs off to an appointment, leaving his card for the mark to call him when the fiddle-owner returns. The mark's greed comes into play when the "poor man" comes back, having gotten the money to pay for his meal and redeem his violin. The mark, thinking he has an offer on the table, then buys the violin from the fiddle player who "reluctantly" agrees to sell it for a certain amount that still allows the mark to make a "profit" from the valuable violin. The result is the two conmen are richer (less the cost of the violin), and the mark is left with a cheap instrument. This trick is also detailed in the Neil Gaiman novel American Gods and is the basis for The Streets' song "Can't Con an Honest John". It was also shown in an episode of Steptoe and Son in which Harold has a commode which he has purchased on his rounds (from a house wife). A passing antiques dealer sees the item and offers a large amount of money, but will return the next day. In the meantime the husband of the woman from whom Harold bought the commode demands that Harold sells it back to him; instead Harold offers the man an amount of money to keep the commode, believing that he can sell it to the dealer later that day. In an episode of Hustle the fiddle game is acted out, using a dog instead of a fiddle. In the 1981 Only fools and horses episode "Cash and Curry", the main character, Delboy, is tricked into paying 2000 for a statue worth 17, believing it to be worth 4000.[12]
Football picks
In the football picks scam the scammer sends out tip sheet stating a game will go one way to 100 potential victims and the other way to another 100. The next week, the 100 or so who received the correct answer are divided into two groups and fed another pick. This is repeated until a small population have (apparently) received a series of supernaturally perfect picks, then the final pick is offered for sale. Despite being well-known (it was even described completely on an episode of The Simpsons and used by Derren Brown in "The System"), this scam is run almost continuously in different forms by different operators. In Rex Stout's Novel And Be a Villain (1948) this horse race prediction scheme is described by Nero Wolfe as a sure way to make money if one was so inclined to commit a crime. The sports picks can also be replaced with securities, or any other random process, in an alternative form. This scam has also been called the inverted pyramid scheme, because of the steadily decreasing population of victims at each stage.
Glim-dropper
The glim-dropper scam requires several accomplices, one of whom must be a one-eyed man. One grifter goes into a store and pretends he has lost his glass eye. Everyone looks around, but the eye cannot be found. He declares that he will pay a thousand-dollar reward for the return of his eye, leaving contact information. The next day, an accomplice enters the store and pretends to find the eye. The storekeeper (the intended griftee), thinking of the reward, offers to take it and return it to its owner. The finder insists he will return it himself, and demands the owners address.
List of confidence tricks Thinking he will lose all chance of the reward, the storekeeper offers a hundred dollars for the eye. The finder bargains him up to $250, and departs. The one-eyed man, of course, cannot be found and does not return. (Described in A Cool Million, or, The Dismantling of Lemuel Pitkin (1934) by Nathanael West). Variants of this con have been used in movies such as The Flim-Flam Man, The Traveller (1997), Shade (2003), and Zombieland (2009), and also in books such as American Gods.
88
Three-card Monte
Three-card Monte, "find the queen", the "three-card trick", or "follow the lady", is (except for the props) essentially the same as the centuries-older shell game or thimblerig. The trickster shows three playing cards to the audience, one of which is a queen (the "lady"), then places the cards face-down, shuffles them around and invites the audience to bet on which one is the queen. At first the audience is skeptical, so the shill places a bet and the scammer allows him to win. In one variation of the game, the shill will (apparently surreptitiously) peek at the lady, ensuring that the mark also sees the card. This is sometimes enough to entice the audience to place bets, but the trickster uses sleight of hand to ensure that they always lose, unless the conman decides to let them win, hoping to lure them into betting much more. The mark loses whenever the dealer chooses to make him lose. This con appears in the Eric Garcia novel Matchstick Men and is featured in the movie Edmond. The scam is also central to the Pulitzer prize-winning play "Topdog/Underdog." It also appears in episodes of Newsradio, Everybody Hates Chris, and The Simpsons. A variation on this scam exists in Barcelona, Spain, but with the addition of a pickpocket. The dealer and shill behave in an overtly obvious manner, attracting a larger audience. When the pickpocket succeeds in stealing from a member of the audience, he signals the dealer. The dealer then shouts the word "aguas", and the three split up. "Aguas" is a colloquial that translates into "Watch Out!". The audience is left believing that the police are coming, and that the performance was a failed scam. A variant of this scam exists in Mumbai, India. The shill says loudly to the dealer that his cards are fake and that he wants to see it. He takes the cards and folds a corner and says in a hushed voice to the audience that he has marked the card. He first places the bet and wins. Then he asks the others to place bets as well. When one of the audience bets a large sum of money the cards are switched.
Online scams
Fake antivirus
Computer users unwittingly download & install malware disguised as antivirus software, usually through an ActiveX program, by following the messages which appear on their screen. The software then pretends to find multiple viruses on the victim's computer, "removes" a few, and asks for payment in order to take care of the rest. They are then linked to con artists' websites, professionally designed to make their bogus software appear legitimate, where they must pay a fee to download the "full version" of their "antivirus software".
89
Phishing
A modern scam in which the artist communicates with the mark, masquerading as a representative of an official organization which the mark is doing business with, in order to extract personal information which can then be used, for example, to steal money. In a typical instance of phishing, the artist sends the mark an email pretending to be from a company (such as eBay). This email is formatted exactly like email from that business, and will ask the mark to "verify" some personal information at their website, to which a link is provided. The website itself is also fake but designed to look exactly like the business' website. The site will contain an HTML form asking for personal information such as credit card numbers. The mark will feel compelled to give this information because of words in the email or the site stating that they require the information again, for example to "reactivate your account". When the mark submits the form (not checking the URL), the information is sent to the swindler. Other online scams include advance-fee fraud, bidding fee schemes, click fraud, domain slamming, various spoofing attacks, web-cramming, and online versions of employment scams and romance scams.
Beijing tea
The Beijing tea scam is a famous scam in and around Beijing. The artists (usually female and working in pairs) will approach tourists and try to make friends. After chatting, they will suggest a trip to see a tea ceremony, claiming that they have never been to one before. The tourist is never shown a menu, but assumes that this is how things are done in China. After the ceremony, the bill is presented to the tourist, charging upwards of $100 per head. The artists will then hand over their bills, and the tourists are obliged to follow suit. Similar scams involving restaurants, coffee shops and bars also take place.
Big store
The Big Store is a technique for selling the legitimacy of a scam and typically involves a large team of con artists and elaborate sets. Often a building is rented and furnished as a legitimate and substantial business.[13]
90
Change raising
Change raising is a common short con and involves an offer to change an amount of money with someone, while at the same time taking change or bills back and forth to confuse the person as to how much money is actually being changed. The most common form, "the Short Count", has been featured prominently in several movies about grifting, notably Nueve Reinas, The Grifters, Criminal, and Paper Moon. A con artist shopping at, say a gas station, pays for a cheap item (under a dollar) and gives the clerk a ten dollar bill. The con gets back nine ones and the change then tells the clerk he has a one and will exchange ten ones for a ten. Here's the con: get the clerk to hand over the $10 BEFORE handing over the ones. Then the con hands over nine ones and the $10. The clerk will assume a mistake and offer to swap the ten for a one. Then the con will probably just say, "Here's another one, give me a $20 and we're even". Notice that the con just swapped $10 for $20. The $10 was the store's money, not the con's. To avoid this con, keep each transaction separate and never ever permit the customer to handle the original ten before handing over the ten ones. Another variation is to flash a $20 bill to the clerk, then ask for something behind the counter. When the clerk turns away, the con artist can swap the bill they are holding to a lesser bill. The clerk might then make change for the larger bill, without noticing it has been swapped. The technique works better when bills are the same colour at a glance like, for instance, U.S. dollar bills.
Fake raffle
The con artist sells tickets for a non-existent raffle, often either door-to-door or at a stall in a densely populated commercial space (i.e. a large shopping mall), to dozens of individual marks, making a sizeable profit in the process. Because the marks never expected to win the raffle, they generally never realise they've been stung; and may not even think about it at all afterwards, because they only parted with a small amount of money (several dollars, for example).
False charity
A con artist will go door-to-door saying that the mark's donation will help build better playgrounds, help starving children etc; thus the mark will pay the con artist. Sometimes the con artist will even print out fake papers explaining the good that they will be doing.
Gas can
The gas can scam happens on the street or in a parking lot, usually near a big-box store or mall. The con artist is well-dressed, and carrying a gas can. A story is given, usually involving a wife or teenage offspring waiting in the car (or occasionally, teenage offspring home alone) and then a request for ten to twenty bucks for gas. Often, the con artist will ask for your address to "return" your money. A variation of this scam has the con artist claiming that his car was towed, and he needs money to retrieve it from the towing company.
List of confidence tricks In a gas-can-free variation of this scam, the artist claims that his or her car ran out of gas, and he or she asks for gas money. A purportedly out-of-gas car might or might not be present.
91
Landlord
The landlord scam advertises an apartment for rent at an attractive price. The con artist, usually someone who is house-sitting or has a short-term sublet at the unit, takes a deposit and first/last month's rent from every person who views the suite. When move-in day arrives, the con artist is of course gone, and the apartment belongs to none of the angry people carrying boxes.
Paranoia
The paranoia scam is a scam involving the conman telling the mark various lies about different scams and instigating false attempts so that the mark, by now feeling worried and with no place to hide their money from fraud, turns to the conman (of all people) for help. Used in an episode of Monk.
Pigeon drop
The pigeon drop, also featured early in the film The Sting, involves the mark or pigeon assisting an elderly, weak or infirm stranger to keep their money safe for them. In the process, the stranger (actually a confidence trickster) puts their money with the mark's money (in an envelope, briefcase or sack) which the mark is then entrusted with. The money is actually not put into the sack or envelope, but is switched for a bag full of newspaper (etc). The mark is enticed to make off with the con artist's money through the greed element and various theatrics, but in actuality, the mark is fleeing from their own money, which the con artist still has (or has handed off to an accomplice). In LOST this was Sawyer's preferred way of conning people out of money.
Psychic surgery
Psychic surgery is a con game in which the trickster uses sleight of hand to apparently remove malignant growths from the mark's body. A common form of medical fraud in underdeveloped countries, it imperils victims who may fail to seek competent medical attention. The movie Man on the Moon depicts comedian Andy Kaufman undergoing psychic surgery, and it can also be seen in an episode of Jonathan Creek as well as an episode of Lost in which the character Rose travels to Australia in a last ditch effort to cure her cancer.
92
Rainmaker
The con artist (a "rainmaker") convinces the mark to pay them to make something happen. If it happens, then the mark is convinced it is because they paid the rainmaker; if not, the rainmaker can say they need more money to do it. A major story arc in the third season of The Wire is Senator Clay Davis' shakedown of the Barksdale Organization. There is also an example of this in the Quantum Leap episode "A Single Drop of Rain" from Season 4.
Real estate
The real estate scam may vary according to the type of real estate, but the common goal is that the con artist tricks the seller into thinking that they are going to buy or rent the property and make monthly payments. In reality, the con artist has no intention of paying anything. This will usually continue until they are caught or evicted, but the catch here is this is hard to prove in a criminal court; the only legal recourse the seller has is to file a lawsuit against the person responsible. However, the con artist will usually scam the seller for an amount below the cost of its recovery through litigation.
Recovery room
A recovery room scam is a form of advance-fee fraud where the scammer (sometimes posing as a law enforcement officer or attorney) calls investors who have been sold worthless shares (for example in a boiler-room scam), and offers to buy them, to allow the investors to recover their investments.[16] The scam involves requiring an advance fee before the payment can take place, for example a "court fee".[17]
Rip deal
The Rip Deal is a swindle very popular in Europe and is essentially a pigeon drop confidence trick. In a typical variation scammers will target, say, a jeweler, and offer to buy some substantial amount of his wares at a large markup provided he perform some type of under-the-table cash deal, originally exchanging Swiss francs for euros. This exchange goes through flawlessly, at considerable profit for the mark. Some time later the scammers approach the mark with a similar proposition, but for a larger amount of money (and thus a larger return for the mark). His confidence and greed inspired by the previous deal, the merchant agreesonly to have his money and goods taken, by sleight-of-hand or violence, at the point of exchange. This scam was depicted in the movie Matchstick Men. The same term is used to describe a crime where a vendor (especially a drug dealer) is killed to avoid paying for goods.[18]
Robbed traveler
The robbed traveler scam usually takes place at airports and train stations. A person smartly dressed in suit and tie appears in distress and looks around bewildered, making sure the mark has noticed them. Then they approach and tell the story that their wallet or jacket has been stolen with all their money. They then appeal for help and ask if they can borrow a small amount of money for a taxi to their friend's house or a hotel where they're booked in, promising to pay it back as soon as they get access to their money. Experts at this game may even trick their mark into giving them the money (as opposed to merely lending it) in the belief that they are helping an upstanding member of society in genuine distress.
93
Street mechanic
The con artist approaches the mark's car and says something is wrong with it - usually something the mark cannot immediately see - the bumper is turning into the wheel, for example. The con artist tells the mark that it is a very expensive fix, but that they are a mechanic and will fix it. Really, the con artist is creating an illusion, perhaps by sitting on the bumper. They "fix" the problem in minutes. They may ask for only a ride at first, but then pretend to call their boss and pretend that they are late for work and their boss is angry, and tell the mark they have lost a customer. The mark is made to feel guilty and grateful, and believe that they have been helped by a kind mechanic who has charged less than the normal hourly rate (albeit plus a hefty tip) to replace the customer they lost. This scam has been found in the streets of downtown Baltimore.
Subway attendant
An individual dressed to resemble a subway attendant stands near a subway ticket machine at a downtown stop. The individual approaches people who appear to be out-of-towners headed back to the airport, and asks if they need directions, how their stay was, etc. They offer to sell a ticket to the airport directly from a handful they are carrying; however, these are merely used-up tickets collected from the trash. This has been seen on MARTA in Atlanta. The scammer is imitating legitimate attendants at the airport who show travelers how to use the vending machines but don't accept cash or give you tickets themselves.
Tow-truck scam
Similar to the gas can scam, the scammer will explain that his or her car broke down and that he needs money for the tow truck. The scammer might flash a wad of cash and ask the mark for "just a few dollars more" to have his car towed.
Undercover cop
The undercover cop scam is a scam where a con artist masquerades as an undercover police officer, usually by stopping the mark's vehicle and showing a fake badge, and tells the mark about a case they are investigating, and that the mark is a suspect. The conman asks for money to be checked, and when the mark is out of the vehicle, the con artist gets into the mark's car and drives away, having made sure there was more time to escape than it would take for the mark to get back to their vehicle. This scam is usually done to tourists, variations include their whole luggage being transferred to the conman's trunk "to be checked at a police station", or a fake immigration agent, asking for papers and then for money to clear up the problem.
94
References
[1] Dan Plazak A Hole in the Ground with a Liar at the Top (Salt Lake: Univ. of Utah Press, 2006) ISBN 978-0-87480-840-7. [2] The Sting. Motion picture. Written by David S. Ward. 1973. Script: http:/ / www. imsdb. com/ scripts/ Sting,-The. html [3] W. W. Zellner, William M. Kephart, Extraordinary groups: an examination of unconventional lifestyles (Macmillan, 2000; ISBN 1-57259-953-7), pp. 121-122 (http:/ / books. google. com/ books?id=izrSSWrKu8cC& pg=PA121& lpg=PA121& dq=bujo+ gypsy+ scam& source=bl& ots=oktYov9_dK& sig=psavI5uf3jd-pQZnvWudOs2R7dA& hl=en& ei=Ci7jTNT1O8ainQeM6IDoDg& sa=X& oi=book_result& ct=result& resnum=3& ved=0CCEQ6AEwAg#v=onepage& q& f=false) [4] Spiritual Psychic Science Church v. City of Azusa (1985) 39 Cal.3d 501 , 217 Cal.Rptr. 225; 703 P.2d 1119 [5] "Heir to schlumberger OILfield services fortune fleeced of at least six million dollars" (http:/ / www. westchesterda. net/ pressreleases/ 001108mkarraign. htm). Press Release. Westchester County District Attorney. 11-08-2010. . Retrieved 10 November 2010. [6] EL-GHOBASHY, TAMER (November 9, 2010.). "Virus Leads to $20 Million Scam - WSJ.com" (http:/ / online. wsj. com/ article/ SB10001424052748703957804575602993406810012. html). The Wall Street Journal. . Retrieved 10 November 2010. [7] Fernandez, Manny (9 November 2010). "Man Held in Defrauding Roger Davidson, Musician" (http:/ / www. nytimes. com/ 2010/ 11/ 09/ nyregion/ 09fraud. html?partner=rss& emc=rss). The New York Times. . Retrieved 10 November 2010. [8] Zetter, Kim (November 9, 2010). "Computer Virus Leads to $20 Million Scam Targeting Pianist Composer" (http:/ / www. wired. com/ threatlevel/ 2010/ 11/ pianist-composer-bilked). Wired News. . Retrieved 10 November 2010. [9] Danny Allen (August 14, 2009). "Cops Bust Guy Selling Oven Door Disguised as HDTV" (http:/ / m. gizmodo. com/ 5337290/ cops-bust-guy-selling-oven-door-disguised-as-hdtv). gizmodo.com. . Retrieved 2011-02-14. [10] "Jail for Wendy's Finger Scam Couple" (http:/ / www. cbsnews. com/ stories/ 2006/ 01/ 18/ national/ main1218315. shtml). CBS News. 18 January 2006. . Retrieved 14 August 2009. [11] "What factors impact auto insurance rates?" (http:/ / www. ifaauto. com/ faq/ rate. asp). . Retrieved 25 August 2010. [12] Cash and Curry, episode synopsis, www.bbc.co.uk, accessed 1 August 2010 (http:/ / www. bbc. co. uk/ comedy/ onlyfools/ series1/ cashandcurry. shtml) [13] Maurer, David W. (1940). The Big Con: The Story of the Confidence Man and the Confidence Game. Bobbs Merrill. ISBN0-7869-1850-8 [14] Do We Use Only 10% of Our Brain? online (http:/ / faculty. washington. edu/ chudler/ tenper. html) [15] Snopes: The Ten-Percent Myth online (http:/ / www. snopes. com/ science/ stats/ 10percnt. htm) [16] Wang, Wallace (2006). Steal This Computer Book 4.0 : What They Won't Tell You About the Internet. San Francisco: No Starch Press. ISBN1-59327-105-0. [17] Weinberg, Michael C. (2008). Careers in Crime: An Applicant's Guide. Kansas City, MO: Andrews McMeel Publishing. ISBN0-7407-5708-3. [18] Florence Bruce; Hagell, Ann; Renuka Yeyarajah-dent (2006). Children Who Commit Acts of Serious Interpersonal Violence: Messages for Best Practice. London: Jessica Kingsley Publishers. ISBN1-84310-384-2.
Advance-fee fraud
95
Advance-fee fraud
An advance-fee fraud is a confidence trick in which the target is persuaded to advance sums of money in the hope of realizing a significantly larger gain.[1] Among the variations on this type of scam are the Nigerian Letter (also called the 419 fraud, Nigerian scam, Nigerian bank scam, or Nigerian money offer[2] ), the Spanish Prisoner, the black money scam as well as Russian/Ukrainian scam (also widespread, though far less popular than the former). The so-called Russian and Nigerian scams stand for wholly dissimilar organized-crime traditions; they therefore tend to use altogether different breeds of approaches. Although similar to older scams such as the Spanish Prisoner, the modern 419 scam originated in the early 1980s as the oil-based Nigerian economy declined. Several unemployed university students first used this scam as a means of manipulating business visitors interested in shady deals in the Nigerian oil sector before targeting businessmen in the west, and later the wider population. Scammers in the early-to-mid 1990s targeted companies, sending scam messages via letter,[3] fax, or Telex.[4] The spread of e-mail and easy access to e-mail-harvesting software significantly lowered the cost of sending scam letters by using the Internet. In the 2000s, the 419 scam has spurred imitations from other locations in Africa, Philippines, Malaysia, Russia, Australia, Canada, United Kingdom, and the United States. In particular advanced fee fraud in the United States primarily originates from the cities of Buffalo and Detroit. The number "419" refers to the article of the Nigerian Criminal Code (part of Chapter 38: "Obtaining Property by false pretences; Cheating") dealing with fraud.[5] The American Dialect Society has traced the term "419 fraud" back to 1992.[6] The advance-fee fraud is similar to a much older scam known as the Spanish Prisoner scam[7] in which the trickster tells the victim that a rich prisoner promised to share treasure with the victim in exchange for money to bribe prison guards. An older version of this scam existed by the end of 18th century, and is called "the Letter From Jerusalem" by Eugne Franois Vidocq, in his memoirs.[8] Insa Nolte, a lecturer of University of Birmingham's African Studies Department, stated that "The availability of e-mail helped to transform a local form of fraud into one of Nigeria's most important export industries."[9] Embassies and other organizations warn visitors to various countries about 419. Countries in West Africa with warnings cited include Nigeria,[7] [10] Ghana,[11] [12] Benin,[13] Cte d'Ivoire (Ivory Coast),[14] Togo,[15] [16] Senegal[17] and Burkina Faso.[18] Countries outside West Africa with 419 warnings cited include South Africa,[16] [19] Spain,[19] and the Netherlands.[20]
Implementation
This scam usually begins with a letter or e-mail[7] purportedly sent to a selected recipient but actually sent to many, making an offer that would result in a large payoff for the victim. The e-mail's subject line often says something like "From the desk of Barrister. [Name]", "Your assistance is needed", and so on. The details vary, but the usual story is that a person, often a government or bank employee, knows of a large amount of unclaimed money or gold which he cannot access directly, usually because he has no right to it. Such people, who may be real but impersonated people or fictitious characters played by the con artist, could include the wife or son of a deposed African or Indonesian leader or dictator who has amassed a stolen fortune, or a bank employee who knows of a terminally ill wealthy person with no relatives or a wealthy foreigner who deposited money in the bank just before dying in a plane crash (leaving no will or known next of kin),[21] a US soldier who has stumbled upon a hidden cache of gold in Iraq, a business being audited by the government, a disgruntled worker or corrupt government official who has embezzled funds, a refugee,[22] and similar characters. The money could be in the form of gold bullion, gold dust, money in a bank account, blood diamonds, a series of checks or bank drafts, and so forth. The sums involved are usually in the millions of dollars, and the investor is promised a large share, typically ten to forty percent, if they assist the scam
Advance-fee fraud character in retrieving the money. Whilst the vast majority of recipients do not respond to these e-mails, a very small percentage do, enough to make the fraud worthwhile as many millions of messages can be sent. Invariably sums of money which are substantial, but very much smaller than the promised profits, are said to be required in advance for bribes, fees, etc.this is the money being stolen from the victim, who thinks he or she is investing to make a huge profit. Many operations are professionally organized in Nigeria, with offices, working fax numbers, and often contacts at government offices. The victim who attempts to research the background of the offer often finds that all pieces fit together. Such scammers can often lure wealthy investors, investment groups, or other business entities into scams resulting in multi-million dollar losses. However, many scammers are part of less organized gangs or are operating independently; such scammers have reduced access to the above connections and thus have little success with wealthier investors or business entities attempting to research them, but are still convincing to middle-class individuals and small businesses, and can bilk hundreds of thousands of dollars from such victims. If the victim agrees to the deal, the other side often sends one or more false documents bearing official government stamps, and seals. 419 scammers often mention false addresses and use photographs taken from the Internet or from magazines to falsely represent themselves. Often a photograph used by a scammer is not of any person involved in the scheme. Multiple "people" involved in schemes are fictitious; the author of the "West African Advance Fee Scams" article posted on the website of the Embassy of the United States in Abidjan, Cte d'Ivoire believes that in many cases one person controls many fictitious personas used in scams.[14] A scammer introduces a delay or monetary hurdle that prevents the deal from occurring as planned, such as "To transmit the money, we need to bribe a bank official. Could you help us with a loan?" or "For you to be a party to the transaction, you must have holdings at a Nigerian bank of $100,000 or more" or similar. More delays and more additional costs are added, always keeping the promise of an imminent large transfer alive, convincing the victim that the money they are currently paying is covered several times over by the payoff. Sometimes psychological pressure is added by claiming that the Nigerian side, to pay certain fees, had to sell belongings and borrow money on their house, or by pointing out the different salary scale and living conditions in Africa, compared to the West. Much of the time, however, the needed psychological pressure is self-applied; once the victims have put money in toward the payoff, they feel they have a vested interest in seeing the "deal" through. Some victims believe that they can cheat the con artist.[14] This idea is often encouraged by the fraudsters who write in a clumsy and uneducated style which presents them as naive and easily cheated by a sophisticated Westerner. The essential fact in all advance-fee fraud operations is that the promised money transfer never happens because the money or gold does not exist. The perpetrators rely on the fact that, by the time the victim realizes this (often only after being confronted by a third party who has noticed the transactions or conversation and recognized the scam), the victim may have sent thousands of dollars of their own money, and sometimes thousands or millions more that has been borrowed or stolen, to the scammer via an untraceable and/or irreversible means such as wire transfer.[14] In extreme cases the victim may not realize that he or she has been defrauded. A version of the scam is for the thief to claim to have contacts to facilitate legitimate business loans; the victim here is not persuaded that he is doing anything illegal. The fraudster meets the victim, and must be able to act the part of a well-connected and experienced loan broker. He asks for payment in advance, which is normal for large loans. Then the loan gradually falls through in a plausible way, and the victim may end up being defrauded of tens of thousands of dollars or pounds, thinking only that the deal simply failed. These frauds may go unreported, either because the victim does not realize he has been cheated, or due to reluctance to admit the facts. Because of "non-disclosure clauses" which may have been included in the fraudulent contract, reporting of the scam may be delayed until the victim becomes certain he has been cheated. The spam e-mails perpetrating these scams are often sent from Internet cafs equipped with satellite Internet. Recipient addresses and e-mail content are copied and pasted into a webmail interface using a standalone storage medium, such as a memory card. Many areas of Lagos, such as Festac, contain many cyber cafs that serve
96
Advance-fee fraud scammers; many cyber cafs seal their doors during afterhours, such as from 10:30 PM to 7:00 AM, so that scammers inside may work without fear of discovery.[23] Nigeria also contains many businesses that provide false documents used in scams; after a scam involving a forged signature of Nigerian President Olusegun Obasanjo in summer 2005, Nigerian authorities raided a market in the Oluwole section of Lagos. The police seized thousands of Nigerian and non-Nigerian passports, 10,000 blank British Airways boarding passes, 10,000 United States money orders, customs documents, false university certificates, 500 printing plates, and 500 computers.[23] During the courses of many schemes, scammers ask victims to supply bank account information. Usually this is a "test" devised by the scammer to gauge the victim's gullibility.[20] Scammers often request that payments be made using a wire transfer service like Western Union and Moneygram. The reason given by the scammer usually relates to the speed at which the payment can be received and processed, allowing quick release of the supposed payoff. The real reason is that wire transfers and similar methods of payment are irreversible, untraceable and, because identification beyond knowledge of the details of the transaction is often not required, completely anonymous.[14] Telephone numbers used by scammers tend to come from mobile phones. In Cte d'Ivoire (Ivory Coast) a scammer may purchase an inexpensive mobile phone and a pre-paid SIM card without submitting subscriber information. If the scammers believed they are being traced, they discard their mobile phones and purchase new ones.[14] In Benin, Nigerians operate scams with Beninese cooperating in the schemes.[13] Some crime syndicates employ fraudsters in the United States who conclude "deals" or threaten victims who try to leave deals.[24] [25]
97
Common elements
Fake cheques
Fraudulent cheques and money orders are key elements in many advance-fee scams, such as auction/classified listing overpayment, lottery scams, inheritance scams, etc., and can be used in almost any scam when a "payment" to the victim is required to gain, regain or further solidify the victim's trust and confidence in the validity of the scheme.[26] The use of cheques in a scam hinges on a US law (and common practice in other countries) concerning cheques: when an account holder presents a cheque for deposit or to cash, the bank must (or in other countries, usually) make the funds available to the account holder within 15 business days, regardless of how long it actually takes for the cheque to clear and funds to be transferred from the issuing bank.[27] The cheques clearing process normally takes 710 days and can in fact take up to a month when dealing with foreign banks. The time between the funds appearing as available to the account holder and the cheque clearing is known as the "float", during which time the bank could technically be said to have floated a loan to the account holder to be covered with the funds from the bank clearing the cheque. The cheque given to the victim is typically counterfeit but drawn on a real account with real funds in it. With a piece of software like QuickBooks and/or pre-printed blank cheque stock, using the correct banking information, the scammer can easily print a cheque that is absolutely genuine-looking, passes all counterfeit tests, and may even clear the paying account if the account information is accurate and the funds are available. However, whether it clears or not, it eventually becomes apparent either to the bank or the account holder that the cheque is a forgery. This can be as little as three days after the funds are available if the bank supposedly covering the cheque discovers the cheque information is invalid, or it could take months for a business or individual to notice the fraudulent draft on their account. It has been suggested that in some cases the cheque is genuine however the fraudster has a friend (or bribes an official) at the paying bank to claim it is a fake weeks or even months later when the physical cheque arrives back at the paying bank.
Advance-fee fraud Regardless of the amount of time involved, once the cashing bank is alerted that the cheque is fraudulent, the transaction is reversed and the money removed from the victim's account. In many cases, this puts victims in debt to their banks as the victim has usually sent a large portion of the cheque by some non-reversible 'wire transfer' means (typically Western Union) to the scammer and, since more uncollected funds have been sent than funds otherwise present in the victim's account, an overdraft results.
98
Anonymous communication
Since the scammer's operations must be untraceable to avoid identification, and because the scammer is often impersonating someone else, any communication between the scammer and his victim must be done through channels that hide the scammer's true identity. The following options in particular are widely used. Web-based e-mail Because many free e-mail services do not require valid identifying information, and also allow communication with many victims in a short span of time, they are the preferred method of communication for scammers. Some services go so far as to mask the sender's source IP address, making the scammer completely untraceable even to country of origin. Scammers can create as many accounts as they wish and often have several at a time. In addition, if e-mail providers are alerted to the scammer's activities and suspend the account, it is a trivial matter for the scammer to simply create a new account to resume scamming.
Advance-fee fraud E-mail hijacking/friend scams Some fraudsters hijack existing e-mail accounts and use them for advance-fee fraud purposes. The fraudsters e-mail associates, friends, and/or family members of the legitimate account owner in an attempt to defraud them.[29] This ruse generally requires the use of phishing or keylogger computer viruses to gain login information for the e-mail address. Fax transmissions Facsimile machines are commonly used tools of business, whenever a client requires a hard copy of a document. They can also be simulated using web services, and made untraceable by the use of prepaid phones connected to mobile fax machines or by use of a public fax machine such as one [28] Screenshot of Firefox 2.0.0.1 phishing suspicious site owned by a document processing business like FedEx warning Office/Kinko's. Thus, scammers posing as business entities often use fax transmissions as an anonymous form of communication. This is more expensive, as the prepaid phone and fax equipment cost more than e-mail, but to a skeptical victim it can be more believable. SMS messages Abusing SMS bulk senders such as WASPS, scammers subscribe to these services using fraudulent registration details and paying either via cash or stolen credit card details. They then send out masses of unsolicited SMS'es to victims stating they have won a competition or like event and they have to contact somebody to claim their prize. Typically the details of the party to be contacted will be an equally untraceable email address or a virtual telephone number. These messages may be sent over a weekend when abuse staff at the service providers are not working, enabling the scammer to be able to abuse the services for a whole weekend. Telecommunications relay services Many scams use telephone calls to convince the victim that the person on the other end of the deal is a real, truthful person. The scammer, possibly impersonating a US citizen or other person of a nationality, or gender, other than their own, would arouse suspicion by telephoning the victim. In these cases, scammers use TRS, a US federally-funded relay service where an operator or a text/speech translation program acts as an intermediary between someone using an ordinary telephone and a deaf caller using TDD or other TeleType device. The scammer may claim they are deaf, and that they must use a relay service. The victim, possibly drawn in by sympathy for a disabled caller, might be more susceptible to the fraud. FCC regulations and confidentiality laws require that operators relay calls verbatim, and that they adhere to a strict code of confidentiality and ethics. Thus, no relay operator may judge the legality and/or legitimacy of a relay call, and must relay it without interference. This means the relay operator may not warn victims, even when they suspect the call is a scam. MCI said that about one percent of their IP Relay calls in 2004 were scams.[30] Tracking phone-based relay services is relatively easy, so scammers tend to prefer Internet Protocol-based relay services such as IP Relay. In a common strategy, they bind their overseas IP address to a router or server located on US soil, allowing them to use US-based relay service providers without interference. TRS is sometimes used to relay credit card information to make a fraudulent purchase with a stolen credit card. In many cases however, it is simply a means for the con artist to further lure the victim into the scam.
99
Advance-fee fraud
100
Fake websites
Though 419 scams are often perpetrated by e-mail alone, some scammers enhance believability of their offer by using a sham website. They create these sites to impersonate real commercial sites, such as eBay, PayPal, or a banking site like Bank of America or The Natwest Bank for phishing. Others represent fictional companies or institutions to give the scam credibility. Though phishing is a secondary interest of most scam operations, as the object of the scammer is to deceive the victim into sending the money through legitimate means, the use of websites for advance-fee fraud is common. For instance, a scammer may create a website for a fictional bank, then give the victim details to login to the site, where the victim sees the money the scammer has promised sitting in the account. The victim believes the scammer and sends the requested advance payments. Fake (or hijacked) websites are the centerpiece of false online storefront scams. Another twist on scamming is where links are provided to real news sites covering events the scammer says are relevant to the transaction they propose. For instance, a scammer may use news of the death of a prominent government official as a backstory for a scam involving getting millions of dollars of the slain official's money out of the country. These are real websites covering legitimate news, but the scammer is usually not connected in any way with the events reported, and is simply using the story to gain the victim's sympathy.
Followup scamming
Scammers recognise that their victim who has just been scammed is more likely to fall for scamming attempts than a random person. Often after a scam, the victim is contacted again by the scammer, representing himself as a law enforcement officer. The victim is informed that a group of criminals has been arrested and that they have recovered his money. To get the money back, the victim must pay a fee for processing or insurance purposes. Even after the victim has realised that he has been scammed, this follow up scam can be successful as the scammer represents himself as a totally different party yet knows details about the transactions. The realization that he has lost a large sum of money and the chance he might get it back often leads to the victim transferring even more money to the same scammer.
Compensation scamming
The scammer sends a message thanking the victim for helping him start a transaction, and explaining that since they have been able to leave regime-torn Nigeria (with the victim's help), they have been residing and working in the UK and finishing the "transaction" without the victim's help. The scammer informs the victim of their recent inheritance or partnership with a Brazilian businessman, and their desire to compensate them for their "release of some money." In order to claim the money, the victim must contact the scammer's secretary immediately, or else miss out on their share of a multi-million dollar sum.
Advance-fee fraud
101
Variants
There are many variations on the most common stories, and also many variations on the way the scam works. The following are notable deviations from the standard Nigerian Letter scam, but still retain the core elements; the victim is deceived by some disproportionately large gain into sending an advance payment, which once made is irrecoverable.
Check cashing
Some schemes are based solely on conning the victim into cashing a counterfeit check. The scammer contacts the victim to interest them in a "work-at-home" opportunity, or asks them to cash a check or money order that for some reason cannot be redeemed locally. A recently-used cover story is that the perpetrator of the scam wishes the victim to work as a "mystery shopper", evaluating the service provided by MoneyGram or Western Union locations within major retailers such as Wal-Mart.[35] The scammer sends the victim a check or money order, the victim cashes it, sends the cash to the scammer via wire transfer, and the scammer disappears. Later the forgery is discovered and the bank transaction is reversed, leaving the victim liable for the balance. Schemes based solely on check cashing usually offer only a small part of the check's total amount, with the assurance that many more checks will follow; if the victim buys in to the scam and cashes all the checks, the scammer can win big in a very short period of time. Other scams such as overpayment usually result in smaller revenues for the scammer, but have a higher success rate as the scammer's request seems more believable. Some check-cashing scammers use multiple victims at multiple stages of the scam. A victim in the US or other "safe" country such as the UK or Canada (often the country in which the cashing victim resides) is sometimes approached with an offer to fill out checks sent to them by the scammer and mail them to other victims who cash the check and wire the money to the scammer. The check mailer is usually promised a cut of the money from the scammer; this usually never occurs, and in fact the check mailer is often conned into paying for the production and shipping costs of the checks. The check information has either been stolen or fictionalized and the checks forged. The victim mailing the check is usually far easier to track (and prosecute) than the scammer, so when the checks turn up as fraudulent, the one mailing them usually ends up not only facing federal bank fraud and conspiracy charges, but liability for the full amount of the fraudulent checks. Because the check mailer is taking the fall, the scammer is even less likely to be caught, which makes it a popular variation of the scam for scammers in nations with tougher anti-fraud laws.
Advance-fee fraud A variation of the check-cashing scheme involves owners of vacation rentals. The scammer expresses interest in renting the unit for a much higher than normal rate, usually for an upcoming honeymoon, business trip, etc. The scammer also offers to pay all fees "up front," as soon as the unsuspecting unit owner agrees to the windfall rental. Eventually a very official looking money order/cashier's check arrives. About this time the scammer requests that a portion of the rental fee be returned for some compelling reason...wedding called off, death in the family, business failure, etc. Due to the supposed crises, it is requested that most of the rental fee be returned via wire transfer. The unit owner is encouraged to retain "a fair amount" to compensate him for his time. The wire transfer is sent, only to find out later that the official looking check was indeed fake and the entire amount is charged back to the unit owner by his bank.
102
Romance angle
A recent variant is the Romance Scam, which is a money-for-romance angle. The con artist approaches the victim on an online dating service, an Instant messenger (like Yahoo IM), or a social networking site. The scammer claims an interest in the victim, and posts pictures posted of an attractive person (not themselves). The scammer uses this communication to gain confidence, then asks for money. The con artist may claim to be interested in meeting the victim, but needs cash to book a plane, hotel room, or other expenses. In other cases, they claim they're trapped in a foreign country and need assistance to return, to escape imprisonment by corrupt local officials, to pay for medical expenses due to an illness contracted abroad, and so on. The scammer may also use the confidence gained by the romance angle to introduce some variant of the original Nigerian Letter scheme, such as saying they need to get money or valuables out of the country and offer to share the wealth, making the request for help in leaving the country even more attractive to the victim. In a newer version of the scam, the con artist claims to have 'information' about the fidelity of a person's significant other, which they will share for a fee. This information is garnered through social networking sites by using search parameters such as 'In a relationship' or 'Married'. Anonymous e-mails are first sent to attempt to verify receipt, then a new web based e-mail account is sent along with directions on how to retrieve the information.
Lottery scam
The lottery scam involves fake notices of lottery wins. The winner is usually asked to send sensitive information to a free e-mail account. The scammer then notifies the victim that releasing the funds requires some small fee (insurance, registration, or shipping). Once the victim sends the fee, the scammer invents another fee. Much like the various forms of overpayment fraud detailed above, a new variant of the lottery scam involves fake or stolen checks being sent to the 'winner' of the lottery (these checks representing a part payment of the winnings). The winner is more likely to assume the win is legitimate, and thus more likely to send the fee (which he does not realize is an advance fee). The check and associated funds are flagged by the bank when the fraud is discovered, and debited from the victim's account. In 2004 a variant of the lottery scam appeared in the United States. Fraud artists using the scheme call victims on telephones; a scammer tells a victim that a government has given them a grant and that they must pay an advance fee, usually around $250, to receive the grant.[36]
Hitman
An e-mail is sent to the victim's inbox, supposedly from a hitman who has been hired by a "close friend" of the recipient to kill him or her but will call off the hit in exchange for a large sum of money. This is usually backed up with a warning not to contact the local police or FBI, or the "hitman" will be forced to go through with the plan.[37] [38] This is less an advance-fee fraud and more outright extortion, but a reward can sometimes be offered in the form of the "hitman" offering to kill the man who ordered the original hit on the victim.
Advance-fee fraud
103
Bomb scams
Related to the hitman scam, the scammer contacts a business, mall, office building, or other commercial location with a bomb threat. The scammer says they will detonate the bomb unless the management of the business does as the scammer tells them. Often, the scammer says they have the store under surveillance; however, analysis of the calls by police have established that the vast majority of threat calls are made from other states or even from outside the country. Some evidence exists that points to the scammers hacking into the store's surveillance network, but this has not been confirmed.[39] The scammer usually demands that the store management or people in the headquarters office of the store (if the store is a chain) send money via wire transfer to the scammer to spare the store and the people in it. Other demands of these scammers have been more personal and humiliating, such as demanding that everyone in the store take off their clothes.[39] Because the underlying threat in the scam is a bomb threat, local law enforcement very quickly responds to the site under threat; however, because the scammer is usually nowhere near this location, the scammer is in little if any danger of being apprehended while the scam is playing out. Law enforcement, in the meantime, cannot assume the threat is anything but genuine, and therefore can do little to intervene without risking the detonation of the bomb. The fact that the threat was in reality a scam has usually not been discovered until long after the situation is overand the extortionist has collected the money demanded.
Charity scams
The scammer poses as a charitable organization soliciting donations to help the victims of a natural disaster, terrorist attack (such as the Sept. 11 World Trade Center attack), regional conflict, or epidemic. Hurricane Katrina and the 2004 tsunami were popular targets of scammers perpetrating charity scams; other more timeless scam charities purport to be raising money for cancer, AIDS or Ebola virus research, children's orphanages (the scammer pretends to work for the orphanage or a non-profit associated with it), or impersonates charities such as the Red Cross or United Way. The scammer asks for donations, often linking to online news articles to strengthen their story of a funds drive. The scammer's victims are charitable people who believe they are helping a worthy cause and expect nothing in return. Once sent, the money is gone and the scammer often disappears, though many attempt to keep the scam going by asking for a series of payments. The victim may sometimes find themselves in legal trouble after deducting their supposed donations from their income taxes. United States tax law states that charitable donations are only deductible if made to a qualified non-profit organization.[40] The scammer may tell the victim their donation is deductible and provide all necessary proof of donation, but the information provided by the scammer is fictional, and if audited, the victim faces stiff penalties as a result of the fraud. Though these scams have some of the highest success rates especially following a major disaster, and are employed by scammers all over the world, the average loss per victim is less than other fraud schemes. This is because, unlike scams involving a large expected payoff, the victim is far less likely to borrow money to donate or donate more than they can spare. In a related variant, the scammer poses as a terminally ill mother, poor university student, or other down-on-their-luck person and simply begs the victim for money for college tuition, to sponsor their children, or a similar ruse. The money, they say, will be repaid plus interest by some third party at a later date (often these third parties are some fictitious agency of the Nigerian government, or the scammer themselves once a payment from someone else is made available to them). Once the victim starts paying money to the scammer, the scammer tells the victim that additional money is needed for unforeseen expenses, similar to most other variants; in the case of the ill mother, the children will fall ill as well and require money for a doctor's care and medicine (many scammers go as far as to say that as the sponsor of the children, the victim is legally liable for such costs), where the student might claim that a dormitory fire destroyed everything they own.
Advance-fee fraud
104
Pet scams
Another such scam is based on the adoption of a puppy or an exotic pet such as parrots or reptiles. A scammer first posts an advertisement or sets up a web page offering puppies for adoption or for sale at a ridiculously low price, most often using stolen pictures from other websites and respectable breeders. When a victim responds to the ad and questions the lowered price or the reason for giving up such an expensive pet, the scammer first explains that they have recently moved to Nigeria or Cameroon from the US for work (usually volunteer work as missionaries or a UN transfer) or for studies, and claims either to have no time to properly care for the pet, that the weather has had such a terrible toll on the pet, or that they have too many pets to care for- often asking for follow-up holiday photos of the pet and a continued line of communication so that the victim does not suspect a scam. The scammer and victim exchange a few e-mails to build trust. They may even send (fake or stolen) photo IDs to further prove their credibility. Once it is established that the victim offers the right home for the pet, the scammer offers to ship the pet, and requests the victim only pay for shipping, or comes off the original price substantially to seem legitimate. The victim, who now has an emotional attachment to the pet, feels obligated and even happy to do so, as shipping is a small price to pay compared to the pet's full price at a shop or breeder. The scammer requests Western Union or MoneyGram (untraceable and irreversible) to keep the deal going in a timely fashion as the pet is ready to go to a new home and the victim is now excited. However, after wiring money, the victim does not receive the pet (as it does not exist), and if the victim does hear from the scammer again it is only for more money (to get animal out of airport holding/quarantine, "refundable" life-insurance fees or to pay unexpected vet bills that have come up) until the victim stops responding. This is extremely common currently in Nigeria and Cameroon.[42] Another type of scam that is beginning to appear is the selling of a pet by the victim. The scammer typically contacts the victim by a newspaper ad or through an online service with the aid of a call-relay service. After this call has been made, communication is done through email. As mentioned above, trust is built between the scammer and the victim by emails. The structure of the scam is that the seller of the animal (victim) will have the asking price of the animal
Advance-fee fraud plus the shipping price sent to him/her through a fake check. The victim will then deposit the check then wire the funds to the scammer through a Western Credit Union location. The "shipper" is often non-existent and described as being "private". Once the money has been wired, the scammer wins.
105
Craigslist
The popular online classifieds website, Craigslist, has been plagued with scammers using advance-fee fraud and similar techniques, usually involving fake checks, to con people out of their money. Sometimes many scammers contact a person who is either attempting to buy or sell items on Craigslist, and attempt to perpetrate exactly the same scam. Many of the same elements as the Nigerian 419 scams are used often on Craigslist, including persons conducting transactions from outside the country, sending realistic looking bank checks, sending more money than is owed, and requesting that money be wired back to the scammer.[43] [44] Another advance-fee method that has been used recently on Craigslist is where the scammer will contact someone selling an item and ask them to ship the item to a location outside the US, then provide the tracking number for the shipped item in exchange for payment. The seller then sends the item and provides the tracking number, after which the scammer never provides payment. Sometimes the scammer will approach someone offering a room or apartment for rent and pose as someone moving in to their area from overseas. They will create a scenario in which they are pressured to secure the room in advance, and ask if they can secure their occupancy with a deposit. The deposit check that they send will be a fake check for far more than the amount requested for a deposit. When the check arrives, the scammer will ask for a refund of the difference between the check they sent and the agreed upon amount. The fake check will bounce and the victim has lost whatever money they "refunded" to the scammer. A similar scam exists on the rental model, particularly in the United Kingdom - the scammer posts an ad on a classifieds site such as Craigslist or Gumtree (also known as "Scamtree") for an apartment or house for rent (and the rent is far below the normal market rate) with a fantastic description and pictures taken from other adverts or other websites. The victim contacts the scammer in order to secure a viewing, but is told that in order to do so they must go to a Western Union outlet, do a money transfer to a relative for the amount of the deposit and then provide a scanned receipt. Ostensibly this is to prove that the victim can afford the deposit before they view the apartment, and they'll get the money back after the viewing. But in actuality the property may or may not actually exist, and the receipt allows the scammer to collect the funds without any viewing ever taking place. Alternatively, the scammer forwards a rental application, or asks for information typically given on a rental application, such as driver's license number, bank account information, Social Security Number, etc.
Bona vacantia
In the United Kingdom, bona vacantia is ownerless property which has passed to the Crown. This property is administered by the Bona Vacantia Division of the Treasury Solicitor's Department. Fraudulent emails and letters, claiming to be from this department, have been reported which inform the recipient that they are the beneficiary of a legacy but requiring payment of a fee before sending more information or releasing the money.[45]
Advance-fee fraud up, but that they require a "registration fee" of sorts to account for processing and marketing expenses, or so it is claimed, which is paid in a number of untraceable methods, most often by cash; once the fee is paid, the applicant is informed that the client has cancelled, and thereafter they never contact the applicant again.
106
Rental scams
A foreign student, doctor, etc. contacts a landlord seeking accommodation. Once the terms are negotiated, a forged check is forwarded for a greater amount than negotiated. Then some emergency comes up where some part of the amount is requested to be urgently wired back. The reverse may also happen, where a scammer posts an accommodation, and requests monies be wired as deposit. The victim arrives to discover they have no accommodation.
Consequences
Monetary loss estimates
Estimates of the total losses due to the scam vary widely. Although the "success rate" of the scam is hard to gauge, some experienced 419 scammers get one or two interested replies for every thousand messages. Stephanie Nolen of The Globe and Mail said that an experienced scammer can expect to make at least several thousand dollars per successful scam letter.[46] Since 1995, the United States Secret Service has been involved in combating these schemes. The organization doesn't investigate unless the monetary loss is in excess of 50,000 US Dollars. However, very few arrests and prosecutions have been made due to the international aspect of this crime. In 2006, a report by a research group concluded that Internet scams in which criminals use information they trick from gullible victims and commonly strip their bank accounts cost the United Kingdom economy 150 million per year, with the average victim losing 31,000.[47] Between May 1992 and July 1994, a San Diego-based businessman, James Adler, was swindled out of $5.2 million by a Nigeria-based advance fee scam. In 2000, the U.S. Court of Appeals for the Ninth Circuit affirmed the trial court's findings that (1) various Nigerian government officials (including a governor of the Central Bank of Nigeria) had been directly or indirectly involved; (2) the Nigerian government officials could be sued in U.S. courts under the "commercial activity" exception to the Foreign Sovereign Immunities Act; and (3) Adler's case was completely barred by the doctrine of unclean hands because he had knowingly entered into a contract with the criminal purpose of helping Nigerian officials embezzle funds from their own government.[48]
Advance-fee fraud Nelson Sakaguchi, a director at the Brazilian bank Banco Noroeste, transferred hundreds of millions of U.S. dollars to Chief Emmanuel Nwude, Nigeria's most accomplished scammer.[49] The scam led to at least two murders, including that of one of the scammers, Mr. Bless Okereke. The scam was the third biggest in banking history, after Nick Leeson's activities at Barings Bank, and the looting of the Iraqi Central Bank during the buildup to the U.S.-led invasion of Iraq.[49] In 2008, an Oregon woman, Janella Spears, lost $400,000 to a Nigerian advance-fee fraud scam, after an e-mail told her she had inherited money from her long-lost grandfather. Her curiosity was piqued because she actually had a grandfather whom her family had lost touch with, and whose initials matched those given in the e-mail. Spears sent hundreds of thousands of dollars over a period of more than two years, despite her family, bank staff and law enforcement officials all urging her to stop.[50] [51]
107
Advance-fee fraud Murder 29-year old George Makronalli, a Greek man, was murdered in South Africa in December 2004 after his family refused to pay a ransom.[33] Kjetil Moe, a Norwegian businessman, was reported missing and ultimately killed after a trade with Nigerian scammers in Johannesburg, South Africa (September 1999).[64] One American was murdered in Nigeria in June 1995 after being lured by a 419 scam.[65] From 1994 to April1997, 419 scammers murdered 15 people in total.[37]
108
Emotional harm
Victims, in addition to having lost large sums of money, often also lose their ability to trust. The 419 Eater website says, "Although there is no serious physical injury, many victims of con-men speak of the betrayal as the psychological equivalent of rape". Victims may blame themselves for what has happened, resulting in overwhelming guilt and shame. If the victim has borrowed money from others to pay the scammer, these feelings are magnified. Further compounding the problem is the public opinion of scam letters and scam victims. Scam letters are often viewed as humorously moronic, and the people who fall for them equally so. The victim, having lost money through the scammer's manipulation of payment methods such as money orders or checks, may become distrustful of the financial system. Scam victims may stop trusting and giving money to churches, legitimate charities and, in the extreme, even service providers such as their electric company because of their requests for money. Some victims commit suicide.[52] [53] In other cases, the victim continues to contact the scammer after being shown proof that they are being scammed or even being convicted of crimes relating to the scam, having been drawn so deeply into the web of deception that their trust in what the scammer tells them overrides everything else in their life.[66] Such victims are easy prey for future scams, digging themselves even deeper into financial and legal trouble.
Arrests
In 2004, fifty-two suspects were arrested in Amsterdam after an extensive raid.[67] An Internet service provider noticed the increased e-mail traffic. None were jailed or fined, due to lack of evidence. They were released in the week of 12 July 2004. On 8 November 2004, Nick Marinellis of Sydney, Australia, was sentenced to 413 to 514 years for sending Nigerian 419 e-mails.[68] In October 2006 the Amsterdam police launched Operation Apollo to fight Internet fraud scams operated by West Africans and notably Nigerians. Following this investigation police have arrested eighty suspects, most of them from Nigeria, and seized from their homes lists of e-mail addresses, as well as fake documents. On 16 June 2007, 111 people were arrested for being in the Netherlands illegally and suspicion of fraud, although their implication with the e-mail scams is yet unknown.[69] Authorities in Nigeria have been slow to take action and for many years nothing was done. Nigeria has a reputation for criminals being able to avoid convictions through bribery and rumours abounded of official connivance in the scams.[70] In 2003 however the Economic and Financial Crimes Commission (EFCC) was charged with tackling the problem.[71] A couple of success stories including convictions in a large 419 case were reported in 2005.[72] Edna Fiedler, 44, of Olympia, Washington, on 25 June 2008, pleaded guilty in a Tacoma court and was sentenced to 2 years imprisonment and 5 years of supervised release or probation in an Internet $1 million "Nigerian check scam." She conspired to commit bank, wire and mail fraud, against US citizens, specifically using the Internet, and by having an accomplice ship her counterfeit checks and money orders from Lagos, Nigeria, last November. Fiedler shipped out $ 609,000 fake check and money orders when arrested and prepared to send additional $1.1 million counterfeit materials. The US Postal Service recently intercepted counterfeit checks, lottery tickets and eBay overpayment schemes with a face value of $2.1 billion.[73] [74]
Advance-fee fraud In March 2009, agents from Spain's technological investigation squad, UDEF Central, arrested 23 people who were accused of defrauding 150 people in both the United States and Europe. According to the police, the suspects sent out 20,000 scam e-mails per day[75] and had a list of the e-mail addresses of 55,000 potential victims in their possession.[76] In October 2009, the Nigerian government announced that they are launching "Operation Eagle Claw", a joint effort with Microsoft to apprehend Nigerian 419 scammers.[75]
109
Scam baiting
Various groups and individuals have engaged against "419" frauds by making scammers lose their time or some amount of money.[87] One widely propagated report of such a scam baiting involved an American who identified himself as "James T Kirk" to a Nigerian completely unaware of the Star Trek television series.[88]
Advance-fee fraud Cause a victim's bank account to temporarily show a large credit (which the bank reverses when they discover its false origins) to convince the victim the deal is legitimate. Format Scheme or script of an advance-fee fraud, e.g., the late dictator format, the next of kin format, the lottery format... Guyman, guy Con artist engaged in advance-fee fraud Jokeman, Joker A scam-baiter Luxcini An investment scam involving a line of men's luxury clothing based in Beverly Hills, California Maga, mugu, mugun, mahi, magha,[23] mahee, mayi, mayee, mgbada Victim of advance-fee fraud ("Mugu" means "fool"often used as an insult by scam-baiters) Modality Method of funds transfer;[89] Oga or Chairman Boss Owner of the job, Catcher Con artist who makes first contact with the victim, then passes him to another scammer to finish Run An illegal activity Yahoo millionaire,[90] yahoo boy
[91]
110
Scammers
Yahoo Yahoo Someone who cons through e-mail, particularly through a Yahoo! address
Advance-fee fraud The email?", to which Michael replies, "You know what Toby, when the son of the deposed king of Nigeria emails you directly, asking for help, you help! His father ran the freaking country! Okay?" In The Sun Cow episode of the Nickelodeon TV series, Back at the Barnyard, Otis, Pig and Abby received an e-mail from a Nigerian prince requesting for help, to which Abby replies with the farmer's credit card number and stating that the Internet does not lie. In a 2009 episode of A&E documentary Intervention, a man habitually gives his family's money away to 419 scammers. Two songs promoting advance fee fraud are popular in Nigeria: "I Go Chop Your Dollar - 419 Song" by Osuofia with the chorus "419 is just a game, you are the loser, I am the winner",[92] and "Maga Don Pay" (The victims pay) by Kelly Hansome, with the chorus Maga don pay, shout hallelujah. In response to this song, 9 R&B and rap artists (Banky W, Bez, Cobhams, MI, Modele, Omawumi, Rooftop MCs, The Wordsmith) released the song "Maga No Need Pay". The lyrics and the chorus Maga no need pay for me to buy correct motor, for me to take make my dough explain to the youngsters that they can make a good living and that they will help their country by staying away from advance fee fraud. Fela! The Musical makes several references to code 419. One of the series featured in webcomic Irregular Webcomic! stars the Nigerian Finance Minister.[93]
111
In the television series Sit Down, Shut Up, the teacher Stuart Proszakian sends money to a Nigerian Scam despite the other teachers' warnings. But at the end it turns out there really was a Nigerian Prince, and thanks Stuart for the donation.
References
[1] " How to identify and avoid hoax or fraudulent e-mail scams (http:/ / www. microsoft. com/ protect/ yourself/ phishing/ hoaxes. mspx)," Microsoft [2] " Nigerian Money Offer Scams (http:/ / www. aarp. org/ money/ wise_consumer/ scams/ a2002-10-02-FraudsNigerianMoneyOffer. html)," AARP [3] " 'Nigerian Scam' Lures Companies (http:/ / query. nytimes. com/ gst/ fullpage. html?res=9E0CE5DC1638F932A15756C0A964958260)," The New York Times [4] " International Financial Scams Internet Dating, Inheritance, Work Permits, Overpayment, and Money-Laundering (http:/ / travel. state. gov/ pdf/ international_financial_scams_brochure. pdf)," United States Department of State [5] "Nigerian Criminal Code" (http:/ / www. nigeria-law. org/ Criminal Code Act-Part VI to the end. htm). . Retrieved 2007-03-24. [6] "ADS-L, 9 February 2005" (http:/ / listserv. linguistlist. org/ cgi-bin/ wa?A2=ind0502B& L=ADS-L& P=R2863& I=-3). . Retrieved 2006-03-24. [7] "Nigerian Scam" (http:/ / www. snopes. com/ crime/ fraud/ nigeria. asp). Snopes. 2003-09-06. . Retrieved 2006-07-09. [8] Eugne Franois Vidocq (1834). Memoirs of Vidocq, Principal agent to the French police until 1827 (http:/ / books. google. com/ books?id=uGQoAAAAYAAJ& pg=PA58& dq=vidocq+ jerusalem+ letter). Google Books. p.58. . Retrieved 14 September 2010. [9] " Baiters Teach Scammers a Lesson (http:/ / www. wired. com/ techbiz/ it/ news/ 2006/ 08/ 71387)," Wired [10] " Travel Warning Nigeria (http:/ / travel. state. gov/ travel/ cis_pa_tw/ tw/ tw_928. html)," Bureau of Consular Affairs United States Department of State [11] " "419 SCAM" (http:/ / accra. usembassy. gov/ wwwhscam419. html)," US Diplomatic Mission to Ghana [12] " Scam Alert ! (http:/ / www. intercontinentalbankgh. com/ web/ scamalert/ index. php)," Intercontinental Bank Ghana [13] " Benin: 2005 Country Commercial Guide (http:/ / benin. usembassy. gov/ benin_ccguide2005_. html)," Embassy of the United States Cotonou, Benin [14] "West African Advance Fee Scams" (http:/ / abidjan. usembassy. gov/ art_of_scam. html). Regional Security. United States Embassy in Abidjan, Cte d'Ivoire. . [15] " Togo (http:/ / travel. state. gov/ travel/ cis_pa_tw/ cis/ cis_1041. html#crime)," United States Department of State [16] " Advance Fee Fraud (http:/ / www. hampshire. police. uk/ Internet/ advice/ advice/ advancefeefraud. htm)," Hampshire Constabulary [17] " American Victims of Crimes in Senegal (http:/ / dakar. usembassy. gov/ service/ emergency-services/ victims-of-crime-in-senegal. html)," Embassy of the United States Dakar, Senegal [18] " Burkina Faso Consular Information Sheet 05 October 2005 (http:/ / statelists. state. gov/ scripts/ wa. exe?A3=ind0510a& L=DOSTRAVEL& E=0& P=84754& B=------_=_NextPart_001_01C5C9DF. 70CD9B60& T=text/ plain; charset=iso-8859-1)," United States Department of State [19] " Advance Fee Fraud (http:/ / www. bba. org. uk/ customer/ article/ advance-fee-fraud/ fraud/ )," British Bankers' Association
Advance-fee fraud
[20] " Fraud Scheme Information (http:/ / amsterdam. usconsulate. gov/ advance_fee_fraude. html)," United States Consulate General of Amsterdam [21] " Latest e-mail uses Alaska Airlines crash victims to scam (http:/ / blog. seattlepi. nwsource. com/ consumersmarts/ archives/ 125509. asp)," Seattle Post-Intelligencer [22] " Zimbabwe appeal (http:/ / www. docep. wa. gov. au/ ConsumerProtection/ scamnet/ Scams/ Zimbabwe_Appeal. html)," WA ScamNet of West Australia [23] 'I Will Eat Your Dollars' (http:/ / web. archive. org/ web/ 20051029165224/ http:/ / news. yahoo. com/ s/ latimests/ 20051020/ ts_latimes/ iwilleatyourdollars) By Robyn Dixon Times Staff Writer Thu Oct 20, 7:55 AM ET [24] "Nigerian Cyber Scammers" (http:/ / www. latimes. com/ technology/ la-fg-scammers20oct20,0,301315. story?page=2& collection=la-yahoostorylinks). Los Angeles Times. . [25] "Nigerian Cyber Scammers" (http:/ / www. latimes. com/ technology/ la-fg-scammers20oct20,0,301315. story?page=3& collection=la-yahoostorylinks). Los Angeles Times. . Retrieved 14 September 2010. Angeles [26] Stevenson, Joseph A. (2010-08-11). "Bogus Cheques Writing Jobs" (http:/ / careerfield. org/ blog/ 2010/ 08/ 04/ real-job-or-scam/ ). Careerfield. . Retrieved 2010-08-11. [27] Mayer, Caroline E. (2006-06-01). "Banks Honor Bogus Cheques and Scam Victims Pay" (http:/ / www. washingtonpost. com/ wp-dyn/ content/ article/ 2006/ 05/ 31/ AR2006053102004. html). Washington Post. p.A01. . Retrieved 2006-07-09. [28] "Firefox Release Notes" (http:/ / www. mozilla. com/ en-US/ firefox/ 2. 0. 0. 1/ releasenotes/ ). Mozilla. . Retrieved 14 September 2010. [29] " E-Mail Scammers Ask Your Friends for Money (http:/ / bits. blogs. nytimes. com/ 2007/ 11/ 09/ e-mail-scammers-ask-your-friends-for-money/ index. html?ex=1352264400& en=597277d1a0cbde58& ei=5088& partner=rssnyt& emc=rss)," The New York Times [30] Con artists target phone system for the deaf (http:/ / msnbc. msn. com/ ID/ 4781806), MSNBC [31] " Nigerian Advance Fee Fraud (http:/ / www. state. gov/ www/ regions/ africa/ naffpub. pdf)." United States Department of State Bureau of International Narcotics and Law Enforcement Affairs. 6. Retrieved on December 1, 2010. [32] " Nigerian Advance Fee Fraud (http:/ / www. state. gov/ www/ regions/ africa/ naffpub. pdf)." United States Department of State Bureau of International Narcotics and Law Enforcement Affairs. 11-12. Retrieved on December 1, 2010. [33] Philip de Braun (2004-12-31). "SA cops, Interpol probe murder" (http:/ / www. news24. com/ SouthAfrica/ News/ SA-cops-Interpol-probe-murder-20041231). News24. . Retrieved 2010-11-27. [34] " Scam Bait - the Nigerian Scam (http:/ / freebies. about. com/ library/ weekly/ aa110302a. htm)," About.com [35] "Denton Woman Says Mystery Shopper Job Was Scam NBC5i.com, Dallas" (http:/ / www. nbc5i. com/ newsbycounty/ 14519865/ detail. html). Nbc5i.com. . Retrieved 2009-06-10. [36] " Grant's Boon (http:/ / www. snopes. com/ crime/ fraud/ govgrant. asp)." Snopes. [37] " Nigerian Advance Fee Fraud (http:/ / www. state. gov/ www/ regions/ africa/ naffpub. pdf)." United States Department of State Bureau of International Narcotics and Law Enforcement Affairs [38] " Hitman Bribe Scam (http:/ / www. snopes. com/ crime/ fraud/ hitman. asp)", Snopes [39] " FBI looks overseas in ongoing bomb scam (http:/ / www. msnbc. msn. com/ id/ 20532032/ )," MSNBC [40] " Charitable Contributions (http:/ / www. irs. gov/ pub/ irs-pdf/ p526. pdf)," Internal Revenue Service [41] " Scam Me Twice, Shame on Me... (http:/ / www. snopes. com/ info/ notes/ nigeria01. asp)," Snopes [42] Rolfe, John (2009-02-11). "Puppy love the latest tactic of Nigerian web scammers" (http:/ / www. news. com. au/ dailytelegraph/ story/ 0,22049,25036245-5001021,00. html). News.com.au. . Retrieved 2009-06-10. [43] "about > scams" (http:/ / www. craigslist. org/ about/ scams). craigslist. . Retrieved 2009-06-10. [44] "A Craigslist Scam You Might Fall For at" (http:/ / www. smartmoney. com/ spending/ rip-offs/ a-craigslist-scam-you-might-fall-for-0/ ). Smartmoney.com. . Retrieved 2009-06-10. [45] BonaVacantia.gov.uk (http:/ / www. bonavacantia. gov. uk/ default. asp?pageid=1415): Scam email [46] " Nigerian e-mail scammers feeding on greed, gullibility (http:/ / www. theglobeandmail. com/ servlet/ Page/ document/ v5/ content/ subscribe?user_URL=http:/ / www. theglobeandmail. com/ servlet/ story/ RTGAM. 20051205. gtemail05/ BNStory/ Technology/ )," The Globe and Mail [47] "Nigeria scams 'cost UK billions'" (http:/ / news. bbc. co. uk/ 1/ hi/ business/ 6163700. stm). BBC News. 2006-11-20. . Retrieved 2006-11-20. [48] Adler v. Republic of Nigeria, 219 F.3d 869 (9th Cir. 2000). [49] Misha Glenny. McMafia. Vintage Books. pp.138141. ISBN9780099481256. [50] "Woman out $400K to 'Nigerian scam' con artists | KATU.com Portland, Oregon | News" (http:/ / www. katu. com/ news/ 34292654. html). KATU.com. 2008-11-21. . Retrieved 2009-06-10. [51] "Woman Loses 400000 to Nigerian Scam" (http:/ / www. youtube. com/ watch?v=j1vW9cIlnVI). YouTube. 2009-04-19. . Retrieved 2009-06-10. [52] "Fraud Alert - 419 Fraud" (http:/ / www. met. police. uk/ fraudalert/ 419. htm). London Metropolitan Police. . Retrieved 2006-07-09. [53] "Suicide of Internet Scam Victim" (http:/ / news. bbc. co. uk/ 1/ hi/ england/ cambridgeshire/ 3444307. stm). British Broadcasting Corporation. 2004-01-30. . Retrieved 2006-09-26. [54] " Surge in global Internet scams prompts new US warning to Internet users (http:/ / www. iht. com/ articles/ ap/ 2007/ 03/ 02/ america/ NA-GEN-US-Internet-Scams. php)," International Herald Tribune
112
Advance-fee fraud
[55] " Web scam drove student to suicide (http:/ / news. bbc. co. uk/ 2/ hi/ uk_news/ england/ nottinghamshire/ 7380093. stm)," BBC News [56] "Nigerian scam continues to thrive" (http:/ / www. msnbc. msn. com/ id/ 3078489/ ), MSNBC [57] "Internet technology fueling Nigerian scam" (http:/ / www. avma. org/ onlnews/ javma/ apr03/ 030401d. asp). Journal of the American Veterinary Medical Association. 2003-04-01. . Retrieved 2006-07-09. [58] "Czech pensioner charged with murdering Nigerian consul" (http:/ / www. radio. cz/ en/ news/ 37806). Radio Prague. 2003-02-20. . Retrieved 2006-07-09. [59] " Nigerian Slain Over E-Mail Scam (http:/ / www. wired. com/ culture/ lifestyle/ news/ 2003/ 02/ 57760)," Wired [60] "Seven in court for 419 kidnap" (http:/ / www. news24. com/ Africa/ News/ Seven-in-court-for-419-kidnap-20080930). . [61] "?" (http:/ / www. news24. com/ News24/ South_Africa/ News/ 0,,2-7-1442_2399032,00. html). . Retrieved 14 September 2010. "R100m in fraud crackdown" (http:/ / www. news24. com). . Retrieved 14 September 2010. [62] " Kidnapped Briton tells of terror (http:/ / news. bbc. co. uk/ 1/ hi/ uk/ 1438872. stm)," BBC [63] " "I Brought You A Good News," An Analysis of Nigerian 419 Letters (http:/ / www. businesscommunication. org/ conventions/ Proceedings/ 2005/ PDFs/ 07ABC05. pdf)," Oregon Institute of Technology [64] " Moe funnet dd (http:/ / www. dagbladet. no/ nyheter/ 2000/ 05/ 26/ 205694. html)," Dagbladet [65] " Woman falls for Nigerian scam (http:/ / www. njherald. com/ 326099832547533. php)," New Jersey Herald [66] " Nigerian scam victims maintain the faith (http:/ / www. smh. com. au/ news/ business/ nigerian-scam-victims-maintain-the-faith/ 2007/ 05/ 14/ 1178995057764. html)," The Sydney Morning Herald [67] Dutch 419 inside job (http:/ / www. theregister. co. uk/ 2004/ 07/ 05/ dutch_419_inside_job/ ), The Register. Retrieved 31 December 2006. [68] Haines, Lester (2004-11-08). "Nigerian 419 Scam Spammer Sentenced to Five Years in Prison" (http:/ / www. theregister. co. uk/ 2004/ 11/ 08/ aussie_419er_jailed/ ). Theregister.co.uk. . Retrieved 2009-06-10. [69] Dutch act on 'Nigerian scams' (http:/ / australianit. news. com. au/ story/ 0,24897,21923565-15306,00. html), The Australian. Retrieved 18 June 2007. [70] "Skeptics Journal 1998" (http:/ / www. skeptics. com. au/ journal/ 1998/ 1. pdf) (PDF). . Retrieved 2009-07-03. [71] "About the Economic and Financial Crimes Commission". (http:/ / www. efccnigeria. org/ index. php?option=com_content& task=section& id=5& Itemid=69) EFCC website accessed 25 July 2007. [72] "Text of A Media Conference by Mallam Nuhu Ribadu, Executive Chairman, EFCC" (http:/ / www. efccnigeria. org/ index. php?option=com_content& task=view& id=716& Itemid=2) (Monday, 21 November 2005). EFCC website retrieved 25 July 2007. [73] "Woman gets prison for 'Nigerian' scam" (http:/ / www. upi. com/ Top_News/ 2008/ 06/ 26/ Woman_gets_prison_for_Nigerian_scam/ UPI-73791214521169/ ). Upi.com. 2008-06-26. . Retrieved 2009-06-10. [74] "Cisco to start paying a dividend before summer" (http:/ / tech. yahoo. com/ news/ pcworld/ 147575). Yahoo! News. . Retrieved 14 September 2010. ??? [75] (AFP) Oct 22, 2009 (2009-10-22). "Nigeria's anti graft police shuts 800 scam websites" (http:/ / www. google. com/ hostednews/ afp/ article/ ALeqM5iV7uw_rlEABbsQCt-GvZexDLbRqw). Google.com. . Retrieved 2010-11-12. [76] "Desarticulada una banda que enviaba diariamente 20.000 'cartas nigerianas'" (http:/ / www. elpais. com/ articulo/ espana/ Desarticulada/ banda/ enviaba/ diariamente/ 20000/ cartas/ nigerianas/ elpepuesp/ 20090317elpepunac_11/ Tes). Elpais.com. . Retrieved 2010-11-12. [77] " Former Alcona County Treasurer Sentenced to 9-14 Years in Nigerian Scam Case (http:/ / mi. gov/ ag/ 0,1607,7-164-34739-170122--,00. html)," Office of the Attorney General, Michigan [78] 419ers take Aussie financial advisor for AU$1m (http:/ / www. theregister. co. uk/ 2004/ 10/ 19/ aussie_419_victim/ ), The Register, Published Tuesday 19th October 2004 GMT [79] Haines, Lester. " Woman falls for Nigerian scam, steals $2.1m from law firm (http:/ / www. theregister. co. uk/ 2002/ 09/ 23/ woman_falls_for_nigerian_scam/ )," The Register [80] " Annals of Crime: The Perfect Mark (http:/ / www. newyorker. com/ archive/ 2006/ 05/ 15/ 060515fa_fact?printable=true& currentPage=all) ," The New Yorker [81] " Supermarket for Scandal (http:/ / www. upenn. edu/ gazette/ 1100/ 1100books. html)," University of Pennsylvania [82] " Rats In the Grain. - Review - book review (http:/ / findarticles. com/ p/ articles/ mi_m0HIC/ is_1_16/ ai_75477934)" [83] "Rats in the grain: The Dirty Tricks and Trials of Archer Daniels Midland The Supermarket to the World" (http:/ / www. populist. com/ 00. 16. krebs. html). Populist.com. . Retrieved 2009-06-10. [84] "Luftschlsser gebaut" (http:/ / www. derwesten. de/ sport/ lokalsport/ essen/ tusem/ Luftschloesser-gebaut-id894146. html), Der Westen, 17.07.2008 (in german) [85] "Ego statt Geld" (http:/ / www. sueddeutsche. de/ sport/ 386/ 446122/ text/ ), Sddeutsche Zeitung, 21.06.2008 (in german) [86] "Groes Ganovenstck" (http:/ / www. derwesten. de/ staedte/ essen/ Grosses-Ganovenstueck-id1242365. html), Der Westen, 19.06.2008 (in german) [87] Baiting Nigerian scammers for fun (not so much for profit) (http:/ / arstechnica. com/ web/ news/ 2009/ 05/ baiting-nigerian-scammers-for-fun-not-so-much-for-profit. ars) at ArsTechnica. [88] "Dumb Nigerian Con-Artists" (http:/ / web. archive. org/ web/ 20070209072152/ spl. haxial. net/ nigerian-fraud/ ). Web.archive.org. . Retrieved 2010-11-12. [89] " Advance fee fraud schemes (http:/ / www. yale. edu/ its/ email/ spam/ fraud. html)," Yale University [90] " Online scams create "Yahoo! millionaires" (http:/ / money. cnn. com/ magazines/ fortune/ fortune_archive/ 2006/ 05/ 29/ 8378124/ )," CNN Money
113
Advance-fee fraud
[91] " Nigeria cracks down on e-mail scams (http:/ / www. csmonitor. com/ 2005/ 1215/ p07s02-woaf. html)," Christian Science Monitor [92] "Home: Advance Fee Fraud: Encyclopedia" (http:/ / www. baldfaceliars. com/ Advance_fee_fraud/ encyclopedia. htm). BaldFaceLiars.com. . [93] "Nigerian Finance Minister" (http:/ / www. irregularwebcomic. net/ cast/ nigerianfinanceminister. html). Irregular Webcomic!. . Retrieved 2010-03-18.
114
Books
Apter, Andrew (2005). "The Politics of Illusion". The Pan-African Nation: Oil and the Spectacle of Culture in Nigeria. Chicago: University of Chicago Press. ISBN0226023559. Berry, Michael (2006). Greetings in Jesus Name!: The Scambaiter Letters (http://books.google.com/ books?id=tL7tAAAACAAJ). Harbour Books. ISBN1905128088. Dillon, Eamon (2008). "Chapter 6: The 419ers" (http://www.dilloninvestigates.com/index_files/Page390. htm). The Fraudsters How Con Artists Steal Your Money. Merlin Publishing. ISBN9781903582824. Edelson, Eve (2006). Scamorama: Turning the Tables on Email Scammers (http://books.google.com/ books?id=piSbAAAACAAJ). Disinformation Company. ISBN1932857389. Nwaubani, Adaobi Tricia (2009). I Do Not Come to You By Chance (novel) (http://www.hyperionbooks.com/ titlepage.asp?ISBN=1401323111&SUBJECT=Fiction). Hyperion Books. Tive, Charles (2006). 419 Scam: Exploits of the Nigerian Con Man (http://books.google.com/ books?id=tT_WX_2pvFwC). iUniverse.com. ISBN0595413862. Van Wijk, Anton (2009). Mountains of gold; An exploratory research on Nigerian 419-fraud: backgrounds (http:/ /419.swpbook.com). SWP Publishing. ISBN978-90-8850-028-2.
External links
Advance-fee fraud (http://www.dmoz.org//Society/Issues/Fraud/Advance_Fee_Fraud//) at the Open Directory Project UK Metro Police Antifraud (http://www.met.police.uk/): Metro Police UK Antifraud Division ScamWatch (http://www.scamwatch.gov.au/): Australia's ScamWatch RomanceScam (http://www.romancescam.com/): Nigerian Dating Scammers Interview with an ex-scammer, January 2010 (http://www.scam-detectives.co.uk/blog/2010/01/22/ interview-with-a-scammer-part-one): Scam Detectives RentScams (http://www.rentscams.org/): Rental Property Scams VP44 Spam & Scam Database (http://spamdb.vp44.com/): large repository of 419 scam samples
Pig in a poke
115
Pig in a poke
The idioms pig in a poke and sell a pup (or buy a pup) refer to a confidence trick originating in the Late Middle Ages, when meat was scarce, but cats and dogs (puppies) were not.[1] [2] [3] The idiom pig in a poke can also simply refer to someone buying a low-quality pig in a bag because he or she did not carefully check what was in the bag.[4] The scheme entailed the sale of a suckling pig or pup in a poke (bag). The bag would actually contain a cat or dog (not particularly prized as a source of meat), which was sold to the victim in an unopened bag. The French idiom acheter (un) chat en poche (to buy a cat in a bag) refers to an actual sale of this nature, as do many European equivalents, while the English expression refers to the appearance of the trick.[5] The common English colloquial expressions such as turn out to be a pig in a poke or buy a pig in a poke mean that something is sold or bought without the buyer knowing its true nature or value, especially when buying without inspecting the item beforehand. The phrase can also be applied to accepting an idea or plan without a full understanding of its basis. Similar expressions exist in other European languages, most of them referring to the purchase of a cat in a bag, with some exceptions:
Language Bulgarian Catalan Croatian Czech Danish Dutch Estonian French Finnish German Greek Hebrew Hungarian Icelandic Indonesian Irish Latvian Lithuanian Phrase Donar/Prendre gat per llebre kupiti maka u vrei koupit zajce v pytli at kbe katten i skken een kat in de zak kopen ostma prsast kotis acheter un chat dans un sac ostaa sika skiss die Katze im Sack kaufen Translation to buy a cat in a bag to give/to take cat instead of hare to buy a cat in a sack to buy a hare in a sack to buy the cat in the sack to buy a cat in the sack to buy a piglet in a sack to buy a cat in a bag to buy a pig in a sack to buy the cat in the sack
to buy a pig in a sack zskbamacska a kaupa kttinn sekknum kucing dalam karung ceannaigh muc i mala pirkt kai mais pirkti kat maie cat in a sack cat in a sack to buy the cat in the sack cat in a sack buying a pig in a bag to buy a cat in a sack to buy a cat in a sack to buy the cat in a sack to buy the cat in the sack to buy the cat in the sack to buy a cat in a sack to buy a cat instead of a hare to buy with closed eyes to buy a cat in a sack
Luxembourgish d'Kaz am Sak kafen Macedonian Norwegian Polish Portuguese Romanian Russian kjpe katta i sekken kupi kota w worku comprar gato por lebre a cumpra cu ochii nchii
Pig in a poke
116
Spanish Spanish Serbian Slovak Slovene Swedish dar gato por liebre hay gato encerrado kpi maku vo vreci kupiti maka v aklju kpa grisen i scken to give a cat instead of a hare there is a cat shut inside to buy a cat in a sack to buy a cat in a sack to buy a cat in a sack to buy the pig in the sack
This trick also appears to be the origin of the expression "let the cat out of the bag",[6] meaning to reveal that which is secret (if the would-be buyer opened the bag, the trick would be revealed).[5]
References
Notes
[1] [2] [3] [4] [5] [6] pig in a poke (http:/ / idioms. yourdictionary. com/ pig-in-a-poke) at YourDictionary.com pup (http:/ / www. ldoceonline. com/ dictionary/ pup) at Longman Dictionary of Contemporary English be sold a pup (http:/ / idioms. thefreedictionary. com/ be+ sold+ a+ pup) at The Free Dictionary pig in a poke (http:/ / www. idiomdictionary. com/ definition/ pig-in-a-poke. html) at IdiomDictionary.com Brewer, Dictionary of Phrase and Fable, 1898. Let the cat out of the bag (http:/ / www. phrases. org. uk/ meanings/ 227250. html) on The Phrase Finder
Bibliography
E. Cobham Brewer, Dictionary of Phrase and Fable (http://www.bartleby.com/81/13246.html). 1898. Funk, Charles Earle, A Hog on Ice: & Other Curious Expressions. HarperResource, 2002. ISBN 0-06-051329-2. National Lampoon's European Vacation, The television game show the Griswolds played that won them the trip.
117
The scam
A network of touts and con men present the mark with an opportunity to profit from buying discount gems from a jewelry shop. The mark is convinced that he can buy gems at duty free price and bring them overseas for a threefold or more profit. Through a network of helpers, each of whom tells the mark bits of information, the mark is guided to the jewelry shop. 1. A tout will be on the lookout at popular tourist spots like the Grand Palace, Wat Pho, Khaosan Road, Siam Square, or other temples or tourist attractions in Bangkok. (Also, the scam may often be initiated by a tuk-tuk driver.) The tout will be dressed as a student or gentleman and will approach the mark to tell him the place he is about to visit is closed today because of some made-up holiday. The tout, taking advantage of the Thai people's reputation for friendliness, may strike up a conversation, asking where the mark is from, and if this is his first time in Bangkok. The tout will also tell the mark that a certain tuk-tuk waiting nearby is cheap or even free because it has been sponsored by the tourism ministry and can bring him to other temples elsewhere to visit. Sometimes this gentleman finds out which country the mark is from and informs the con man at the next layer about it. 2. If the mark gets on the tuk-tuk, the driver will bring him to a secluded temple in the city, drop him off, and wait for him to return. 3. When the mark walks into the temple, there will be a gentleman praying inside. That person will tell him about a scheme by the government which allows people to buy jewelry duty free and make a profit when the gems are shipped to their home country, adding that today is the last day of this scheme. 4. The tuk-tuk may take the mark to another temple, where another person (sometimes a Thai, sometimes a Westerner) tells the same story, building up the mark's confidence through a seemingly "independent" verification. If the mark is interested, the person will tell the tuk-tuk driver to take him to the jewelry store. 5. At the shop the mark will be pressured to buy jewelry. If the mark purchases the jewelry, the gem will be packaged and shipped directly to the mark's address in his home country so that he will not have a chance to get the gem appraised or return it for a refund. In the purchase process the mark may be told to go to a nearby gold shop to purchase gold to be exchanged for the gem - this money laundering ensures that any stop-payment on the part of the mark will not affect the gem store's profits. 6. The mark returns to his home country, only to find the jewelry to be worth far less than he paid for it. Other scams include fake Thai Mikimoto certificates. Once in a store, a variety of selling tactics are employed, including bait and switch, and "educating" gemstone novices about "fake gems" which are in fact real, and selling them "real gems" which are in fact fake.
118
Process
The typical white van speaker scam involves one to three individuals, who are usually casually dressed or wearing uniforms. They drive an SUV, minivan or a commercial vehicle (usually a white commercial van, which may be rented inexpensively) that often displays a company logo. To find suitable targets, the van operators set up their con in moderately-trafficked areas, such as parking lots, gas stations, colleges, or large apartment complexes. Alternatively, they may target people driving expensive cars and wave them down. The marks (victims) are usually affluent young men, college students, or others thought to have large amounts of disposable income. The marks may also be foreigners or people who are unfamiliar with typical business transactions in Western countries. The operators often claim that they work for an audio retailer or audio installer and that, through some sort of corporate error (warehouse operator mistake, bookkeeping mistakes, computer glitch, etc.) or due to the client changing the order after supplies were purchased, they have extra speakers. Sometimes, it is implied that the merchandise may be stolen. For varying reasons they need to dispose of the speakers quickly and are willing to get rid of them at "well below retail" prices. The con artists will repeatedly state the speaker's "value" as anywhere between $1800 and $3500, prices often purportedly verified by showing a brochure or a magazine advertisement. They will usually also have an official-looking website verifying their claims. If the mark declines the offer, the scammer uses various high-pressure negotiation sales tactics. Among these techniques are producing glossy material that details the quality and high retail value of the speakers, and bombarding the potential customer with technical jargon, whether correctly or incorrectly used. If still unable to convince the mark that he is turning down an incredible offer, the con artist will almost always lower the price significantly. Some con artists will even suggest that, since the customer got such a great deal, he should pay a little extra as beer money for his supposed benefactor.
119
Economics
Distributors rent a warehouse and obtain licenses and distribution rights, then import large quantities of poorly made goods. They ship these goods to local warehouses in major cities and hire 'salesmen' to distribute the shoddy goods. North American distribution operations are in major cities across the continent.[1] The marketers at each office establish a promotion, benefit, and bonus scale for the speaker sales teams. Bonuses may be paid in cash or speakers. In Australia the same tactic is used. Receipts are issued, but the contact details are usually fake so that the goods cannot be returned. As an added measure, vehicles are leased so that they can not be traced to either the distributor or 'sales person' driving.
Online availability
White van speakers and home theater systems are now commonly found online on such sites as Craigslist, Kijiji and eBay. Speakers and projectors are popular scams because they are not easily tested. Buyers are misled into purchasing low quality knock off brands. with reviews showing these speakers or electronics to be outclassed by even inexpensive "home theater in a box" systems sold by legitimate manufacturers. One online technique used on Craigslist is for the seller to post ads for the speakers for the "retail price" printed on their boxes, which is often in the thousands of dollars. Any box of speakers with an MSRP printed on it should be considered a counterfeit. Then the seller will post another ad with different wording at a "deal" price, a fraction of the original price. Both ads will have links to the phony speaker brand's web site. The higher priced advertisement is meant to fool any prospective buyer into thinking that they have done their due diligence. In addition to the phony prices, other common verbiage includes: "my loss is your gain", "received as a gift", "won it at a raffle or company award", "I am an audio installer", "having a baby", "need to pay rent or a fine", "already have one don't need 2", "moving out of town", "great buy!", "need to sell fast" and "still in the box." A more recent development in ad postings are self-perpetuating scamsthose claiming to be victims of the scam, when exposed, say they are trying to recoup some of their loss.
Techniques used
The brand name of the speakers is often confusingly similar to a well-regarded speaker manufacturer. For example, the reputations of manufacturers such as Klipsch, Polk Audio, Paradigm, Dahlquist, and Wharfedale are used to sell low-quality speakers with fake brand names like Kirsch, Volk Audio, Paradyme, Dahlton, and Grafdale. Another brand called Millennium Theater Systems or MTS,[2] is similar to MTX, and a brand called Paramax Audio[3] has been claimed to be jointly owned by Paramount Studios and the IMAX Corporation. "Matrix Audio Concepts" is another fictional brand that returns additional related websites with an Internet search query for that term. Some sites, such as for Theater Research[4] , also list customer service telephone numbers or support e-mail addresses. These methods of contact are often dead ends. Another recent technique is to parrot but not mimic, the names of reputable companies. For example, Genesis Media Labs is a white van scam name that trades on the American "Genesis" brand of loudspeakers [5] [6] , while DiVinci trades on the name of the Swiss "DaVinci" company.
120
White van speaker scam Bjorn and Wielder [23] Camelot Audio[14] Carlson Audio[14] Cerwin Vega (counterfeit)[24] Cinemax Loudspeakers Cleo Acoustics (Singapore) [25] Columbia Audio [10] Crystal Home Theater (Not related to Crystal Home Audio) [26] Definitive Sound Technology [27] (no relation to Definitive Technology) Denmark, Denmark Audio, Denmark Optics[9] [15] [19] Deutsch Akustik [28] Dogg Digital, Digital Dogg Audio[15] [16] [29] DanWave, Dan Wave[16] Dahlton[15] [16] Digital Pro Audio, Pro Audio, Digital Audio,Digital Galaxy, Digital Audio Professional Speaker Systems, Digital Audio Skyline, Digital Research[15] [16] [19] DiVinci[16] [19] Dreamland, Dream Land[10] Dynalab[15] [19] Elite Audio[30] EDS, Elite Digital Sound[31] EKO[14] Eurosound[14] Epiphany Audio[15] [32] Fleetwood Audio[33] Genesis Media Labs, Genisis Media Labs[16] (no relation to Genesis Technologies) Glatten Audio[14] Grafdale[15] [16] Hauffman[16] Hy-line Sound Electronics [16] I-Cinema[34] Icon MediaLab, Icon Media Lab Digital Fusion[10] [35] (No relation to LBi Ltd., the registered trademark owners of the Icon MediaLab name) Image Audio Concepts[36] Image Reference[37] JBL (counterfeit)[24] Jannsonn & Fynn [38] Kauffman[39] Kinetic[17] Kirsch, Kirsh[16] [19] Linear Acoustik[14] Linear Phase[19] London[32] Matrix Audio[16] Mantooth Audio[16]
121
White van speaker scam Norway Audio[41] Olin Ross [42] Omni Audio[15] Oracle Projector[43] Orix[14] Palermo[17] Paradyme[19] (no relation to Paradigm) Paragon Paramax[16] [17] [19] [42] [44] Proline Acoustic[16] Pro-Optics, 3D Optics, 3D Optiks[43] Protechnik[43] [44] [45] [46] Protecsound (PTS)[15] [47] PSD[15] [16] PurTone [48] RDX [49] Rothdale [50] Samaurai[16] [19] Skyline[19] Sutherland Technology[16] (no relation to Sutherland Engineering) Theater Logic[51] Theater Research, Theatre Research, Theater Innovations[15] [16] [19] US Acoustics[52] VAV[14] VisionMax[53] Vokl Audio [54] Volk Audio (also has a projector branch known as Volk Cinema) [55] Wahldorf Home Theater [56]
122
References
[1] [2] [3] [4] [5] [6] [7] [8] [9] Scam Shield - Distributor Locations (http:/ / www. scamshield. com/ Help. asp?id=4) MTS Speakers (http:/ / www. mtsspeakers. com/ ) http:/ / paramaxaudio. com/ Paramax Audio website Theater Research website (http:/ / www. trtheaterresearch. com/ ) Genesis Loudspeakers by Genesis Advanced Technologies (http:/ / www. genesisloudspeakers. com) Genesis Model 5.2 review at Stereophile Magazine (http:/ / www. stereophile. com/ floorloudspeakers/ 206gen/ ) Warning - white van scammers out in Melbourne (http:/ / www. ls1. com. au/ forum/ showthread. php?t=90432& page=2) OzRipOff - BangAudio (http:/ / www. ozripoff. com/ report-view/ 299-bangaudiocomau-scam) Minister for Consumer Affairs - Government of South Australia (http:/ / www. ocba. sa. gov. au/ assets/ medicomms/ mrelease_itinertraders. pdf) [10] ScamShield Listing Australia (http:/ / www. scamshield. com/ Sighting. asp?state=none& country=Australia& article=1) [11] United States Patent Office (http:/ / tarr. uspto. gov/ servlet/ tarr?regser=serial& entry=77797734) [12] Panjiva Shipping records (http:/ / panjiva. com/ Eran-Electronic-Inc/ 4036298) [13] Kitsap Sun (http:/ / www. kitsapsun. com/ news/ 2008/ jun/ 26/ sound-system-scammers-traveling-in-white-van-get) [14] VR-Zone Forum: "White Van" speaker brand listing (http:/ / forums. vr-zone. com/ showthread. php?t=219074) [15] Kuro5hin story (http:/ / www. kuro5hin. org/ story/ 2004/ 4/ 9/ 224439/ 1810) [16] ScamShield Listing Canada (http:/ / www. scamshield. com/ Sighting. asp?state=none& country=Canada& article=1) [17] ScamShield Listing Texas (http:/ / www. scamshield. com/ Sighting. asp?country=none& state=Texas& article=1) [18] Ripoff Report: George Grover - The Home Theater Store (http:/ / www. ripoffreport. com/ Stereos/ George-Grover-The-Ho/ george-grover-the-home-theat-mm5p5. htm) [19] ScamShield Listing Colorado (http:/ / www. scamshield. com/ Sighting. asp?country=none& state=Colorado& article=1)
123
124
External links
A great deal of information and warnings on the topic of "white van speakers" can be found using search engines. Some of the more informative links include: A Kuro5hin story on "The Great International White Van Speaker Scam". (http://www.kuro5hin.org/story/ 2004/4/9/224439/1810) This American Life did an episode called Suckers (http://www.thislife.org/Radio_Episode.aspx?episode=222), one segment of which concerned white van speakers. Scamshield entry on white van speakers. (http://www.scamshield.com/Feature.asp?id=1) Crimes-of-Persuasion.com on Speaker Scams (http://www.crimes-of-persuasion.com/Crimes/InPerson/ speaker_scams.htm) http://www.fbaa.us/ (http://web.archive.org/web/20070404002512/http://www.fbaa.us/) -- Fake Better Business Bureau that claims to "certify" these companies (via Archive.org)
Badger game
The badger game is an extortion scheme, often perpetrated on married men, in which the victim or "mark" is tricked into a compromising position to make him vulnerable to blackmail. There are two competing explanations for the origin of the term badger game. One explanation is that the term originated in the practice of badger baiting. Another says that it derives its name from the state of Wisconsin (the Badger State), where the con allegedly either originated or was popularized. This con has been around since at least the early 19th century. There are several variations of the con; in the most typical form an attractive woman approaches a man, preferably a lonely, married man of some financial means from out of town, and entices him to a private place with the intent of maneuvering him into a compromising position, usually involving some sort of sexual act. Afterward an accomplice presents the victim with photographs, video, or similar evidence, and threatens to expose him unless blackmail money is paid. The woman may also claim that the sexual encounter was non-consensual and threaten the victim with a rape charge. It can also involve such things as the threat of a sexual harassment charge which may endanger the victim's career. In the days before photography or video, the accomplice would usually burst into the room during the act, claiming to be the woman's husband, father, older brother, etc., and demand justice. The con was particularly effective in the 19th and earlier 20th century when the social repercussions of adultery were much greater. A famous person known to have been victimized by the scheme was Alexander Hamilton, whose adulterous affair with Maria Reynolds was used by her husband to extort money and information from him. Variants of the con involve luring the mark with homosexual acts, underage girls, child pornography, bizarre sexual fetishes, or other activities deemed to have a particular social stigma. Another form involves accusations of professional misconduct. In an example of this form of the con, a "sick" woman would visit a physician, describing symptoms that required her to disrobe for the examination, require the doctor to examine the genitals, or ensure similar scrutiny from the doctor. During the examination an "outraged husband" or "outraged father" would enter the room and accuse the doctor of deviant misconduct. The "sick" woman, who is of course part of the con, takes the side of her accomplice and threatens the doctor with criminal charges or a lawsuit. This form of the badger game was first widely publicized in an article in the August 25, 1930 edition of Time magazine. Non-sexual versions of this con also exist, particularly among ethnic or religious groups with strong social taboos; for example coercing a Mormon to gamble or drink alcohol. The badger game has been featured as a plot device in numerous books, movies and television shows.
Badger game
125
References
Clip joint
A clip joint or fleshpot is an establishment, usually a strip club or entertainment bar, typically one claiming to offer adult entertainment or bottle service, in which customers are tricked into paying money and receive poor goods or services, or none, in return. Typically, clip joints suggest the possibility of sex, charge excessively high prices for watered-down drinks, and then eject customers when they become unwilling or unable to spend more money. The product or service may be illicit, offering the victim no recourse through official or legal channels. In the United States, clip joints were widespread during the national prohibition of alcohol from 1920 to 1933. They are generally outlawed in America now. For instance, the New York State Liquor Authority will impose penalties against any licensed premise permitting such conduct. Clip joints still operate openly in some areas of the world, such as Shanghai, where they prey on visiting foreigners.[1] [2]
The Scam
A typical scenario involves a young adult male (typically a tourist) being approached by a beautiful woman (typically either a local or claiming to be) who recommends a "favourite local" bar or club. The man is usually seated at a table and joined by a "hostess," who may or may not order drinks. Whether or not any "services" are performed or drinks are ordered has little bearing on the outlandish bill received at the end of the night. Bills are commonly hundreds of pounds, listing things like a "hostess fee" or "service charge." The arrival of the bill typically corresponds with the arrival of a few large bouncers to ensure payment. The beautiful woman or women who originally lured the mark to the location will often make an excuse and leave prior to the arrival of the bill. If confronted the establishment will claim that they have no connection with the woman and indicate that she arrived with the mark, and as such the mark is responsible for all of the items on the bill. This scam is in a legal grey area if extortion is not explicitly involved, since there is no law against charging high prices and the customer is primarily responsible for determining the prices of services to be rendered before accepting them. Often, a clip joint employee will wait near a legitimate club, and invite passing pedestrians into a "VIP" area. The potential customers are meant to believe that the person works for the nearby club, though they may not explicitly say so. Once inside, drinks are usually alcohol free (as they usually don't have a licence) or watered down and overpriced with no prices listed on the menu, and (as is typical) unrequested companion(s) may also arrive at the table.
Clip joint
126
References
[1] "Warnings Or Dangers: Shanghai. Hustlers, pimps and beggars" (http:/ / members. virtualtourist. com/ m/ 7987e/ f4fc8/ 8/ ). virtualtourist.com. 2 December 2006. . Retrieved 30 May 2010. [2] "Tea Ceremony Scam in Shanghai" (http:/ / www. tripadvisor. in/ ShowTopic-g294211-i642-k1172540-Tea_Ceremony_Scam_in_Shanghai_BEWARE-China. html). 30 April 2007. . Retrieved 30 May 2010. [3] http:/ / www. opsi. gov. uk/ Acts/ localact2007/ ukla_20070002_en_5 [4] "Cracking down on clip joint scams" (http:/ / news. bbc. co. uk/ 1/ hi/ uk/ 8175510. stm). BBC News. 6 October 2009. . Retrieved 30 April 2010. [5] Del, John (31 December 2007). "Roughed-Up Reveler Sues Club Over 3 Bottle Shakedown" (http:/ / gothamist. com/ 2007/ 12/ 31/ roughedup_revel. php). Gothamist. . Retrieved 10 September 2009.
External links
Soho clip joints (http://www.melonfarmers.co.uk/arsssoho.htm) NY Post article on Arena (http://www.nypost.com/seven/12302007/news/regionalnews/ bruising_battle_on_boozy__147966.htm) Soho clip joints to be forced out of business by police (http://www.guardian.co.uk/crime/article/ 0,2763,1158894,00.html), Guardian story: dated 29 February 2004, accessed 16 September 2006 Bottle Club Patron Roughed Up (http://gothamist.com/2007/12/31/roughedup_revel.php)
Insurance fraud
127
Insurance fraud
Insurance fraud is any act committed with the intent to fraudulently obtain payment from an insurer. Insurance fraud has existed ever since the beginning of insurance as a commercial enterprise.[1] Fraudulent claims account for a significant portion of all claims received by insurers, and cost billions of dollars annually. Types of insurance fraud are very diverse, and occur in all areas of insurance. Insurance crimes also range in severity, from slightly exaggerating claims to deliberately causing accidents or damage. Fraudulent activities also affect the lives of innocent people, both directly through accidental or purposeful injury or damage, and indirectly as these crimes cause insurance premiums to be higher. Insurance fraud poses a very significant problem, and governments and other organizations are making efforts to deter such activities.
Causes
The chief motive in all insurance crimes is financial profit.[1] Insurance contracts provide both the insured and the insurer with opportunities for exploitation. One reason that this opportunity arises is in the case of over-insurance, when the amount insured is greater than the actual value of the property insured.[1] This condition can be very difficult to avoid, especially since an insurance provider might sometimes encourage it in order to obtain greater profits.[1] This allows fraudsters to make profits by destroying their property because the payment they receive from their insurers is of greater value than the property they destroy. Insurance companies are also susceptible to fraud because false insurance claims can be made to appear like ordinary claims. This allows fraudsters to file claims for damages that never occurred, and so obtain payment with little or no initial cost. The most common form of insurance fraud is inflating of loss.
Insurance fraud
128
Insurance fraud
129
Automobile insurance
The Insurance Research Council estimated that in 1996, 21 to 36 percent of auto-insurance claims contained elements of suspected fraud.[14] There is a wide variety of schemes used to defraud automobile insurance providers. These ploys can differ greatly in complexity and severity. Richard A. Derrig, vice president of research for the Insurance Fraud Bureau of Massachusetts, lists several ways that auto-insurance fraud can occur. Examples of soft auto-insurance fraud can include filing more than one claim for a single injury, filing claims for injuries not related to an automobile accident, misreporting wage losses due to injuries, or reporting higher costs for car repairs than those that were actually paid. Hard auto-insurance fraud can include activities such as staging automobile collisions, filing claims when the claimant was not actually involved in the accident, submitting claims for medical treatments that were not received, or inventing injuries.[15] Hard fraud can also occur when claimants falsely report their vehicle as stolen. Soft fraud accounts for the majority of fraudulent auto-insurance claims.[14] Another example is that a person may illegally register their car to a location that would net them cheaper insurance rates than where they actually live, sometimes called "rate evasion". For example, some drivers in Brooklyn drive with Pennsylvania license plates because registering their car in a rural part of Pennsylvania will cost a lot less than registering it in Brooklyn. Another form of automobile insurance fraud, known as "fronting," involves registering someone other than the real primary driver of a car as the primary driver of the car. For example, parents might list themselves as the primary driver of their children's vehicles to avoid young driver premiums. "Crash for cash" scams may involve random unaware strangers, set to appear as the perpetrators of the orchestrated crashes.[16] Such techniques are the classic rear-end shunt (the driver in front suddenly slams on the brakes, eventually with brake lights disabled), the decoy rear-end shunt (when following one car, another one pulls in front of it, causing it to brake sharply, then the first car drives off) or the helpful wave shunt (the driver is waved in to a line of queuing traffic by the scammer who promptly crashes, then denies waving)[17] Organized crime rings can also be involved in auto-insurance fraud, sometimes carrying out schemes that are very complex. An example of one such ploy is given by Ken Dornstein, author of Accidentally, on Purpose: The Making of a Personal Injury Underworld in America. In this scheme, known as a swoop-and-squat, one or more drivers in swoop cars force an unsuspecting driver into position behind a squat car. This squat car, which is usually filled with several passengers, then slows abruptly, forcing the driver of the chosen car to collide with the squat car. The passengers in the squat car then file a claim with the other drivers insurance company. This claim often includes bills for medical treatments that were not necessary or not received.[18] An incident that took place on Golden State Freeway June 17, 1992, brought public attention to the existence of organized crime rings that stage auto accidents for insurance fraud. These schemes generally consist of three different levels. At the top, there are the professionals--doctors or lawyers who diagnose false injuries and/or file fraudulent claims and these earn the bulk of the profits from the fraud. Next are the "cappers" or "runners", the middlemen who obtain the cars to crash, farm out the claims to the professionals at the top, and recruit participants. These participants at the bottom-rung of the scheme are desperate people (poor immigrants or others in need of quick cash) who are paid around $1000 USD to place their bodies in the paths of cars and trucks, playing a kind of Russian roulette with their lives and those of unsuspecting motorists around them. According to investigators, cappers usually hire within their own ethnic groups. What makes busting these staged-accident crime rings difficult is how quickly they move into jurisdictions with lesser enforcement, after a crackdown in a particular region. As a result, in the US several levels of police and the insurance industry have cooperated in forming task forces and sharing databases to track claim histories. [19] [20]
Insurance fraud
130
Property insurance
Possible motivations for this can include obtaining payment that is worth more than the value of the property destroyed, or to destroy and subsequently receive payment for goods that could not otherwise be sold. According to Alfred Manes, the majority of property insurance crimes involve arson.[21] One reason for this is that any evidence that a fire was started by arson is often destroyed by the fire itself. According to the United States Fire Administration, in the United States there were approximately 31,000 fires caused by arson in 2006, resulting in losses of $755 million.[22] Example: The Moulin Rouge in Las Vegas was struck by arson twice within 6 years.[23]
Insurance fraud
131
Legislation
National and local governments, especially in the last half of the twentieth century, have recognized insurance fraud as a serious crime, and have made efforts to punish and prevent this practice. Some major developments are listed below:
United States
Insurance Fraud is specifically classified as a crime in all states, though a minority of states only criminalize certain types (i.e. Oregon only outlaws Worker Compensation fraud).[8] 19 states require mandatory insurer fraud plans. This requires companies to form programs to combat fraud and in some cases to develop investigation units to detect fraud.[8] 41 states have fraud bureaus. These are law enforcement agencies where investigators review fraud reports and begin the prosecution process.[8] Section 1347 of Title 18 of the United States Code states that whoever attempts or carries out a scheme or artifice to defraud a health care benefit program will be fined under this title or imprisoned not more than 10 years, or both. If this scheme results in bodily injury, the violator may be imprisoned up to 20 years, and if the scheme results in death the violator may be imprisoned for life.[31]
Canada
The Insurance Crime Prevention Bureau was founded in 1973 to help fight insurance fraud. This organization collects information on insurance fraud, and also carries out investigations. Approximately one third of these investigations result in criminal conviction, one third result in denial of the claim, and one third result in payment of the claim.[32] British Columbias Traffic Safety Statutes Amendment Act of 1997 states that any person who submits a motor vehicle insurance claim that contains false or misleading information may on the first offence be fined C$25,000, imprisoned for two years, or both. On the second offense, that person may be fined C$50,000, imprisoned for two years, or both.[33]
United Kingdom
A major portion of the Financial Services Act of 1986 was intended to help prevent fraud.[34] The Serious Fraud Office, set up in 1987 under the Criminal Justice Act, was established to improve the investigation and prosecution of serious and complex fraud.[34] The Fraud Act 2006 specifically defines fraud as a crime. This act defines fraud as being committed when a person makes a false representation, fails to disclose to another person information which he is under a legal duty to disclose, or abuses a position in which he or she is expected to safeguard, or not to act against, the financial interests of another person. This act also defines the penalties for fraud as imprisonment up to ten years, a fine, or both.[35]
Examples
Following are some examples of real instances of insurance fraud that occurred in recent years: According to a report by a United States district court in Illinois, a psychiatrist who practiced as the Assistant Medical Director and Medical Director at a psychiatric facility in Illinois from 1998 through 2002 submitted claims to Medicare for psychiatric and psychotherapy services that he in fact never actually provided. He also up-coded, or billed for more expensive services than those that were actually provided, many claims that he submitted to Medicare. In addition, he admitted patients that did not qualify for treatment so that he could submit bills for hospital care even though it was not medically necessary for those patients. Through these schemes, this
Insurance fraud psychiatrist was able to fraudulently obtain $875,881 in Medicare Reimbursements before his conviction in February 2005.[36] The Insurance Information Institute estimates that in New York, fraud and abuse in the states no-fault auto system cost New York drivers $229 million in 2009 as a result of dishonest medical service providers who file inflated and often bogus medical claims, unscrupulous lawyers who sue insurers that challenge these claims and others who help defraud insurers by staging accidents and recruiting supposedly injured claimants to fraudulent medical clinics. The average cost of a no-fault insurance claim in New York soared to $8,690 by the third quarter of 2009 and was the third-highest in the U.S. after Michigan and New Jersey. The average cost of a no-fault insurance claim in New York was up 55 percent from $5,615 at the end of 2004. [37] According to the Coalition Against Insurance Fraud, a former business executive from Chicago resorted to insurance fraud to pay off his debt of over $672,000. He set fire to his own home in order to collect insurance money on it. In order to disguise this act of arson, he trapped his ninety year old mother in the basement while the house was burning so that the fire would appear to be a suicide. He received about $600,000 in insurance money, but was eventually convicted on several charges and sentenced to 190 years in federal prison.[38]
132
Bibliography
Bolton, Richard J. and David J. Hand. "Statistical Fraud Detection: A Review." Statistical Science. 17.3 (2002): 235-249. Clarke, Michael. "The Control of Insurance Fraud, A Comparative View." The British Journal of Criminology. 30.1 (1990): 1-23. Coalition Against Insurance Fraud. Annual Report. Washington, DC: Coalition Against Insurance Fraud, 2006. Coalition Against Insurance Fraud. "Insurance Fraud Hall of Shame: Mother Almost Blamed for Son's Arson." 31 12 2006. Coalition Against Insurance Fraud. 13 December 2007.[39] Coalition Against Insurance Fraud. "Learn About Fraud." Coalition Against Insurance Fraud. 1 December 2007.[40] Derrig, Richard A. "Insurance Fraud." The Journal of Risk and Insurance. 69.3 (2002): 271-287. Dornstein, Ken. Accidentally on Purpose: The Making of a Personal Injury Underworld in America. New York: St. Martin's Press, 1996. Feldman, Roger. "An Economic Explanation for Fraud and Abuse in Public Medical Care Programs." The Journal of Legal Studies. 30.2 (2001): 569-577. Ghezzi, Susan Guarino. "A Private Network of Social Control: Insurance Investigative Units." Social Problems. 30.5 (1983): 521-531. Hyman, David A. "Health Care Fraud and Abuse: Market Change, Social Norms, and the Trust 'Reposed in the Workmen'." The Journal of Legal Studies. 30.2 (2001): 531-567. Insurance Information Institute. "Fraud." Insurance Information Institute. 1 December 2007.[41] Insurance Information Institute. "Insurance Fraud." Insurance Information Institute. 1 December 2007.[42] Insurance Information Institute. "No-Fault Insurance Fraud in N.Y. State." Insurance Information Institute. 1 December 2007.[43] Legislative Assembly of British Columbia. "Traffic Safety Statutes Amendment Act." 1997. Manes, Alfred. "Insurance Crimes." Journal of Criminal Law and Criminology 35.1 (1945): 34-42. Ministry of Justice. "Fraud Act 2006." 11 August 2006. The UK Statute Law Database. 13 December 2007.[44] National Health Care Anti-Fraud Association. "The Problem of Health Care Fraud." National Health Care Anti-Fraud Association. 1 December 2007.[45] Office of the Law Revision Counsel, U.S. House of Representatives. "United States Code; Title 18, Section 1347." 2 January 2006.[46]
Insurance fraud Pontell, Henry N., Paul D. Jesilow and Gilbert Geis. "Policing Physicians: Practitioner Fraud and Abuse in a Government Medical Program." Social Problems. 30.1 (1982): 117-125. Staple, George. "Serious and Complex Fraud: A New Perspective." The Modern Law Review. 56.2 (1993): 127-137. Tennyson, Sharon and Pau Salsas-Forn. "Claims Auditing in Automobile Insurance: Fraud Detection and Deterrence Objectives." The Journal of Risk and Insurance. 69.3 (2002): 289-308. U.S. Fire Administration. "Arson Fire Statistics." 11 October 2007. U.S. Fire Administration. 13 December 2007.[47] United States of America v. Naseem Chaudhry. United States District Court, Northern District of Illinois, Eastern Division. February 2005. Viaene, Stijn, et al. "A Comparison of State-of-the-Art Classification Techniques for Expert Automobile Insurance Claim Fraud Detection." The Journal of Risk and Insurance. 69.3 (2002): 373-421.
133
Citations
[1] [2] [3] [4] Manes, Alfred. "Insurance Crimes." p. 34. Coalition Against Insurance Fraud. Annual Report. Insurance Information Institute. "Insurance Fraud." National Health Care Anti-Fraud Association. "The Problem of Health Care Fraud."
[5] Hyman, David A. "Health Care Fraud and Abuse." p. 532. [6] Insurance Fraud Bureau. "Fighting Organized Insurance Fraud." p. 2. [7] Insurance Bureau of Canada. "Cost of Personal Injury Fraud." [8] Insurance Information Institute. "Fraud." [9] Coalition Against Insurance Fraud. "Learn About Fraud." [10] Feldman, Roger. "Economic Explanation." p. 569-570. [11] Hyman, David A. "Health Care Fraud and Abuse." p. 541. [12] Hyman, David A. "Health Care Fraud and Abuse." p. 547. [13] Pontell, Henry N., et al. "Policing Physicians." p. 118. [14] Tennyson, Sharon et al. "Claims Auditing" p. 289. [15] Derrig, Richard A. "Insurance Fraud." p. 274. [16] "BBC News - Car crash scams at record level" (http:/ / www. bbc. co. uk/ news/ uk-11046344). Bbc.co.uk. 2010-08-21. . Retrieved 2010-08-21. [17] The One Show Team - September 15, 2008 3:50 PM (2008-09-15). "Crash for cash - a scam for the unquestioning? - Consumer" (http:/ / www. bbc. co. uk/ blogs/ theoneshow/ consumer/ 2008/ 09/ 15/ crashing-in-on-crime. html). Bbc.co.uk. . Retrieved 2010-08-21. [18] Dornstein, Ken. Accidentally on Purpose. p. 3. [19] (http:/ / motherjones. com/ politics/ 1993/ 09/ swoop-and-squats#) [20] (http:/ / www. theglobeandmail. com/ report-on-business/ how-small-time-auto-insurance-scams-have-evolved-into-big-business-in-canada/ article1850088/ ) [21] Manes, Alfred. "Insurance Crimes." p. 35. [22] U.S. Fire Administration. "Arson Fire Statistics." [23] Mercury News 05/06/2009 http://www.mercurynews.com/breakingnews/ci_12308730 [24] "Housing and Council Tax Benefit fraud - Allerdale Borough Council" (http:/ / www. allerdale. gov. uk/ advice-and-benefits/ benefits/ housing-benefit/ housing-benefit-fraud. aspx). Allerdale.gov.uk. 2009-11-02. . Retrieved 2010-08-21. [25] Bolton, Richard J. Statistical Fraud Detection. p. 236. [26] Derrig, Richard A. "Insurance Fraud." p. 277. [27] Viaene, Stijn, et al. "Insurance Claim Fraud Detection." p. 375. [28] Derrig, Richard A. "Insurance Fraud." p. 278. [29] Viaene, Stijn, et al. "Insurance Claim Fraud Detection." p. 374. [30] Ghezzi, Susan Guarino. " Private Network." [31] Office of the Law Revision Counsel, U.S. House of Representatives. "United States Code." [32] Clarke, Michael. The Control of Insurance Fraud. p. 10. [33] Legislative Assembly of British Columbia. "Traffic Safety Statutes Amendment Act." [34] Staple, George. "Serious and Complex Fraud." p. 127. [35] Ministry of Justice. "Fraud Act 2006." [36] United States of America v. Naseem Chaudhry. [37] Insurance Information Institute. "No-Fault Insurance Fraud."
Insurance fraud
[38] Coalition Against Insurance Fraud. "Insurance Fraud Hall of Shame." p. 99. [39] "Articles on insurance fraud" (http:/ / www. insurancefraud. org/ article. lasso?RecID=1532). Insurancefraud.org. 2006-12-31. . Retrieved 2010-08-21. [40] "Learn about fraud" (http:/ / www. insurancefraud. org/ learn_about_fraud. htm). Insurancefraud.org. . Retrieved 2010-08-21. [41] "Fraud" (http:/ / www. iii. org/ media/ facts/ statsbyissue/ fraud/ ). III. . Retrieved 2010-08-21. [42] "Insurance Fraud" (http:/ / www. iii. org/ media/ hottopics/ insurance/ fraud/ ). III. . Retrieved 2010-08-21. [43] "Conozca los deducibles por huracanes y si aplica a su pliza de seguro de propietario de vivienda" (http:/ / www. iii. org/ media/ research/ newyorknofaultauto/ ). III. . Retrieved 2010-08-21. [44] "Fraud Act 2006 (c. 35) - Statute Law Database" (http:/ / www. statutelaw. gov. uk/ content. aspx?LegType=All+ Legislation& title=fraud& Year=2006& searchEnacted=0& extentMatchOnly=0& confersPower=0& blanketAmendment=0& sortAlpha=0& TYPE=QS& PageNumber=1& NavFrom=0& parentActiveTextDocId=2922456& ActiveTextDocId=2922458& fi). Statutelaw.gov.uk. 2007-01-15. . Retrieved 2010-08-21. [45] "Anti-Fraud Resource Center" (http:/ / www. nhcaa. org/ eweb/ DynamicPage. aspx?webcode=anti_fraud_resource_centr& wpscode=TheProblemOfHCFraud). Nhcaa.org. . Retrieved 2010-08-21. [46] "U.S. Code" (http:/ / uscode. house. gov/ uscode-cgi/ fastweb. exe?getdoc+ uscview+ t17t20+ 687+ 0+ + () AND ((18) ADJ USC):CITE AND (USC w/ 10 (1347)):CITE ). Uscode.house.gov. . Retrieved 2010-08-21. [47] "USFA Arson Fire Statistics" (http:/ / www. usfa. dhs. gov/ statistics/ arson/ index. shtm). Usfa.dhs.gov. 2010-01-05. . Retrieved 2010-08-21.
134
External links
Insurance Information Institute (http://www.iii.org/). Insurance Information Institute. National Health Care Anti-Fraud Association (http://www.nhcaa.org/). National Health Care Anti-Fraud Association. National Insurance Crime Bureau (http://www.nicb.org/). National Insurance Crime Bureau. Insurance Bureau of Canada (http://www.ibc.ca/). Insurance Bureau of Canada. UK Insurance Fraud Bureau (http://www.insurancefraudbureau.org/). U.S. Fire Administration (http://www.usfa.dhs.gov/) Insurance Research Council (http://www.ircweb.org/). Insurance Research Council. 2009 Florida report: Impacts of the Economy and Insurance Fraud (http://www.myfloridacfo.com/fraud/ forms/Economic_Impacts_8-2009.pdf)
Fiddle game
135
Fiddle game
The fiddle game is a confidence trick, involving two men. The first enters a restaurant, dressed poorly and carrying a violin, and asks to be seated. He eats his meal, then contrives a reason to leave (typically he is short a little money, but this could be any of a variety of reasons, as long as it allows for a swift return for payment). No host would allow him to do so, but as insurance he offers his violin, praising its sentimental value and emphasizing its necessary return. An agreement is reached; the man leaves. His partner then approaches the host, requesting to inspect the instrument. Doing so, he makes much ado about its hidden value, revealing it to be a lost masterpiece. He offers a large sum for it, but cannot wait for its owner to return; he leaves his card with the host and ask that he pass it along. This con, as many do, relies on the inherent dishonesty of the mark. An honest mark, upon the first man's return, will hand over both card and instrument, leaving the partners out the cost of two dinners, but still in possession of the violin. The other response, and the one the con artists hope for, is the dishonest man's. With the return of the first man, the mark will attempt to purchase the violin, banking on making a quick profit with the number of the collector. The first man parts with the violin, but very reluctantly, driving up the amount the mark is willing to pay. At the end, the partners split whatever the mark paid them for the violin; the mark is left with a cheap wooden toy and a bogus business number.
References
Pigeon drop
Pigeon drop is a confidence trick in which a mark or "pigeon" is persuaded to give up a sum of money in order to secure the rights to a larger sum of money, or more valuable object.[1] [2] [3] [4] In reality, the scammers make off with the money and the mark is left with nothing. In the process, the stranger (actually a confidence trickster) puts his money with the mark's money (in an envelope, briefcase, or sack) which the mark is then entrusted with. The money is actually not put into the sack or envelope, but is switched for a bag full of newspaper or other worthless material. Through various theatrics, the mark is given the opportunity to make off with money without the stranger realising. In actuality, the mark would be fleeing from his own money, which the con man still has (or has handed off to an accomplice).
References
[1] Swierczynski, Duane (2003), The complete idiot's guide to frauds, scams, and cons, Alpha Books, p.28, ISBN9780028644158 [2] "Psychology Today - How to Run a Con" (http:/ / blogs. psychologytoday. com/ blog/ the-moral-molecule/ 200811/ how-run-a-con). Blogs.psychologytoday.com. 2008-11-13. . Retrieved 2009-07-03. [3] Arrington, Rick (2006), Crime prevention: the law enforcement officer's practical guide, Jones & Bartlett Publishers, p.103, ISBN9780763741303 [4] Bercowetz, Cynthia (2004), Don't Get Ripped Off! Get Help! Tell It to George, Buy Books on the web, p.219, ISBN9780741422286
External links
Video of a live pigeon drop (http://www.youtube.com/watch?v=Ur3nMiP-XV0) How to Run a Con (http://blogs.psychologytoday.com/blog/the-moral-molecule/200811/how-run-a-con)
136
Mass-produced paintings
Most mass-produced prints and paintings originate in Asia. Some are essentially posters, sometimes referred to as "Hong Kong horrors", printed on rough paper, making the lack of brush strokes less apparent. Oil paintings are mass-produced in China, which does a booming business in legitimate replicas of old masters. In Dafen, in Shenzhen, China, 10,000 painters produce up to 30 paintings a day and some five million paintings are exported each year, about 10% of which are not copies, but original works. The paintings sell for as little as US$10 each.[9]
United States
From the summer of 2000, news outlets in the Pacific Northwest reported young people posing as Israeli students selling mass-produced oil paintings, both copies and originals, for US$80$200 each. The 'art students' were said to be going door-to-door primarily targeting residential neighborhoods and businesses with people "who might like art". They claimed to be studying at art universities in Israel, and to be in the United States selling works by talented fellow students to raise money for art supplies or school fees.[3] Through the early 2000s some 130 separate incidents of 'art student' encounters" were reported across the United States. Allegations of Israeli spying were raised after the leaking of an internal DEA report suggesting a connection between the art scammers and a spy ring.[10] Several dozen Israelis in their twenties, including supposed art students, were deported for undertaking paid work not allowed by their visas.[11] Israel dismissed claims of spying as "nonsense."[10] In 2010 the scam surfaced again in Saratoga Springs, Northern Utah County, with allegations that the Israeli art students were asking about the new National Security Agency's data center being built at Camp Williams.[12]
137
Canada
In 2004, a group of Israelis said to have been selling mass-produced paintings as their own work, for hundreds of dollars each, were deported from Canada for working in violation of their visas.[18] The scam recurred in 2009 in Calgary, and Warman, Saskatchewan; eight people claiming to be students from Israel, Germany and France were arrested and 100 paintings were seized by the Royal Canadian Mounted Police and Border Services.[19]
China
In China, scammers approach tourists at popular attractions such as the Forbidden City and Tiananmen Square.[20] The scammer speaks English well enough to get into a conversation with the foreigner. The scammer claims to be an art student whose works are on display at a nearby exhibition which is part of the scam and sells mass-produced art reproductions at exorbitant prices. There are warnings about this scam in tourist guides.[21] [22]
References
[1] "Scam art ripples Peninsula 'Students' up-sell cheap, mass-produced works door-to-door". Peace Arch News (The (White Rock, British Columbia, Canada)): p.1. Tuesday, August 10, 2004. ""An Israeli art scam with suggested links to espionage and fundamentalist fundraisers may have turned up on the Semiahmoo Peninsula. At least half a dozen locals-probably more-were likely duped by the hoax, which has for years puzzled North American authorities.Young Israelis posing as art students travel door-to-door hocking mass-produced art as their own. The works are worth little, but still sell for hundreds of dollars to naive customers."" [2] Wilton, Suzanne, "Art-sales-scam ringleaders ordered to leave Canada", Vancouver Sun, Vancouver, B.C.: Aug 7, 2004. pg. A.8. [3] "Information On An Israeli Art Scam" (http:/ / www. komonews. com/ news/ archive/ 4007381. html). Komo News. August 30, 2006. . [4] Moyes, Sarah; Michelle Robinson (5 March 2010). "Warning on art scam" (http:/ / www. stuff. co. nz/ auckland/ local-news/ east-bays-courier/ 3403169/ Warning-on-art-scam). East And Bays Courier. . Retrieved 29 July 2010. [5] "Foreign students caught up in fake art scam" (http:/ / www. abc. net. au/ news/ stories/ 2008/ 04/ 18/ 2220627. htm). Australian Broadcasting Corporation. April 18, 2008. . [6] Gandia, Renato (August 19, 2009). ""Israeli art scam" preying on people's kindness" (http:/ / www. calgarysun. com/ news/ alberta/ 2009/ 08/ 19/ 10523156. html). Calgary Sun. . [7] "Oil painting scam hits the Border" (http:/ / www. bordermail. com. au/ news/ local/ news/ general/ oil-painting-scam-hits-the-border/ 1494344. aspx). Border Mail. April 22, 2009. . [8] Dye, Stuart (February 4, 2004). "Brush with law reveals art scam" (http:/ / www. nzherald. co. nz/ nz/ news/ article. cfm?c_id=1& objectid=3547311). NZ Herald. . Coulter, Narelle (January 18, 2006). "Door slammed on original art scam" (http:/ / www. starnewsgroup. com. au/ story/ 8437). Star News Group. . Feek, Belinda (January 19, 2010). "Warnings out over art scam" (http:/ / findarticles. com/ p/ news-articles/ waikato-times/ mi_8054/ is_20100119/ warnings-art-scam/ ai_n48688542/ ?tag=content;col1). Waikato Times. . [9] Chinese Art (http:/ / www. shanghai-central. com/ shanghai art. html), shanghai-central.com. [10] Guttman, Nathan (May 7, 2002). "Spies, or students? Were the Israelis just trying to sell their paintings, or agents in a massive espionage ring?" (http:/ / www. haaretz. com/ print-edition/ features/ spies-or-students-1. 45243). Haaretz. . [11] "Israeli student 'spy ring' revealed" (http:/ / www. guardian. co. uk/ education/ 2002/ mar/ 06/ internationaleducationnews. highereducation). London: The Guardian. March 6, 2002. . Retrieved March 6, 2010. [12] Door-to-door spies in Utah County? (http:/ / www. abc4. com/ content/ news/ slc/ story/ Door-to-door-spies-in-Utah-County/ sjOWsjk_zEqf6QeAfk4ZJw. cspx) ABC4 News 9/29/01. [13] Rogers, Sy (2 March 2009). "Beware of Israeli door-to-door art scams!" (http:/ / www. designfederation. net/ general/ beware-of-door-to-door-art-scams/ ). Design Federation. . Retrieved 29 July 2010. [14] "Police arrest 23yo over alleged art scam" (http:/ / www. abc. net. au/ news/ stories/ 2008/ 12/ 13/ 2445638. htm?site=idx-nsw). ABC News (Australia). 13 December 2008. . Retrieved 29 July 2010. [15] Robinson, Michelle (4 March 2010). "Door-to-door art scam" (http:/ / www. stuff. co. nz/ auckland/ local-news/ north-shore-times/ 3399549/ Door-to-door-art-scam). North Shore Times. . Retrieved 29 July 2010. [16] Thomson, Alister (12 April 2010). "Bogus student touting art fakes around Clive" (http:/ / www. hawkesbaytoday. co. nz/ local/ news/ bogus-student-touting-art-fakes-around-clive/ 3912395/ ). Hawke's Bay Today. . Retrieved 29 July 2010. [17] "Art sellers painting a suspect picture" (http:/ / www. northernadvocate. co. nz/ local/ news/ art-sellers-painting-a-suspect-picture/ 3912676/ ). The Northern Advocate. 18 April 2010. . Retrieved 29 July 2010. [18] "Scam art ripples Peninsula 'Students' up-sell cheap, mass-produced works door-to-door". Peace Arch News (The (White Rock, British Columbia, Canada)): p.1. Tuesday, August 10, 2004. ""An Israeli art scam with suggested links to espionage and fundamentalist fundraisers may have turned up on the Semiahmoo Peninsula. At least half a dozen locals-probably more-were likely duped by the hoax, which has for
138
Psychic surgery
139
Psychic surgery
Psychic Surgery
Terminology
Definition The use of paranormal means to conduct an alleged invasive medical procedure. Signature Status See also The apparent insertion of the practitioner's hands into a patient's body. Debunked as sleight of hand. Some results may be attributed to placebo. sleight of hand
Psychic surgery is a procedure typically involving the supposed creation of an incision using only the bare hands, the supposed removal of pathological matter, and the seemingly spontaneous healing of the incision. Psychic surgery has been condemned in many countries as a form of medical fraud.[1] [2] [3] It has been denounced by the US Federal Trade Commission as a "total hoax",[2] and the American Cancer Society maintains that psychic surgery may cause needless death by keeping the ill away from life-saving medical care.[3] Medical professionals and skeptics classify it as sleight of hand and any positive results as a placebo effect.[4] [5] [6] [7] It first appeared in the Spiritualist communities of the Philippines and Brazil in the mid-1900s, and it has taken different paths in those two countries.
Procedure
Although psychic surgery varies by region and practitioner, it usually follows some common lines. Without the use of a surgical instrument, a practitioner will press the tips of his/her fingers against the patient's skin in the area to be treated. The practitioner's hands appear to penetrate into the patient's body painlessly and blood seems to flow. The practitioner will then show organic matter or foreign objects apparently removed from the patient's body, clean the area, and then end the procedure with the patient's skin showing no wounds or scars. Most cases do not involve actual surgery although some practitioners make real incisions.[8] In regions of the world where belief in evil spirits is prevalent, practitioners will sometimes exhibit objects, such as glass, explaining that the foreign bodies were placed in the patient's body by evil spirits.[3]
History
Accounts of psychic surgery started to appear in the Spiritualist communities of the Philippines and Brazil in the mid-1900s.
Philippines
In the Philippines, the procedure was first noticed in the 1940s, when performed routinely by Eleuterio Terte. Terte and his pupil Tony Agpaoa, who was apparently associated with the Union Espiritista Christiana de Filipinas (The Christian Spiritist Union of the Philippines), trained others in this procedure.[3] In 1959, the procedure came to the attention of the U. S. public after the publication of Into the Strange Unknown by Ron Ormond and Ormond McGill. The authors called the practice "fourth dimensional surgery," and wrote "[we] still dont know what to think; but we have motion pictures to show it wasnt the work of any normal magician, and could very well be just what the Filipinos said it was a miracle of God performed by a fourth dimensional surgeon."[9]
Psychic surgery Alex Orbito, who became well-known in the U. S. through his association with actress Shirley MacLaine[10] was one said practitioner of the procedure. On June 14, 2005, Orbito was arrested by Canadian authorities and indicted for fraud.[11] On Jan 20, 2006, the charges were dropped as it then seemed unlikely that Orbito would be convicted.[12] Psychic surgery made U.S. tabloid headlines in March 1984 when comedian Andy Kaufman, diagnosed with large cell carcinoma (a rare lung cancer), traveled to the Philippines for a six-week course of psychic surgery.[13] Practitioner Jun Labo claimed to have removed large cancerous tumors and Kaufman declared to believe the cancer had been removed. Kaufman died from renal failure as consequence of a metastatic lung cancer, on May 16, 1984.[14] [15]
140
Brazil
The origins of the practice in Brazil are obscure; but by the late 1950s several "spiritual healers" were practicing in the country. Many of them were associated with Kardecism, a major spiritualistic movement in Brazil, and claimed to be performing their operations merely as channels for spirits of deceased medical doctors.[16] Others were following practices and rituals known as "Umbanda", a shamanic ritualistic religion with mediumistic overtones inherited from the African slaves brought to the country in colonial times. A known Brazilian psychic healer who routinely practiced psychic surgery was Z Arig, who claimed to be channeling for a deceased medical doctor of name Dr. Fritz. Unlike most other psychic healers, who work bare-handed, Arig used a non surgical blade.[17] Other psychic healers who claimed to channel for Dr. Fritz were Edson Queiroz and Rubens Farias Jr..[18] Popular today (especially abroad) is Joo de Deus, a psychic healer in Abadinia, state of Gois.[19] According to the descriptions of Yoshiaki Omura, Brazilian psychic surgery appears to be different from that practiced in the Philippines. Omura calls attention to the fact that practitioners in Brazil use techniques resembling Qi Gong, Shiatsu massage, and chiropractic manipulation. Some patients are also injected with a brown liquid, and alleged minor surgery was performed in about 20% of the cases observed.[20] While Arig performed his procedures using kitchen knives in improvised settings, Omura reports that the clamping of blood vessels and the closing of the surgical wounds are now performed by licensed surgeons or licensed nurses.[16]
Psychic surgery
141
Accusations of fraud
According to stage magician James Randi, psychic surgery is a sleight-of-hand confidence trick. He has said that in personal observations of the procedure, and in movies showing the procedures, he can spot sleight-of-hand moves that are evident to experienced stage magicians, but might deceive a casual observer. Randi has replicated the appearance of psychic surgery himself through the use of sleight-of-hand.[24] Professional magicians Milbourne Christopher and Robert Gurtler have also observed psychic surgeons at work, and claimed to have spotted the use of sleight-of-hand. On his A&E show Mindfreak in the episode "Sucker," illusionist Criss Angel performed "Psychic Surgery," showing first-hand how it may be done (fake blood, plastic bags and chicken livers were used). In Randi's view, the healer would slightly roll or pinch the skin over the area to be treated. When his flattened hand reaches under the roll of skin, it looks and feels as if the practitioner is actually entering into the patient's body. The healer would have prepared in advance small pellets or bags of animal entrails which would be palmed in his hand or hidden beneath the table within easy reach. This organic matter would simulate the "diseased" tissue that the healer would claim to be removing. If the healer wants to simulate bleeding, he might squeeze a bladder of animal blood or an impregnated sponge. If done properly, this procedure may deceive patients and observers. However, some "psychic surgery" procedures do not rely solely on the "sleight of hand" described, as at least one Brazilian performer also cuts his victims' skin to heighten the illusion.[25] The practitioners are using sleight of hand techniques to produce blood or blood-like fluids, animal tissue or substitutes, and/or various foreign objects from folds of skin of the patient as part of a confidence game for financial benefit of the practitioner. Two psychic surgery practitioners provided testimony in a Federal Trade Commission trial that, to their knowledge, the organic matter supposedly removed from the patients usually consists of animal tissue and clotted blood.[3]
In popular culture
In the 1989 film Penn & Teller Get Killed, comedic magicians Penn and Teller demonstrate how to perform the illusion of psychic surgery. A 1989 episode of Unsolved Mysteries featured a police officer whose mother claimed to have been cured by psychic surgery, only to die shortly thereafter; her autopsy revealed several tumors. The policeman described himself going undercover to feign illness and desiring psychic surgery, and having the feeling of the practitioner using sleight of hand to supposedly dig into his tissue, as well suspecting that the "cysts" and "tumors" being removed from his body were in actuality ready made chicken parts. In the TV show Criss Angel Mindfreak, Season 2 Episode "Sucker", Criss explains psychic surgery as a deception. In the BBC documentary Full Circle with Michael Palin, Michael Palin visits two psychic surgeons while venturing through the Philippines and even assists one of them on a procedure. In the 1998 Christmas special "Black Canary" of BBC series Jonathan Creek, Jonathan as an expert and designer of illusions exposes the psychic surgeon as being a hoax. In the 1999 movie Man on the Moon, a movie based on the life of Andy Kaufman, Kaufman receives psychic surgery and notices the "sleight of hand". In a 2008 episode of a Turkish talk show, "Brian Brushwood", bizarre magician and host of Revision3's Scam School, demonstrated the practice on someone with appendicitis, exposing the fraudulent practices.
Psychic surgery
142
Footnotes
[1] "FTC Decision, JulyDecember 1975" (http:/ / www. ftc. gov/ os/ decisions/ docs/ vol86/ FTC_VOLUME_DECISION_86_(JULY_-_DECEMBER_1975)PAGES_715-825. pdf). . Retrieved 2007-08-19. [2] "F.T.C. Curtails the Promotion Of All Psychic Surgery Tours - The New York Times" (http:/ / select. nytimes. com/ gst/ abstract. html?res=F20E17F73C5B157493C7AB178BD95F418785F9). 1975-10-25. . Retrieved 2007-08-19. [3] "Psychic surgery" (http:/ / caonline. amcancersoc. org/ cgi/ reprint/ 40/ 3/ 184). CA: a cancer journal for clinicians 40 (3): 1848. 1990. doi:10.3322/canjclin.40.3.184. PMID2110023. . Retrieved 2007-08-19. [4] Randi, James (1989). The Faith Healers. Prometheus Books. ISBN0-87975-535-0. [5] David Vernon in Skeptical - a Handbook of Pseudoscience and the Paranormal, ed Donald Laycock, David Vernon, Colin Groves, Simon Brown, Imagecraft, Canberra, 1989, ISBN 0731657942, p47 [6] Evan, Dylan (2003). Placebo. Mind over matter in modern medicine.. Great Britain: Harper Collins Publishers. ISBN0-00-712613-1. [7] Brody, Howard M.D. PhD (2000). The Placebo response. New York: Harper Collins Publishers. ISBN0-06-019493-6. [8] Spence, Lewis (2003). Encyclopedia of Occultism & Parapsychology Vol. 2. Kessinger Publishing Co. pp.750. ISBN978-0766128170. [9] Into the Strange Unknown By the Two Men Who Lived Every Moment of it (http:/ / www. biblio. com/ details. php?dcx=134022077& aid=frg). The Esoteric Foundation. 1959. ISBN0-87975-535-0. . [10] "Fake healing" (http:/ / www. rickross. com/ reference/ general/ general475. html). . Retrieved 2007-08-19. [11] "The Filipino Reporter" (http:/ / www. filipinoreporter. com/ archive/ 3327/ headline03. htm). . Retrieved 2007-08-19. [12] "The Filipino Reporter" (http:/ / www. filipinoreporter. com/ archive/ 3424/ headline05. htm). . Retrieved 2007-08-19. [13] ", Psychic Surgery" (http:/ / www. benatural. org/ psychic-surgery. html). . Retrieved 2007-08-19. [14] "Andy Kaufman's death certificate" (http:/ / www. findadeath. com/ Deceased/ k/ Andy Kauffman/ dc. jpg). . Retrieved 2007-08-19. [15] California Death Index (http:/ / vitals. rootsweb. com/ ca/ death/ search. cgi) [16] "Yoshiaki Omura on psychic surgery in Brazil" (http:/ / www. aegis. com/ aidsline/ 1997/ oct/ M97A0099. html). . Retrieved 2007-08-19. [17] "James Randi Educational Foundation Arig, Jos" (http:/ / www. randi. org/ encyclopedia/ Arigo, Jose. html). . Retrieved 2007-08-19. [18] "Rio Journal;Live, in Brazil (Again): The Reincarnated Dr. Fritz - New York Times" (http:/ / query. nytimes. com/ gst/ fullpage. html?res=9A07E1DD1039F931A25752C0A960958260& sec=health& spon=& pagewanted=all). The New York Times. 1996-01-12. . Retrieved 2007-08-19. [19] "John of God" (http:/ / skepdic. com/ johnofgod. html). . Retrieved 2007-08-19. [20] Omura Y. Impression on observing psychic surgery and healing in Brazil which appear to incorporate (+) qi gong energy & the use of acupuncture points. Acupunct Electrother Res. 1997;22(1):17-33. PMID: 9188913 [21] "F.T.C. Curbs Philippines Flights For Cures by 'Psychic Surgery'"; New York Times March 15, 1975, p. 11 (Judge Hanscom: "pure and unmitigated fakery... simply phony") [22] "Unconventional therapies--Psychic surgery" (http:/ / web. archive. org/ web/ 20070202112741/ http:/ / www. bccancer. bc. ca/ PPI/ UnconventionalTherapies/ PsychicSurgery. htm). British Columbia Cancer Agency. February 2000. Archived from the original (http:/ / www. bccancer. bc. ca/ PPI/ UnconventionalTherapies/ PsychicSurgery. htm) on 2007-02-02. . Retrieved 2007-04-01. [23] "NCAHF Statements on Faith Healing and Psychic Surgery" (http:/ / www. ncahf. org/ pp/ faith. html). . Retrieved 2007-08-19. [24] The following images are of Randi demonstrating "psychic surgery": prepare (http:/ / www. csicop. org/ webmaster/ randi/ prepare. jpg) go in (http:/ / www. csicop. org/ webmaster/ randi/ go-in. jpg) come out (http:/ / www. csicop. org/ webmaster/ randi/ come-out. jpg) [25] Commentary, February 18, 2005, A Special Analysis (http:/ / www. randi. org/ jr/ 021805a. html#5)
External links
James Randi debunks "psychic surgery" (http://youtube.com/watch?v=p3RC3M5VKAQ) Turkish Television (http://www.youtube.com/watch?v=vuwMhDkd6Qo) Brian Brushwood debunks psychic surgery Unconventional therapies - Psychic Surgery (http://www.bccancer.bc.ca/PPI/UnconventionalTherapies/ PsychicSurgery.htm) overview by the British Columbia Cancer Agency Psychic "surgery" (http://skepdic.com/psurgery.html) definition in the Skeptic's Dictionary Fake Healing (http://www.rickross.com/reference/general/general475.html) - a description of an event involving Mr. Orbito with editorial commentary. Abstract (http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd=Retrieve&db=PubMed& list_uids=9188913&dopt=Abstract) "Psychic Surgery" (1990) Ca. Cancer J. Clin. 40(3) 184-8 Abstract (http://caonline.amcancersoc.org/cgi/ content/abstract/40/3/184) Full text (http://caonline.amcancersoc.org/cgi/reprint/40/3/184.pdf)
Psychic surgery Terte/Agpaoa origins; exposed by Milbourne Christopher and Robert Gurtler. "Sideshows of Science," David Perlman, San Francisco Chronicle, January 8, 2001; text (http://www.rickross. com/reference/general/general327.html). Reference to "psychic underground" 'Psychic surgeon' a heel, not a healer, police say (http://www.theglobeandmail.com/servlet/story/RTGAM. 20050616.wxfraud16/BNStory/National/) Globe and Mail story on Orbito's 2005 arrest in Toronto Psychic surgeon charged (http://www.filipinoreporter.com/archive/3327/headline03.htm) Filipino Reporter story on Orbito's 2005 arrest in Toronto
143
Organized crime
144
Organized crime
Criminology and penology Theories Anomie Differential association theory Deviance Labeling theory Psychopathy Rational choice theory (criminology) Social control theory Social disorganization theory Social learning theory Strain theory Subcultural theory Symbolic interactionismVictimology Types of crimes Blue-collar crimeCorporate crime Juvenile crime Organized crime Political crimePublic order crime Public order case law in the U.S. State crimeState-corporate crime White-collar crimeVictimless crime Penology DeterrencePrison
Organized crime
145
Prison reformPrisoner abuse Prisoners' rightsRehabilitation RecidivismRetribution Utilitarianism
Criminal justice portal
Organized crime or criminal organizations are transnational, national, or local groupings of highly centralized enterprises run by criminals for the purpose of engaging in illegal activity, most commonly for monetary profit. Some criminal organizations, such as terrorist organizations, are politically motivated (see Violent non-state actor (VNSA)). Gangs may become "disciplined" enough to be considered "organized". An organized gang or criminal set can also be referred to as a mob. Mafia is a term used to describe a number of criminal organizations around the world. The first organization to bear the label was the Sicilian Mafia based in Sicily, known to its members as Cosa Nostra. In the United States, "the Mafia" generally refers to the Italian American Mafia. Other organizations described as mafias include the Russian Mafia, the Irish Mob, the Chinese Triads, the Albanian Mafia, Bosnian mafia, the Japanese Yakuza, the Neapolitan Camorra, the Calabrian 'Ndrangheta, the Apulian Sacra Corona Unita, the Indian Mafia, the Corsican Mafia, the Serbian Mafia, the Mexican Mafia and the Bulgarian mafia. There are also a number of localized mafia organizations around the world bearing no link to any specific ethnic background. In the United States the Organized Crime Control Act (1970) defines organized crime as "The unlawful activities of [...] a highly organized, disciplined association [...]".[1] Criminal activity as a structured group is referred to as racketeering and such crime is commonly referred to as the work of the Mob.
"If we take a global rather than strictly domestic view, it becomes evident even crime of the organized kind has a long if not necessarily noble heritage. The word 'thug' dates to early 13th-century India, when Thugs, or gangs of criminals, roamed from town to town, looting and pillaging. Smuggling and drug-trafficking rings are as old as the hills in Asia and Africa, and extant criminal organizations in Italy and Japan [3] trace their histories back several centuries..."
As Lunde states, "Barbarian conquerors, whether Vandals, Goths, Norsemen, Turks or Mongols are not normally thought of as organized crime groups, yet they share many features associated with successful criminal organizations. They were for the most part non-ideological, predominantly ethnically based, used violence and intimidation, and adhered to their own codes of law."[2] Organized crime most typically flourishes when a central government and civil society is disorganized, weak, absent or untrusted. This may occur in a society facing periods of political, economic or social turmoil or transition, such as a change of government or a period of rapid economic development, particularly if the society lacks strong and established institutions and the rule of law. The dissolution of the Soviet Union and the Revolutions of 1989 in Eastern Europe that saw the downfall of the Communist Bloc created a breeding ground for organized criminal organizations. The newest growth sectors for organized crime are identity theft and online extortion. These activities are troubling because they discourage consumers from using the Internet for e-commerce. E-commerce was supposed to level the
Organized crime playing ground between small and large businesses, but the growth of online organized crime is leading to the opposite effect; large businesses are able to afford more bandwidth (to resist denial-of-service attacks) and superior security. Furthermore, organized crime using the Internet is much harder to trace down for the police (even though they increasingly deploy cybercops) since most police forces and law enforcement agencies operate within a local or national jurisdiction while the Internet makes it easier for criminal organizations to operate across such boundaries without detection. In the past criminal organizations have naturally limited themselves by their need to expand. This has put them in competition with each other. This competition, often leading to violence, uses valuable resources such as manpower (either killed or sent to prison), equipment and finances. In the United States, the Irish Mob boss of the Winter Hill Gang (in the 1980s) turned informant for the Federal Bureau of Investigation (FBI). He used this position to eliminate competition and consolidate power within the city of Boston which led to the imprisonment of several senior organized crime figures including Gennaro Angiulo, underboss of the Patriarca crime family. Infighting sometimes occurs within an organization, such as the Castellamarese war of 193031 and the Boston Irish Mob Wars of the 1960s and 1970s. Today criminal organizations are increasingly working together, realizing that it is better to work in cooperation rather than in competition with each other. This has led to the rise of global criminal organizations such as Mara Salvatrucha and the 18th Street gang. The Italian-American Mafia in the U.S. have had links with organized crime groups in Italy such as the Camorra, the 'Ndrangheta, Sacra Corona Unita, and Sicilian Mafia. The Cosa Nostra has also been known to work with the Irish Mob (John Gotti of the Gambino family Mugshot of Charles Luciano in 1936, Sicilian and James Coonan of the Westies are known to have worked together, mobster. with the Westies operating as a contract hit squad for the Gambino family after they helped Coonan come to power), the Japanese Yakuza and the Russian Mafia. The United Nations Office on Drugs and Crime estimated that organized crime groups held $322 billion in assets in 2005.[4] This rise in cooperation between criminal organizations has meant that law enforcement agencies are increasingly having to work together. The FBI operates an organized crime section from its headquarters in Washington, D.C. and is known to work with other national (e.g., Polizia di Stato, Russian Federal Security Service (FSB), and the Royal Canadian Mounted Police), federal (e.g., Bureau of Alcohol, Tobacco, Firearms, and Explosives, Drug Enforcement Administration, United States Marshals Service, and the United States Coast Guard), state (e.g., Massachusetts State Police Special Investigation Unit and the New York State Police Bureau of Criminal Investigation) and city (e.g., New York City Police Department Organized Crime Unit and the Los Angeles Police Department Special Operations Division) law enforcement agencies.
146
Organized crime
147
Ideological crime
In addition to what is considered traditional organized crime involving direct crimes of fraud swindles, scams, racketeering and other Racketeer Influenced and Corrupt Organizations Act (RICO) predicate acts motivated for the accumulation of monetary gain, there is also non-traditional organized crime which is engaged in for political or ideological gain or acceptance. Such crime groups are often labeled terrorist organizations and include such groups as Al-Qaeda, Animal Liberation Front, Army of God, Black Liberation Army, The Covenant, The Sword, and the Arm of the Lord, Earth Liberation Front, Hamas, Hezbollah, Irish Republican Army, Kurdistan Workers' Party, Lashkar e Toiba, May 19th Communist Organization, The Order, Revolutionary Armed Forces of Colombia, Symbionese Liberation Army, Taliban, United Freedom Front and Weather Underground.
Typical activities
Organized crime often victimize businesses through the use of extortion or theft and fraud activities like hijacking cargo trucks, robbing goods, committing bankruptcy fraud (also known as "bust-out"), insurance fraud or stock fraud (inside trading). Organized crime groups also victimize individuals by car theft (either for dismantling at "chop shops" or for export), art theft, bank robbery, burglary, jewelry theft, computer hacking, credit card fraud, economic espionage, embezzlement, identity theft, and securities fraud ("pump and dump" scam). Some organized crime groups defraud national, state, or local governments by bid-rigging public projects, counterfeiting money, smuggling or manufacturing untaxed alcohol (bootlegging) or cigarettes (buttlegging), and providing immigrant workers to avoid taxes. Organized crime groups seek out corrupt public officials in executive, law enforcement, and judicial roles so that their activities can avoid, or at least receive early warnings about, investigation and prosecution. Organized crime groups also provide a range of illegal services and goods, such as loansharking of money at very high interest rates, assassination, blackmailing, bombings, bookmaking and illegal gambling, confidence tricks, copyright infringement, counterfeiting of intellectual property, kidnapping, prostitution, drug trafficking, arms trafficking, oil smuggling, organ trafficking, contract killing, identity document forgery, illegal dumping of toxic waste, illegal trading of nuclear materials, military equipment smuggling, nuclear weapons smuggling, passport fraud, providing illegal immigration and cheap labor, people smuggling, trading in endangered species, and trafficking in human beings. Organized crime groups also do a range of business and labour racketeering activities, such as skimming casinos, insider trading, setting up monopolies in industries such as garbage collecting, construction and cement pouring, bid rigging, getting "no-show" and "no-work" jobs, money laundering, political corruption, bullying and ideological clamping.
Organized crime
148
Footnotes
[1] [2] [3] [4] http:/ / www. atf. gov/ pub/ fire-explo_pub/ xcomplete. htm Paul Lunde, Organized Crime, 2004. Sullivan, Robert, ed. Mobsters and Gangsters: Organized Crime in America, from Al Capone to Tony Soprano. New York: Life Books, 2002. "Market Value of Organized Crime-Havocscope Black Market" (http:/ / www. havocscope. com/ market-value-of-organized-crime-322-billion/ ). .
External links
Mob Life: Gangster Kings of Crime (http://www.life.com/image/first/in-gallery/37642/ mob-life-gangster-kings-of-crime#index/0) - slideshow by Life magazine BBC radio series on global crime (including audio files) (http://www.bbc.co.uk/worldservice/programmes/ global_crime_report/radioseries/) UNODC - United Nations Office on Drugs and Crime (http://www.unodc.org/unodc/en/organized-crime/ index.html) Sub-section dealing with organized crime worldwide Organized Crime Research (http://www.organized-crime.de) Has a vast collection of definitions of organized crime, reviews of books on organized crime, research papers, and other material IOCNI (http://www.iocni.com) International organized crime news and information Crimestoppers (http://www.crimestoppers-uk.org) Pass on information about crime anonymously to the crime-fighting charity Squeezing a balloon? (http://www.cmi.no/publications/file/3399-squeezing-a-balloon.pdf) Squeezing a balloon? Challenging the nexus between organised crime and corruption "Organized Crime." Oxford Bibliographies Online: Criminology. (http://oxfordbibliographiesonline.com/ display/id/obo-9780195396607-0021) Havocscope Black Market (http://www.havocscope.com/) Data on organized crime businesses and activities An Inside Look at Mexican Guns and Arms Trafficking (http://www.mexidata.info/id2684.html) Organised Crime Research Resources (http://www.sccjr.ac.uk/subjects/Organised-and-WhiteCollar-Crime/6) by the Scottish Centre for Crime and Justice Research (http://www.sccjr.ac.uk) Compilation of useful resources about Organised Crime (http://www.sccjr.ac.uk/pubs/ Information-Resources-on-Organised-Crime/247) developed and regularly maintained by the Scottish Centre for Crime and Justice Research (http://www.sccjr.ac.uk) and the Scottish Crime and Drug Enforcement Agency (SCDEA) (http://www.sdea.police.uk/)
Identity theft
149
Identity theft
Identity theft is a form of fraud or cheating of another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name. The victim of identity theft (here meaning the person whose identity has been assumed by the identity thief) can suffer adverse consequences if he or she is held accountable for the perpetrator's actions. Organizations and individuals who are duped or defrauded by the identity thief can also suffer adverse consequences and losses, and to that extent are also victims. The term identity theft was coined in 1964[1] and is actually a misnomer, since it is not literally possible to steal an identity as such - more accurate terms would be identity fraud or impersonation or identity cloning but identity theft has become commonplace. "Determining the link between data breaches and identity theft is challenging, primarily because identity theft victims often do not know how their personal information was obtained," and identity theft is not always detectable by the individual victims, according to a report done for the FTC.[2] Identity fraud is often but not necessarily the consequence of identity theft. Someone can steal or misappropriate personal information without then committing identity theft using the information about every person, such as when a major data breach occurs. A US Government Accountability Office study determined that "most breaches have not resulted in detected incidents of identity theft".[3] the report also warned that "the full extent is unknown". A later unpublished study by Carnegie Mellon University noted that "Most often, the causes of identity theft is not known," but reported that someone else concluded that "the probability of becoming a victim to identity theft as a result of a data breach is ... around only 2%".[4] More recently, an association of consumer data companies noted that one of the largest data breaches ever, accounting for over four million records, resulted in only about 1,800 instances of identity theft, according to the company whose systems were breached.[5] A recent article entitled, Cyber Crime Made Easy" explained the level to which hackers are using malicious software. As one security specialist named Gunter Ollmann said, Interested in credit card theft? Theres an app for that. This statement summed up the ease with which these hackers are accessing all kinds of information online. The new program for infecting users computers is called Zeus; and the program is so hacker friendly that even an inexperienced hacker can operate it. Although the hacking program is easy to use, that fact does not diminish the devastating effects that Zeus (or other software like Zeus) can do to a computer and the user. For example, the article stated that programs like Zeus can steal credit card information, important documents, and even documents necessary for homeland security. If the hacker were to gain this information, it would mean identity theft or even a possible terrorist attack. (Giles, Jim. "Cyber Crime Made Easy." New Scientist 205.2752 (2010): 20-21. Academic Search Premier. EBSCO. Web. 3 Oct. 2010.)
Types
Sources such as the non-profit Identity Theft Resource Center[6] sub-divide identity theft into five categories: Business/commercial identity theft (using another's business name to obtain credit) Criminal identity theft (posing as another person when apprehended for a crime) Financial identity theft (using another's identity to obtain credit, goods and services) Identity cloning (using another's information to assume his or her identity in daily life) Medical identity theft (using another's identity to obtain medical care or drugs)
Identity theft may be used to facilitate or fund other crimes including illegal immigration, terrorism, and espionage. There are cases of identity cloning to attack payment systems, including online credit card processing and medical insurance.[7]
Identity theft Identity thieves occasionally impersonate others for non-financial reasonsfor instance, to receive praise or attention for the victim's achievements.[8]
150
Identity theft
151
Techniques for obtaining and exploiting personal information for identity theft
Identity thieves typically obtain and exploit personally identifiable information about individuals, or various credentials they use to authenticate themselves, in order to impersonate them. Examples include: Rummaging through rubbish for personal information (dumpster diving) Retrieving personal data from redundant IT equipment and storage media including PCs, servers, PDAs, mobile phones, USB memory sticks and hard drives that have been disposed of carelessly at public dump sites, given away or sold on without having been properly sanitized Using public records about individual citizens, published in official registers such as electoral rolls Stealing bank or credit cards, identification cards, passports, authentication tokens ... typically by pickpocketing, housebreaking or mail theft Skimming information from bank or credit cards using compromised or hand-held card readers, and creating clone cards Using 'contactless' credit card readers to acquire data wirelessly from RFID-enabled passports Observing users typing their login credentials, credit/calling card numbers etc. into IT equipment located in public places (shoulder surfing) Stealing personal information from computers using malware, particularly Trojan horse keylogging programs or other forms of spyware Hacking computer networks, systems and databases to obtain personal data, often in large quantities Exploiting breaches that result in the publication or more limited disclosure of personal information such as names, addresses, Social Security number or credit card numbers Advertising bogus job offers in order to accumulate resumes and applications typically disclosing applicants' names, home and email addresses, telephone numbers and sometimes their banking details Exploiting insider access and abusing the rights of privileged IT users to access personal data on their employers' systems Infiltrating organizations that store and process large amounts or particularly valuable personal information Impersonating trusted organizations in emails, SMS text messages, phone calls or other forms of communication in order to dupe victims into disclosing their personal information or login credentials, typically on a fake corporate website or data collection form (phishing) Brute-force attacking weak passwords and using inspired guesswork to compromise weak password reset questions Obtaining castings of fingers for falsifying fingerprint identification ... or famously using gummy bears to fool low quality fingerprint scanners[12] Browsing social networking websites for personal details published by users, often using this information to appear more credible in subsequent social engineering activities Diverting victims' email or post in order to obtain personal information and credentials such as credit cards, billing and bank/credit card statements, or to delay the discovery of new accounts and credit agreements opened by the identity thieves in the victims' names Using false pretenses to trick individuals, customer service representatives and help desk workers into disclosing personal information and login details or changing user passwords/access rights (pretexting) Stealing checks to acquire banking information, including account numbers and bank routing numbers[13] Guessing Social Security numbers by using information found on Internet social networks such as Facebook and MySpace [14]
Identity theft
152
Identity theft the brokerage of personal information to other businesses without ensuring that the purchaser maintains adequate security controls Failure of governments, when registering sole proprietorships, partnerships, and corporations, to determine if the officers listed in the Articles of Incorporation are who they say they are. This potentially allows criminals access to personal information through credit-rating and data mining services. The failure of corporate or government organizations to protect consumer privacy, client confidentiality and political privacy has been criticized for facilitating the acquisition of personal identifiers by criminals.[20] Using various types of biometric information, such as fingerprints, for identification and authentication has been cited as a way to thwart identity thieves, however there are technological limitations and privacy concerns associated with these methods as well.
153
135.1 General dishonesty (3) A person is guilty of an offence if: a) the person does anything with the intention of dishonestly causing a loss to another person; and b) the other person is a Commonwealth entity. Penalty: Imprisonment for 5 years.
Likewise, each state has enacted their own privacy laws to prevent misuse of personal information and data. The Commonwealth Privacy Act is applicable only to Commonwealth and territory agencies, and to certain private sector bodies (where for example they deal with sensitive records, such as medical records, or they have more than $3 million turnover PA).
Canada
Under section 402.2 of the Criminal Code of Canada,
Everyone commits an offence who knowingly obtains or possesses another persons identity information in circumstances giving rise to a reasonable inference that the information is intended to be used to commit an indictable offence that includes fraud, deceit or falsehood as an element of the offence. is guilty of an indictable offence and liable to imprisonment for a term of not more than five years; or is guilty of an offence punishable on summary conviction.
In Canada, Privacy Act (federal legislation) covers only federal government, agencies and crown corporations. Each province and territory has its own privacy law and privacy commissioners to limit the storage and use of personal
Identity theft data. For the private sector, the purpose of the Personal Information Protection and Electronic Documents Act ( 2000, c. 5 ) (known as PIPEDA) is to establish rules to govern the collection, use and disclosure of personal information; except for the provinces of Quebec, Ontario, Alberta and British Columbia were provincial laws have been deemed substantially similar.
154
France
In France, a person convicted of identity theft can be sentenced up to five years in prison and fined up to 75,000.[21]
Hong Kong
Under HK Laws. Chap 210 Theft Ordinance, sec. 16A Fraud
(1) If any person by any deceit (whether or not the deceit is the sole or main inducement) and with intent to defraud induces another person to commit an act or make an omission, which results either- (a) in benefit to any person other than the second-mentioned person; or (b) in prejudice or a substantial risk of prejudice to any person other than the first-mentioned person, the first-mentioned person commits the offense of fraud and is liable on conviction upon indictment to imprisonment for 14 years.
Under the Personal Data (Privacy) Ordinance, it established the post of Privacy Commissioner for Personal Data and mandate how much personal information one can collect, retain and destruction. This legislation also provides citizens the right to request information held by businesses and government to the extent provided by this law.
India
Under the Information Technology Act 2000 Chapter IX Sec 43 (b)
If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network, (b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium; he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected.
[22]
Sweden
Sweden have had relatively little problems with identity theft. This is because only Swedish identity documents have been accepted for identity verification. Stolen documents are traceable by banks and some other institutions. The banks have the duty to check the identity of people withdrawing money or getting loans. If a bank gives money to someone using an identity document reported as stolen, the bank must take the loss. From 2008 any EU passport are valid in Sweden for identity check, and Swedish passports are valid all over the EU. This makes it harder to detect stolen documents, but still banks in Sweden must ensure that stolen documents are not accepted. Other types of identity theft than over the bank desk have become more common in Sweden. One common example is ordering a credit card to someone who has an unlocked letterbox and is not home on daytime. The thief steals the letter with the credit card and then the letter with the code which typically arrives a few days later. Usage of a stolen credit card is hard in Sweden, since an identity document or a PIN code it is normally demanded. If the shop does not demand that, it must take the loss from stolen credit cards. The method of observing someone using the credit card PIN code, stealing the card or skimming it, and then use the card, has become more common. Legally, Sweden is an open society. The Principle of Public Access says that all information kept by public authorities must be available for anyone except in certain cases. Specificially anyone's address, income, taxes etc. are available to anyone. This makes fraud easier (the address is protected for certain people needing it). To impersonate someone else and gain money from it is a kind of fraud, which is described in the Criminal Code (Swedish:Brottsbalken).
Identity theft
155
United Kingdom
In the United Kingdom personal data is protected by the Data Protection Act 1998. The Act covers all personal data which an organization may hold, including names, birthday and anniversary dates, addresses, telephone numbers, etc. Under English law (which extends to Wales but not necessarily to Northern Ireland or Scotland), the deception offences under the Theft Act 1968 increasingly contend with identity theft situations. In R v Seward (2005) EWCA Crim 1941[23] the defendant was acting as the "front man" in the use of stolen credit cards and other documents to obtain goods. He obtained goods to the value of 10,000 for others who are unlikely ever to be identified. The Court of Appeal considered sentencing policy for deception offenses involving "identity theft" and concluded that a prison sentence was required. Henriques J. said at para 14:"Identity fraud is a particularly pernicious and prevalent form of dishonesty calling for, in our judgment, deterrent sentences." Increasingly, organizations, including Government bodies will be forced to take steps to better protect their users' data.[24] Stats released by CIFAS on the 2nd of February 2010, show that in 2009 in the UK that there were 85,000 victims of impersonation and 24,000 victims of bank account takeovers. this represents a 35% and 15% increase respectively from 2008 levels.[25]
United States
The increase in crimes of identity theft lead to the drafting of the Identity Theft and Assumption Deterrence Act.[26] In 1998, The Federal Trade Commission appeared before the United States Senate.[27] The FTC discussed crimes which exploit consumer credit to commit loan fraud, mortgage fraud, lines-of-credit fraud, credit card fraud, commodities and services frauds. The Identity Theft Deterrence Act (2003)[ITADA] amended U.S. Code Title 18, 1028 [28] ("Fraud related to activity in connection with identification documents, authentication features, and information"). The statute now makes the possession of any "means of identification" to "knowingly transfer, possess, or use without lawful authority" a federal crime, alongside unlawful possession of identification documents. However, for federal jurisdiction to prosecute, the crime must include an "identification document" that either: (a) is purportedly issued by the United States, (b) is used or intended to defraud the United States, (c) is sent through the mail, or (d) is used in a manner that affects interstate or foreign commerce. See 18 U.S.C.1028 [29](c). Punishment can be up to 5, 15, 20, or 30 years in federal prison, plus fines, depending on the underlying crime per 18 U.S.C.1028 [29](b). In addition, punishments for the unlawful use of a "means of identification" were strengthened in 1028A ("Aggravated Identity Theft"), allowing for a consecutive sentence under specific enumerated felony violations as defined in 1028A(c)(1) through (11). The Act also provides the Federal Trade Commission with authority to track the number of incidents and the dollar value of losses. Their figures relate mainly to consumer financial crimes and not the broader range of all identification-based crimes.[30] If charges are brought by state or local law enforcement agencies, different penalties apply depending on the state. Six Federal agencies conducted a joint task force to increase the ability to detect identity theft. Their joint recommendation on "red flag" guidelines is a set of requirements on financial institutions and other entities which furnish credit data to credit reporting services to develop written plans for detecting identity theft. The FTC has determined that most medical practices are considered creditors and are subject to requirements to develop a plan to prevent and respond to patient identity theft.[31] I These plans must be adopted by each organization's Board of Directors and monitored by senior executives.[32] Identity theft complaints as a percentage of all fraud complaints decreased from 2004-2006.[33] The Federal Trade Commission reported that fraud complaints in general were growing faster than ID theft complaints.[33] The findings were similar in two other FTC studies done in 2003 and 2005. In 2003, 4.6 percent of the US population said they
Identity theft were a victim of ID theft. In 2005, that number had dropped to 3.7 percent of the population.[34] [35] The Commission's 2003 estimate was that identity theft accounted for some $52.6 billion of losses in the preceding year alone and affected more than 9.91 million Americans;[36] the figure comprises $47.6 billion lost by businesses and $5 billion lost by consumers. According to the Federal Trade Commission (FTC), a report released in 2007 revealed that 8.3 million American adults, or 3.7 percent of all American adults, were victims of identity theft in 2005.[37] The latest report from the FTC showed that ID theft increased by 21% in 2008. However, credit card fraud, that crime which is most closely associated with the crime of ID theft, has been declining as a percentage of all ID theft. In 2002, 41% of all ID theft complaints involved a credit card. That percentage has dropped to 21% in 2008.[38] Two states, California[39] and Wisconsin[40] have created an Office of Privacy Protection to assist their citizens in avoiding and recovering from identity theft. In Massachusetts in 2009-2010, Governor Deval Patrick made a commitment to balance consumer protection with the needs of small business owners. His Office of Consumer Affairs and Business Regulation announced certain adjustments to Massachusetts' identity theft regulations that maintain protections and also allows flexibility in compliance. These updated regulations went into effect on March 1, 2010. The regulations are clear that their approach to data security is a risk-based approach important to small businesses and might not handle a lot of personal information about customers.[41] [42] Notification Most states followed California's lead and enacted mandatory data breach notification laws. As a result, companies that report a data breach typically report it to all their customers.[43]
156
Identity theft
157
Cultural references
The public fascination with impostors has long had an effect on popular culture and extends to modern literature, and cinema.[50] Catch Me If You Can is a 2002 American crime film based on the life of Frank Abagnale Jr., who, before his 19th birthday, successfully conned millions of dollars by posing as a Pan American World Airways pilot, a Georgia doctor and Louisiana attorney and parish prosecutor. His primary crime was cheque forgery, becoming so skillful that the FBI eventually turned to him for help in catching other cheque forgers. In East Bound and Down HBO (Chapter 7) Kenny Powers moves to Mexico and steals Stevie Janowski's Identity The story of Michelle Brown has been made into a film.[51] In Frederick Forsyth's novel The Day of the Jackal the would-be assassin of General de Gaulle steals three identities. Firstly, he assumes the identity of a dead child by obtaining the child's birth certificate and using it to apply for a passport. He also steals the passports of a Danish clergyman and an American tourist, and disguises himself as each of those persons in turn. The assumption of a dead person's identity is now generally known as "Jackal Fraud".[52] In the 1995 movie The Net, Sandra Bullock plays a computer consultant whose life is taken over with the help of computer assisted identity theft. In Jonathan Smith's novel Night Windows the action is based on the horrific and real life theft of Smith's own identity. In the webcomic Kevin and Kell the character Danielle Kindle dies and is later "replaced" by a double from a parallel world. After an attempt at taking over her predecessor's identity, Danielle Kendall confesses her true nature and gets accepted by the predecessor's familyif not by all the readers. T. Coraghessan Boyle's 2006 novel Talk Talk describes the theft of Dana Halter's identity, and her and Martin Bridger's chase of the thief across the country. In Susan Schaab's novel Wearing the Spider a female attorney gets caught in a web of sexual harassment, identity theft and political intrigue. In the Family Guy episode "Back to the Woods", James Woods, having gotten his hands on Peter's wallet, steals Peter's identity, so Peter retaliates by stealing Woods' identity and angering people. In Harry Potter and the Goblet of Fire, Barty Crouch Jr. magically steals the identity of Mad-Eye Moody. In The Talented Mr. Ripley novel (1955) and movie (1999), after murdering Greenleaf, Ripley assumes his identity, living off the latter's allowance. In The Office (Season 3 Episode 21), Jim steals Dwight's identity as a prank. In Gattaca (1997), Vincent borrows the identity of another person in a society which analyzes peoples DNA and predetermines how successful you can or can not be (coined in the movie as a "borrowed ladder"). That Mitchell and Webb Sound features a sketch in which a bank manager tells a customer that his identity has been stolen, although the customer claims that he is still himself and it is in fact his money that has been stolen and therefore the bank's fault and not his. In Mad Men, Dick Whitman, an enlisted man from a poor background, is wounded in the Korean War and switches identities with Donald Draper, an officer who has been killed. As 'Don Draper', he becomes a successful advertising man.
Identity theft Puccini's opera Gianni Schicchi, based on a reference in Dante's Inferno, tells of a character who impersonates a recently deceased man in order to make himself the beneficiary of his will. In Paper Mario The Thousand Year Door, Doopliss stole the identity of Mario just as a prank.
158
References
[1] "[[Oxford English Dictionary (http:/ / dictionary. oed. com/ cgi/ entry/ 50111220/ 50111220se23)] online"]. Oxford University Press. September 2007. . Retrieved 27 September 2010. [2] Federal Trade Commission 2006 Identity Theft Survey Report, p.4 [3] "Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown" (http:/ / www. gao. gov/ new. items/ d07737. pdf). Highlights of GAO-07-737, a report to congressional requesters. gao.gov. . Retrieved 22 September 2010. [4] Sasha Romanosky. "Do Data Breach Disclosure Laws Reduce Identity Theft?" (http:/ / www. heinz. cmu. edu/ research/ 241full. pdf). Heinz First Research Paper. heinz.cmu.edu. . [5] "Story" (http:/ / pressherald. mainetoday. com/ story. php?id=256153). Pressherald.maintoday.com. . [6] "Identity Theft Resource Center website" (http:/ / www. idtheftcenter. org/ ). idtheftcenter.org. . [7] "Medical Identity Theft: What to Do if You are a Victim (or are concerned about it)" (http:/ / www. worldprivacyforum. org/ medidtheft_consumertips. html), World Privacy Forum [8] Former Major League Baseball player Reno Stephens was impersonated for over twenty years by an individual with the same name. There is no evidence that the impersonator gained financially from the impersonation but he did receive significant local attention. [9] Privacy Rights Clearinghouse (http:/ / www. privacyrights. org/ fs/ fs17g-CrimIdTheft. htm) - "Fact Sheet 17g: Criminal Identity Theft: What to Do if It Happens to You " [10] McFadden, Leslie (2007-05-16). "Detecting synthetic identity fraud" (http:/ / www. bankrate. com/ brm/ news/ pf/ identity_theft_20070516_a1. asp). Bankrate.com. pp. 12. . Retrieved 2008-09-21. [11] "Medical Identity Theft" (http:/ / www. fightidentitytheft. com/ blog/ medical-identity-theft-protect-yourself). fightidentitytheft.com. . Retrieved 27 September 2010. [12] "Biometric Devices and Fingerprint Spoofing" (http:/ / www. washjeff. edu/ users/ ahollandminkley/ Biometric/ index. html), ITL 233: Cyberattacks], January 2006, , Washington & Jefferson College [13] "Identity Theft" (http:/ / www. douglascountysheriff. org/ idtheft/ idtheftmain. htm), Douglas County Sheriff's Office, Washington [14] Olmos, David (2009-07-06). "Social Security Numbers Can Be Guessed From Data, Study Finds" (http:/ / www. bloomberg. com/ apps/ news?pid=newsarchive& sid=aKbjO. Ew4S2E). Bloomberg. . Retrieved 2011-01-04. [15] IDtheftcenter.org (http:/ / www. idtheftcenter. org/ artman2/ publish/ c_tips/ Fact_Sheet_117_IDENTITY_THEFT_AND_THE_DECEASED_-_PREVENTION_AND_VICTIM_TIPS. shtml), Identity Theft Resource Center Fact Sheet 117 Identity Theft and the Deceased - Prevention and Victim Tips. [16] Identity Theft Protection Services (http:/ / www. nextadvisor. com/ identity_theft_protection_services/ compare. php) retrieved on 2008-12-16 [17] Identity-Theft Protection: What Services Can You Trust? (http:/ / www. pcworld. com/ article/ 145077/ identitytheft_protection_what_services_can_you_trust. html) PC World.com, retrieved on 2008-12-16 [18] Testimony before the Subcommittee on Technology, Terrorism and Government Information (http:/ / www. ftc. gov/ os/ 1998/ 05/ identhef. htm), Committee of the Judiciary, United States Senate May 20, 1998 pp 5,6 [19] A Chronology of Data Breaches (http:/ / www. privacyrights. org/ ar/ ChronDataBreaches. htm) [20] Internet Identity Theft - A Tragedy for Victims (http:/ / www. siia. net/ software/ pubs/ iit-00. pdf), Software and Information Industry Association. Retrieved June 30, 2006. [21] Journaldunet.com (http:/ / www. journaldunet. com/ juridique/ juridique040309. shtml) [22] The Information Technology Act 2000 (http:/ / nicca. nic. in/ pdf/ itact2000. pdf) [23] R v Seward (2005) EWCA Crim 1941 (http:/ / www. bailii. org/ ew/ cases/ EWCA/ Crim/ 2005/ 1941. html) [24] Government Bodies Must Play Their Part in Securing Against Identity Theft (http:/ / www. infocycle. co. uk/ index. php?option=com_content& task=view& id=43& Itemid=43) [25] UK Fraud Prevention Agency Say ID Theft Increase of 32% in 2009 (http:/ / id-theft-uk. blogspot. com/ 2010/ 02/ uk-fraud-prevention-agency-say-id-theft. html), Identity Theft UK Blog, 3 February 2010 [26] FTC.gov (http:/ / www. ftc. gov/ os/ statutes/ itada/ itadact. htm), Public Law 105-318, 112 Stat. 3007 (Oct. 30, 1998) [27] Prepared Statement of the Federal Trade Commission on "Identity Theft" (http:/ / www. ftc. gov/ os/ 1998/ 05/ identhef. htm), May 20, 1998 [28] http:/ / www. law. cornell. edu/ uscode/ uscode18/ usc_sec_18_00001028---A000-. html [29] http:/ / www. law. cornell. edu/ uscode/ 18/ 1028. html [30] Federal Trade Commission (http:/ / www. consumer. gov/ idtheft/ ). Retrieved June 30, 2006. [31] Michael,Sara "Getting Red Flag Ready" (http:/ / www. physicianspractice. com/ index/ fuseaction/ newsletterArticles. view/ articleID/ 87. htm) PhysiciansPractice.com, 2009-05-21. Retrieved July 2, 2009. [32] 72 Fed. Reg. 70944 (http:/ / www. ftc. gov/ os/ fedreg/ 2007/ december/ 071213factafurnisheraccuracy. pdf) (PDF). Retrieved 2008-01-29.
Identity theft
[33] Law Enforcement Contact1 January 1 December 31, 2001 (http:/ / www. ftc. gov/ bcp/ edu/ microsites/ idtheft/ downloads/ clearinghouse_2006. pdf) [34] FTC-Synovate Rep Final 26Aug.PDF (http:/ / www. ftc. gov/ bcp/ edu/ microsites/ idtheft/ downloads/ synovate_report. pdf) [35] Federal Trade Commission: 2006 Identity Theft Survey Report: Prepared for the Commission by Synovate (November 2007) (http:/ / www. ftc. gov/ os/ 2007/ 11/ SynovateFinalReportIDTheft2006. pdf) [36] FTC.gov (http:/ / www. ftc. gov/ opa/ 2003/ 09/ idtheft. shtm), releases Survey of Identity Theft in U.S. 27.3 Million Victims in past 5 Years, Billions in Losses for Businesses and Consumers [37] 8.3 Million Identity Theft Victims, Start Shredding (http:/ / blog. monomachines. com/ 2008/ 05/ identity-theft-93-million/ ); MonoMachines.com Retrieved 2008-06-19. [38] Consumer Sentinel Network Data Book (http:/ / www. ftc. gov/ sentinel/ reports/ sentinel-annual-reports/ sentinel-cy2008. pdf) (PDF), Federal Trade Commission [39] California Office of Identity Protection (http:/ / www. privacyprotection. ca. gov/ ) [40] Wisconsin's Office of Privacy Protection (http:/ / privacy. wi. gov/ ) [41] "Consumer Identity Theft" (http:/ / www. mass. gov/ ?pageID=ocatopic& L=3& L0=Home& L1=Consumer& L2=Identity+ Theft& sid=Eoca). Commonwealth of Massachusetts, 2010 [42] "Frequently Asked Question Regarding 201 CMR 17.00" (http:/ / www. mass. gov/ Eoca/ docs/ idtheft/ 201CMR17faqs. pdf), Commonwealth of Massachusetts, Office of Consumer Affairs and Business Regulation, November 3, 2009 [43] States Offer Data Breach Protection (http:/ / www. naag. org/ states-offer-data-breach-protection. php), NAAG [44] IDtheftcenter.org (http:/ / www. idtheftcenter. org) [45] Verbal Testimony by Michelle Brown (http:/ / www. privacyrights. org/ cases/ victim9. htm), July 2000, U.S. Senate Committee Hearing on the Judiciary Subcommittee on Technology, Terrorism and Government Information "Identity Theft: How to Protect and Restore Your Good Name" [46] Identity Crime Research and Coordination (http:/ / www. acpr. gov. au/ research_idcrime. asp), Australasian Center for Policing Research. Retrieved June 30, 2006. [47] Home Office (May 26, 2004). "What is Identity theft?" (http:/ / www. identitytheft. org. uk/ ). identitytheft.co.uk. . Retrieved September 27, 2010. [48] "Free help, tips and advice on avoiding and dealing with Identity Theft" (http:/ / identity-theft. weebly. com/ what-is-it. html). identity-theft.weebly.com. . [49] Bruce Schneier. "Identity Theft Over-Reported" (http:/ / www. schneier. com/ blog/ archives/ 2005/ 11/ identity_theft. html). . Retrieved June 30, 2006. [50] Pintr Rbert (2007), D5.2c: Identity related crime in the world of films (http:/ / www. fidis. net/ resources/ deliverables/ forensic-implications/ #c1774), FIDIS deliverable Del 5.2 [51] IMDb: Identity Theft: The Michelle Brown Story (2004) (http:/ / www. imdb. com/ title/ tt0430211/ ) [52] The Day of the Jackal
159
External links
The New Era of Identity Theft (http://www.criminal-justice-careers.com/crime/id-theft.html)[Criminal Justice Resources] Identity theft (http://www.ftc.gov/bcp/edu/microsites/idtheft/) United States Federal Trade Commission The Presidents Task Force on Identity Theft (http://www.idtheft.gov) a government task force established by US President George W. Bush to fight identity theft. Identity theft (http://www.dmoz.org/Society/Crime/Theft/Identity_Theft/) at the Open Directory Project Identity Theft (http://www.mysecurecyberspace.org/encyclopedia/index/identity-theft.html#msc. encyclopedia.identitytheft) Carnegie Mellon University Identity Theft: A Research Review, National Institute of Justice 2007 (http://www.ojp.usdoj.gov/nij/topics/ crime/id-theft/welcome.htm) Identity Theft and Fraud (http://www.usdoj.gov/criminal/fraud/websites/idtheft.html) United States Department of Justice Get ID Smart (http://www.getidsmart.com/) 'Public service site offering free prevention tips' Dateline NBC investigation (http://www.msnbc.msn.com/id/17805134/) 'To Catch an ID Thief' Downloadable identity theft curriculum for educators (http://incredibleinternet.com/identity-theft/ id-theft-curriculum) "Transcript of Attorney General Alberto R. Gonzales and FTC Chairman Deborah Platt Majoras Announcing the Release of the President's Identity Theft Task Force" (http://web.archive.org/web/20070911112747/http://
Identity theft www.usdoj.gov/ag/speeches/2007/ag_speech_0704231.html). US Department of Justice. April 23, 2007. Archived from the original (http://www.usdoj.gov/ag/speeches/2007/ag_speech_0704231.html) on September 11, 2007. Retrieved 2007-04-24. ID Theft Prevention: Nine Ways to Protect Yourself (http://www.creditlearningcenter.com/ ID-Theft-Prevention/Nine-Ways-to-Protect-Yourself-from-Identity-Theft.html)
160
Money laundering
Money laundering is generally regarded as the practice of engaging in financial transactions to conceal the identity, source, and/or destination of illegally gained money by which the proceeds of crime are converted into assets which appear to have a legitimate origin. In the United Kingdom the statutory definition is wider.[1] It is common to refer to money legally obtained as clean, and money illegally obtained as dirty. Money laundering occurs over a period of three steps: the first involves the physical distribution of the cash (placement), the second involves carrying out complex financial transactions in order to camouflage the illegal source (layering), and the final step entails acquiring wealth generated from the transactions of the illicit funds (integration). In the past, the term money laundering was applied only to financial transactions related to organized crime. Today its definition is often expanded by government and international regulators such as the U.S. Office of the Comptroller of the Currency to mean any financial transaction which generates an asset or a value as the result of an illegal act, which may involve actions such as tax evasion or false accounting. In the UK, it does not even need to involve money, but any economic good. Courts involve money laundering committed by private individuals, drug dealers, businesses, corrupt officials, members of criminal organizations such as the Mafia, and even states. As financial crime has become more complex, and "Financial Intelligence" (FININT) has become more recognized in combating international crime and terrorism, money laundering has become more prominent in political, economic, and legal debate. Money laundering is ipso facto illegal; the acts generating the money almost always are themselves criminal in some way (for if not, the money would not need to be laundered).
Cashing up
A business taking large amounts of small change each week (e.g. a convenience store) needs to deposit that money in a bank. If its deposits vary greatly for no obvious reason this can draw suspicion; but if the transactions are regular and roughly the same the suspicion is easily discounted. This is the basis of all money laundering, a track record of depositing clean money before slipping through dirty money. In the United states for example, cash transactions and deposits of more than $10,000 must be reported by the cashier (the bank etc.) as "significant cash transactions" to the Financial Crimes Enforcement Network FinCEN, with any other suspicious financial activity identified as "suspicious activity reports" In other jurisdictions suspicion-based requirements may be placed on financial services employees and firms to report any suspicious activity to the authorities.
Captive business
Another method is to start a business whose cash inflow cannot be monitored, and funnel the small change into it and pay taxes on it. But all bank employees are trained to be constantly on the lookout for transactions that seem to be trying to get around reporting requirements. To avoid suspicion, shell companies should deal directly with the public, perform some service (not provide physical goods), and have a business that reasonably would accept cash as a matter of course. Dealing directly with the public in cash gives a plausible reason for not having a record of customers. For example, a hairstylist is paid in cash, and even if she knows her customers' names, she does not know their bank details. A record of a haircut must ostensibly be accepted as prima facie evidence. Service businesses have
Money laundering the advantage of the anonymity of resourcesbut the disadvantage that they must deal in cash. A business that sells computers has to account for the computers, whereas the hairstylist does not have to produce the cut hair, but the receipt for the computer, even if inflated, existsthat for the haircut probably does not. It is of course also possible to invent customers, purely for the purpose of accepting money from them.
161
Structuring
In structuring, (also known as "smurfing"), money is put into the licit economy in such a way as to avoid legal record keeping and reporting requirements. For example: deposits of less than $10,000 (anything over that amount would require a report to be filed with the IRS) are made into multiple bank accounts that are then withdrawn after a sufficient amount of time has passed to avoid suspicion.
Legislation
Many jurisdictions adopt a list of specific predicate crimes for money laundering prosecutions as a "self launderer".
Bangladesh
In Bangladesh, this issue has been dealt with by the Prevention of Money Laundering Act, 2002 (Act No. VII of 2002). In terms of section 2, "Money Laundering means (a) Properties acquired or earned directly or indirectly through illegal means; (b) Illegal transfer, conversion, concealment of location or assistance in the above act of the properties acquired or earned directly of indirectly through legal or illegal means." In this Act, Properties means movable or immovable properties of any nature and description. To prevent these Illegal uses of money Bangladesh Govt. has introduced the Money Laundering Prevention Act. The Act was last amended in the year 2009 and all the Financial Institutes are following this act. Till today there are 26 Circulars issued by Bangladesh Bank under this act. To prevent Money laundering a banker must do the following: While opening a new account, the account opening form should be duly filled up by all the information of the Customer. The KYC has to be properly filled up The TP (Transaction Profile) is mandatory for a client to understand his/her transactions. If needed, the TP has to be updated at the Clients consent. All other necessary papers should be properly collected along with the Voter ID card. If there is any suspicious transaction is notified, the BAMLCO (Branch Anti Money Laundering Compliance Officer) has to be notified and accordingly the STR (Suspicious Transaction Report) reporting has to be done. The Cash department should be aware of the Transactions. It has to be noted if suddenly a big amount of money is deposited in any account. Proper documents will be required if any Client does this type of transaction. Structuring, over/ under Invoicing is another way to do Money Laundering. The Foreign Exchange Department should look into this matter cautiously. If in any account there is a transaction exceeding 7.00 lac in a single day that has to be reported as CTR (cash Transaction report) All the Bank Officials must go through all the 26 Circulars and must use in doing the Banking.
Money laundering
162
Canada
The National Initiative to Combat Money Laundering, with the involvement of the Solicitor General of Canada, the RCMP, Justice Canada, Canada Customs and Revenue Agency, and, Citizenship and Immigration, began operation in 1998.
India
The Prevention of Money-Laundering Act, 2002 came into effect on 1 July 2005. Section 3 of the Act makes the offense of money-laundering cover those persons or entities who directly or indirectly attempt to indulge or knowingly assist or knowingly are party or are actually involved in any process or activity connected with the proceeds of crime and projecting it as untainted property, such person or entity shall be guilty of offense of money-laundering. Section 4 of the Act prescribes punishment for money-laundering with rigorous imprisonment for a term which shall not be less than three years but which may extend to seven years and shall also be liable to fine which may extend to five lakh rupees and for the offences mentioned [elsewhere] the punishment shall be up to ten years. Section 12 (1) prescribes the obligations on banks, financial institutions and intermediaries (a) to maintain records detailing the nature and value of transactions which may be prescribed, whether such transactions comprise of a single transaction or a series of transactions integrally connected to each other, and where such series of transactions take place within a month; (b) to furnish information of transactions referred to in clause (a) to the Director within such time as may be prescribed and t records of the identity of all its clients. Section 12 (2) prescribes that the records referred to in sub-section (1) as mentioned above, must be maintained for ten years after the transactions finished. The provisions of the Act are frequently reviewed and various amendments have been passed from time to time. The recent activity in money laundering in India is through political parties corporate companies and share market.
United Kingdom
Money laundering and terrorist funding legislation in the UK is governed by four Acts of primary legislation: Terrorism Act 2000[2] Anti-terrorism, Crime and Security Act 2001[3] Proceeds of Crime Act 2002[4] Serious Organised Crime and Police Act 2005[5]
The Proceeds of Crime Act 2002 contains the primary UK anti-money laundering legislation,[6] including provisions requiring businesses within the 'regulated sector' (banking, investment, money transmission, certain professions, etc.) to report to the authorities suspicions of money laundering by customers or others.[7] Money laundering is widely defined in the UK.[8] In effect any handling or involvement with any proceeds of any crime (or monies or assets representing the proceeds of crime) can be a money laundering offence. An offender's possession of the proceeds of his own crime falls within the UK definition of money laundering.[9] The definition also covers activities which would fall within the traditional definition of money laundering as a process by which proceeds of crime are concealed or disguised so that they may be made to appear to be of legitimate origin.[10] Unlike certain other jurisdictions (notably the USA and much of Europe), UK money laundering offences are not limited to the proceeds of serious crimes, nor are there any monetary limits, nor is there any necessity for there to be a money laundering design or purpose to an action for it to amount to a money laundering offence. A money laundering offence under UK legislation need not involve money, since the money laundering legislation covers assets of any description. In consequence any person who commits an acquisitive crime (i.e. one from which he obtains some benefit in the form of money or an asset of any description) in the UK will inevitably also commit a money laundering offence under UK legislation.
Money laundering This applies also to a person who, by criminal conduct, evades a liability (such as a taxation liability) - referred to by lawyers as "obtaining a pecuniary advantage" - as he is deemed thereby to obtain a sum of money equal in value to the liability evaded.[8] The principal money laundering offences carry a maximum penalty of 14 years imprisonment.[11] Secondary regulation is provided by the Money Laundering Regulations 2003[12] and 2007[13] One consequence of the Act is that solicitors, accountants, and insolvency practitioners who suspect (as a consequence of information received in the course of their work) that their clients (or others) have engaged in tax evasion or other criminal conduct from which a benefit has been obtained, are now required to report their suspicions to the authorities (since these entail suspicions of money laundering). In most circumstances it would be an offence, 'tipping-off', for the reporter to inform the subject of his report that a report has been made.[14] These provisions do not however require disclosure to the authorities of information received by certain professionals in privileged circumstances or where the information is subject to legal professional privilege. Professional guidance (which is submitted to and approved by the UK Treasury) is provided by industry groups including the Joint Money Laundering Steering Group[15] and the Law Society.[16] However there is no obligation on banking institutions to routinely report monetary deposits or transfers above a specified value. Instead reports have to be made of all suspicious deposits or transfers, irrespective of their value. The reporting obligations include reporting suspicions relating to gains from conduct carried out in other countries which would be criminal if it took place in the UK.[17] Exceptions were later added to exempt certain activities which were legal in the location where they took place, such as bullfighting in Spain.[18] There are more than 200,000 reports of suspected money laundering submitted annually to the authorities in the UK (there were 240,582 reports in the year ended 30 September 2010 - an increase from the 228,834 reports submitted in the previous year[19] ). Most of these reports are submitted by banks and similar financial institutions (there were 186,897 reports from the banking sector in the year ended 30 September 2010[20] ). Although 5,108 different organisations submitted suspicious activity reports to the authorities in the year ended 30 September 2010 just four organisations submitted approximately half of all reports, and the top 20 reporting organisations accounted for three-quarters of all reports.[21] The offence of failing to report a suspicion of money laundering by another person carries a maximum penalty of 5 years imprisonment.[11] Bureaux de change All UK Bureaux de change are registered with Her Majesty's Revenue and Customs which issues a trading licence for each location. Bureaux de change and money transmitters, such as Western Union outlets, in the UK fall within the 'regulated sector' and are required to comply with the Money Laundering Regulations 2007.[13] Checks can be carried out by HMRC on all Money Service Businesses.
163
United States
In U.S. law, "reasonably accepting cash" means the business must regularly perform services that on average are less than $500 each. It is assumed that above that amount most people pay with a check, a credit card, or another (traceable) payment method. The company should actually function on a legitimate level. In the hairstyler example, it is perfectly reasonable for a lot of the business to involve mostly labour (dyes and machine oil and so forth being relatively small concerns), and for most transactions to be settled in cash. But it is unreasonable for all of the business to work without parts and just on cash. So the legitimate business will generate a legitimate (if low) level of parts use, and enough traceable transactions to mask the illegitimate ones. Anti-money laundering (AML/CFT) laws typically have other offences such as "tipping off (warning)", "willful blindness", "not reporting suspicious activity", "conscious facilitation of a money launderer", "assisting a terrorist
Money laundering financier with moving terrorist financing". The Bank Secrecy Act of 1970 requires banks to report cash transactions of $10,000.01 or more. The Money Laundering Control Act of 1986 further defined money laundering as a federal crime. The U.S.A PATRIOT Act of 2001 expanded the scope of prior laws to more types of financial institutions, and added a focus on terrorist financing, specifying that financial institutions take specific actions to "know your customer" (KYC). In the United States, Federal law provides: "Whoever ... knowing[ly] ... conducts or attempts to conduct ... a financial transaction which in fact involves the proceeds of specified unlawful activity ... with the intent to promote the carrying on of specified unlawful activity ... shall be sentenced to a fine of not more than $500,000 or twice the value of the property involved in the transaction, whichever is greater, or imprisonment for not more than twenty years, or both. While money laundering typically involves the flow of "dirty money" (criminal proceeds) into a clean bank account or negotiable instrument, terrorist financing frequently involves the reverse flow: apparently clean funds converted to "dirty" purposes. A hawala may launder drug proceeds and help fund a terrorist, netting the incoming and outgoing funds with only occasional small net settlement transactions. NASA case From 1992 to 1996 a nine-agency Federal Task Force investigation led by NASA's Office of Inspector General investigated Omniplan Corporation of Houston and California. It became the largest count indictment and conviction in NASA history, with the owner of Omniplan, Ralph Montijo, being convicted of 179 felonies in his multi-million dollar embezzlement scheme. Five of his companies were also convicted of felonies, they were, Omniplan, Papa Primo's of Texas, Papa Primo's of Arizona, Omnipoint Production Services and Mercury Trust. These companies, together with two unincorporated companies, Space Industries Leasing and Space Industries Properties were liquidated. Each embezzlement count was associated with a corresponding money laundering count which resulted in dozens of convictions for money laundering. In a New York Times story, NASA Office of Inspector General Senior Special Agent Joseph Gutheinz, who led the Omniplan investigation, said "We didn't get any pizzas, but we got the bills", referring to the fact that some of the alleged mischarging to the NASA contract also involved costs associated with two of Ralph Montijo's pizza companies, Papa Primo's of Texas, and Papa Primo's of Arizona. Laundered or not? Money obtained by an illegal action is not, of itself, laundered money in most jurisdictions (an exception being the United Kingdom where mere possession of the proceeds of any crime is itself capable of being a money laundering offence[9] ). The laundering offence comes from the attempt to conceal its source, not because the transaction was itself illegal (which is a separate offence). The Supreme Court of the United States on June 2, 2008, rendered two judgments in favour of defendants, narrowing the application of the federal money-laundering statute. In a unanimous opinion written by Justice Clarence Thomas, the Court reversed Acuna, Mexico's Humberto Cuellar's conviction and ruled that "hiding $81,000 in cash under the floorboard of a car and driving toward Mexico is not enough to prove the driver was guilty of money laundering; instead, prosecutors must also prove the driver was traveling to Mexico for the purpose of hiding the true source of the funds." That is, the prosecution had not made its prima facie case. The Court further ruled "that federal prosecutors have gone too far in their use of money laundering charges to combat drug traffickers and organized crime; that money laundering charges under the Money Laundering Control Act of 198, Sec. 18 U.S.C.1956 [22](a)(2)(B)(i) apply only to profits of an illegal gambling ring and cannot be used when the only evidence of a possible crime is when a courier headed to the Texas-Mexico border with $81,000 in cash proceeds of a cannabis transaction; it cannot be proven merely by showing that the funds were concealed in a secret compartment of a Volkswagen Beetle; instead, prosecutors must show that the purpose of transporting funds in a money laundering case was to conceal their ownership, source or control; the
164
Money laundering secrecy must be part of a larger design to disguise the source or nature of the money." Later, in a divided decision, the Court reversed the convictions of Efrain Santos of Indiana and Benedicto Diaz for money laundering based on cash from an illegal lottery. In the plurality opinion, Justice Antonin Scalia wrote that the law referred to the "proceeds of some form of unlawful activity; paying off gambling winners and compensating employees who collect the bets don't qualify as money laundering; the word proceeds in the federal money-laundering statute, 18 U.S.C.1956 [22], and 1956(a)(1)(A)(i) and 1956(h), applies only to transactions involving criminal profits, not criminal receipts; those are expenses, and prosecutors must show that profits were used to promote the illegal activity." Congress clarified the meaning of the statute in the Fraud Enforcement and Recovery Act of 2009, defining proceeds explicitly to include both profits and gross receipts. Congress enacted the 1986 statute after the President's Commission on Organized Crime stressed the problem of "washing" criminal proceeds through overseas bank accounts and legitimate businesses. It imposes a 20-year maximum prison term.
165
Money laundering
166
Money laundering
167
Amounts
Many regulatory and governmental authorities quote estimates each year for the amount of money laundered, either worldwide or within their national economy. A frequently cited figure is 2-5% of the worldwide global economy, stated by the IMF. But some academics note that such figures are usually simply "best guesses". In 1997 the FATF, an arm of the OECD set up to combat money laundering, frankly admitted "the vast majority of FATF members lack sufficient data to support any credible estimate."[27] Although admissions of that nature are no longer maintained, there is still a dearth of data on the actual amounts of money laundered worldwide. Some academic commentators have expressed real concerns about the reliability and basis of figures used by governmental and multinational organizations. It is always hard to find out real figures about illegal acts. We are faced with the problem that there has been little work to develop an objective academic analysis of the true extent of laundering, which means that we do not have a framework within which the appropriateness of legislative measures can be evaluated. Without this, it is difficult to challenge the 'alarmist' position of the authorities whereby such estimates have been put forward, quoted and repeated, becoming, through such repetition, seemingly established truths. It can be argued ... that global estimates are little more than informed guesses: "large numbers are frequently thrown around without serious support" (Reuter and Truman, 2005, p.56), reproduced to the point at which they gain, through mere repetition, some form of reliable accuracy.[28]
References
[1] [2] [3] [4] [5] Part 7 Proceeds of Crime Act 2002 "OPSI: Terrorism Act" (http:/ / www. opsi. gov. uk/ acts/ acts2000/ ukpga_20000011_en_1). . Retrieved 2009-02-14. "OPSI: Anti-Terrorist Crime & Security Act" (http:/ / www. opsi. gov. uk/ Acts/ acts2001/ ukpga_20010024_en_1). . Retrieved 2009-02-14. "OPSI: Proceeds of Crime Act" (http:/ / www. opsi. gov. uk/ acts/ acts2002/ ukpga_20020029_en_1). . Retrieved 2009-02-14. "OPSI: Serious Organised Crime and Police Act 2005" (http:/ / www. opsi. gov. uk/ acts/ acts2005/ ukpga_20050015_en_1). . Retrieved 2009-02-14. [6] Sections 327 - 340, Proceeds of Crime Act 2002 [7] Section 330, Proceeds of Crime Act 2002 [8] Section 340, Proceeds of Crime Act 2002 [9] Section 329, Proceeds of Crime Act 2002 [10] Section 327, Proceeds of Crime Act 2002 [11] Section 334, Proceeds of Crime Act 2002 [12] "OPSI: Money Laundering Regulations 2003" (http:/ / www. opsi. gov. uk/ si/ si2003/ 20033075. htm). . Retrieved 2009-02-14. [13] "OPSI: Money Laundering Regulations 2007" (http:/ / www. opsi. gov. uk/ si/ si2007/ uksi_20072157_en_1). . Retrieved 2009-02-14. [14] Section 333A, Proceeds of Crime Act 2002 [15] "Joint Money Laundering Steering Group" (http:/ / www. jmlsg. org. uk/ bba/ jsp/ polopoly. jsp;jsessionid=aH1DPtXgUly-?d=749). . Retrieved 2009-02-14. [16] "Law Society AML Guidance" (http:/ / www. lawsociety. org. uk/ newsandevents/ news/ majorcampaigns/ view=newsarticle. law?CAMPAIGNSID=217590). . Retrieved 2009-02-14. [17] Section 340(2), Proceeds of Crime Act 2002 [18] David Winch, "Money Laundering Law Changes" (http:/ / www. accountingevidence. com/ documents/ articles/ Money laundering law changes. pdf) (2006)
Money laundering
[19] 'The Suspicious Activity Reports Regime Annual Report 2010 published by SOCA [20] 'The Suspicious Activity Reports Regime Annual Report 2010 published by SOCA [21] 'The Suspicious Activity Reports Regime Annual Report 2010 published by SOCA [22] http:/ / www. law. cornell. edu/ uscode/ 18/ 1956. html [23] Lucy Komisar (October 4, 2001). "Tracking Terrorist Money - 'Too Hot for U.S. to handle?'" (http:/ / www. webcom. com/ hrin/ magazine/ money. html). Pacific News Service. . Retrieved February 2006. [24] (French) Official March 2000 French Parliamentary Report on the obstacles on the control and repression of financial criminal activity and of money-laundering in Europe (http:/ / www. assemblee-nationale. fr/ rap-info/ i2311-51. asp#P1089_155970) by French MPs Vincent Peillon and Arnaud Montebourg, third section on "Luxembourg's political dependency toward the financial sector: the Clearstream affair" (pp.83-111 on PDF version) [25] Financial Action Task Force on Money Laundering (http:/ / www. fatf-gafi. org) [26] "40 + 9" principles of anti-money laundering and combating the financing of terrorism (http:/ / www. fatf-gafi. org/ dataoecd/ 7/ 40/ 34849567. PDF) [27] FATF 1997 report into global money laundering, page 3 [28] Harvey, Dr Jackie (June 2008). Money Laundering Bulletin.
168
External links
Money laundering (http://www.dmoz.org/Society/Crime/Research/Money_Laundering//) at the Open Directory Project UNODC - United Nations Office on Drugs and Crime - on money-laundering and countering the financing of terrorism (http://www.unodc.org/unodc/en/money-laundering/index.html)
Extortion
Extortion, outwresting, and/or exaction is a criminal offense which occurs when a person unlawfully obtains either money, property or services from a person(s), entity, or institution, through coercion. Refraining from doing harm is sometimes euphemistically called protection. Extortion is commonly practiced by organized crime groups. The actual obtainment of money or property is not required to commit the offense. Making a threat of violence which refers to a requirement of a payment of money or property to halt future violence is sufficient to commit the offense. Exaction refers not only to extortion or the unlawful demanding and obtaining of something through force,[1] but additionally, in its formal definition, means the infliction of something such as pain and suffering or making somebody endure something unpleasant.[2] In the United States, extortion may also be committed as a federal crime across a computer system, phone, by mail or in using any instrument of "interstate commerce". Extortion requires that the individual sent the message "willingly" and "knowingly" as elements of the crime. The message only has to be sent (but does not have to reach the intended recipient) to commit the crime of extortion. Extortion is distinguished from robbery. In "strong arm" robbery, the offender takes goods from the victim with use of immediate force. In "robbery" goods are taken or an attempt is made to take the goods against the will of anotherwith or without force. A bank robbery or extortion of a bank can be committed by a letter handed by the criminal to the teller. (Comedian Artie Lange was accused and charged with extortion after he handed a bank teller a note claiming he had a weapon and would use it if the bank did not give him $10,000 in unmarked bills; Lange later explains it was simply a joke to flirt with the bank teller and was released shortly after incarceration). In extortion, the victim is threatened to hand over goods, or else damage to their reputation or other harm or violence against them may occur. Under federal law extortion can be committed with or without the use of force and with or without the use of a weapon. A key difference is that extortion always involves a written or verbal threat whereas robbery can occur without any verbal or written threat (refer to U.S.C. 875 and U.S.C. 876).
Extortion The term extortion is often used metaphorically to refer to usury or to price-gouging, though neither is legally considered extortion. It is also often used loosely to refer to everyday situations where one person feels indebted against their will, to another, in order to receive an essential service or avoid legal consequences. For example, certain lawsuits, fees for services such as banking, automobile insurance, gasoline prices, and even taxation, have all been labeled "legalized extortion" by people with various social or political beliefs. Neither extortion nor blackmail require a threat of a criminal act, such as violence, merely a threat used to elicit actions, money, or property from the object of the extortion. Such threats include the filing of reports (true or not) of criminal behavior to the police, revelation of damaging facts (such as pictures of the object of the extortion in a compromising position), etc.
169
References
[1] Exaction - definition of exaction by the Free Online Dictionary, Thesaurus and Encyclopedia (http:/ / www. thefreedictionary. com/ exaction) [2] "Exact definition - Dictionary - MSN Encarta" (http:/ / www. webcitation. org/ 5kwc1Rfdf). Archived from the original (http:/ / encarta. msn. com/ dictionary_1861609570/ exact. html) on 2009-10-31. .
External links
Legaltree (http://legaltree.ca/node/554), a Canadian legal portal, contains an article describing the elements of the offence of extortion under Canadian criminal law.
History
In today's society understanding the term "hacker" is complicated because it has many different definitions. The term can be traced back to MIT (Massachusetts Institute Technology). MIT was the first institution to offer a course in computer programming and computer science and it is here in 1960 where a group of MIT students taking a lab on artificial intelligence first coined this word. These students called themselves hackers because they were able to take programs and have them perform actions not intended for that program. The term was developed on the basis of a practical joke and feeling of excitement because the team member would hack away at the keyboard hours at a time. (Moore R., 2006).[4] Hacking developed alongside phone phreaking, a term referred to exploration of the phone network without authorization, and there has often been overlap between both technology and participants. The first recorded hack was accomplished by Joe Engressia also known as The Whistler. Engressia is known as the grandfather of phreaking. His hacking technique was that he could perfectly whistle a tone into a phone and make free call.[5] Bruce Sterling traces part of the roots of the computer underground to the Yippies, a 1960s counterculture movement which published the Technological Assistance Program (TAP) newsletter.[6] Other sources of early 1970s hacker culture
Hacker (computer security) can be traced towards more beneficial forms of hacking, including MIT labs or the Homebrew Computer Club, which later resulted in such things as early personal computers or the open source movement.
170
Hacker attitudes
Several subgroups of the computer underground with different attitudes and aims use different terms to demarcate themselves from each other, or try to exclude some specific group with which they do not agree. Eric S. Raymond (author of The New Hacker's Dictionary) advocates that members of the computer underground should be called crackers. Yet, those people see themselves as hackers and even try to include the views of Raymond in what they see as one wider hacker culture, a view harshly rejected by Raymond himself. Instead of a hacker/cracker dichotomy, they give more emphasis to a spectrum of different categories, such as white hat, grey hat, black hat and script kiddie. In contrast to Raymond, they usually reserve the term cracker. According to (Clifford R.D. 2006) a cracker or cracking is to "gain unauthorized access to a computer in order to commit another crime such as destroying information contained in that system".[9] These subgroups may also be defined by the legal status of their activities.[10] White hat A white hat hacker breaks security for non-malicious reasons, for instance testing their own security system. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement. Often, this type of 'white hat' hacker is called an ethical hacker. The International Council of Electronic Commerce Consultants, also known as the EC-Council [11] has developed certifications, courseware, classes, and online training covering the diverse arena of Ethical Hacking.[10] Black hat A black hat hacker, sometimes called a cracker, is someone who breaks computer security without authorization or uses technology (usually a computer, phone system or network) for malicious reasons such as vandalism, credit card fraud, identity theft, piracy, or other types of illegal activity.[10] [12] Grey hat A grey hat hacker is a combination of a Black Hat and a White Hat Hacker. A Grey Hat Hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked, for example. Then they may offer to repair their system for a small fee.[4] Elite hacker
Hacker (computer security) A social status among hackers, elite is used to describe the most skilled. Newly discovered exploits will circulate among these hackers. Elite groups such as Masters of Deception conferred a kind of credibility on their members.[13] :86,90,117 Elite (e.g. 31337) gives the term leet speak its name. Script kiddie A script kiddie is a non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding of the underlying concepthence the term script (i.e. a prearranged plan or set of activities) kiddie (i.e. kid, childan individual lacking knowledge and experience, immature).[12] Neophyte A neophyte, "n00b", or "newbie" is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology, and hacking.[4] Blue hat A blue hat hacker is someone outside computer security consulting firms who is used to bug test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term BlueHat [14] to represent a series of security briefing events.[15] [16] [17] Hacktivist A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial-of-service attacks. In more extreme cases, hacktivism is used as tool for cyberterrorism.
171
Attacks
Computer security Secure operating systems Security architecture Security by design Secure coding Computer insecurity Vulnerability Social engineering Eavesdropping Exploits Trojans Viruses and worms Denial of service Backdoors Rootkits Keyloggers
Payloads
A typical approach in an attack on Internet-connected system is: 1. Network enumeration: Discovering information about the intended target. 2. Vulnerability analysis: Identifying potential ways of attack. 3. Exploitation: Attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis.[18] In order to do so, there are several recurring tools of the trade and techniques used by computer criminals and security experts.
172
Security exploits
A security exploit is a prepared application that takes advantage of a known weakness. Common examples of security exploits are SQL injection, Cross Site Scripting and Cross Site Request Forgery which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through FTP, HTTP, PHP, SSH, Telnet and some web-pages. These are very common in website/domain hacking.
Techniques
Vulnerability scanner A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer, and sometimes will detect what program or service is listening on that port, and its version number. (Note that firewalls defend computers from intruders by limiting access to ports/machines both inbound and outbound, but can still be circumvented.) Password cracking Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. Packet sniffer A packet sniffer is an application that captures data packets, which can be used to capture passwords and other data in transit over the network. Spoofing attack A spoofing attack involves one program, system, or website successfully masquerading as another by falsifying data and thereby being treated as a trusted system by a user or another program. The purpose of this is usually to fool programs, systems, or users into revealing confidential information, such as user names and passwords, to the attacker. Rootkit A rootkit is designed to conceal the compromise of a computer's security, and can represent any of a set of programs which work to subvert control of an operating system from its legitimate operators. Usually, a rootkit will obscure its installation and attempt to prevent its removal through a subversion of standard system security. Rootkits may include replacements for system binaries so that it becomes impossible for the legitimate user to detect the presence of the intruder on the system by looking at process tables. Social engineering Social engineering is the art of getting persons to reveal sensitive information about a system. This is usually done by impersonating someone or by convincing people to believe you have permissions to obtain such information. Trojan horses A Trojan horse is a program which seems to be doing one thing, but is actually doing another. A trojan horse can be used to set up a back door in a computer system such that the intruder can gain access later. (The name refers to the horse from the Trojan War, with conceptually similar function of deceiving defenders into bringing an intruder inside.) Viruses A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. Therefore, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells.
Hacker (computer security) While some are harmless or mere hoaxes most computer viruses are considered malicious. Worms Like a virus, a worm is also a self-replicating program. A worm differs from a virus in that it propagates through computer networks without user intervention. Unlike a virus, it does not need to attach itself to an existing program. Many people conflate the terms "virus" and "worm", using them both to describe any self-propagating program. Key loggers A key logger is a tool designed to record ('log') every keystroke on an affected machine for later retrieval. Its purpose is usually to allow the user of this tool to gain access to confidential information typed on the affected machine, such as a user's password or other private data. Some key loggers uses virus-, trojan-, and rootkit-like methods to remain active and hidden. However, some key loggers are used in legitimate ways and sometimes to even enhance computer security. As an example, a business might have a key logger on a computer used at a point of sale and data collected by the key logger could be used for catching employee fraud.
173
Hackers in fiction
Hackers often show an interest in fictional cyberpunk and cyberculture literature and movies. Absorption of fictional pseudonyms, symbols, values, and metaphors from these fictional works is very common. Books portraying hackers: The cyberpunk novels of William Gibson especially the Sprawl Trilogy are very popular with hackers.[21] Merlin, the protagonist of the second series in The Chronicles of Amber by Roger Zelazny is a young immmortal hacker-mage prince who has the ability to traverse shadow dimensions. Hackers (short stories) Snow Crash Helba from the .hack manga and anime series. Little Brother by Cory Doctorow
Hacker (computer security) Rice Tea by Julien McArdle Lisbeth Salander in The Girl with the Dragon Tattoo by Stieg Larsson Films also portray hackers:
Cypher Tron WarGames The Matrix series Hackers Swordfish The Net The Net 2.0 Antitrust Enemy of the State Sneakers Untraceable Firewall Die Hard "4": Live Free or Die Hard Eagle Eye Take Down Weird Science
174
Pirates of silicon valley (related to hacker like Steve Jobs, not crackers)
Non-fiction books
Hacking: The Art of Exploitation, Second Edition by Jon Erickson The Hacker Crackdown The Art of Intrusion by Kevin D. Mitnick The Art of Deception by Kevin D. Mitnick Takedown The Hacker's Handbook The Cuckoo's Egg by Clifford Stoll Underground by Suelette Dreyfus
Fiction books
Ender's Game Neuromancer Evil Genius (novel)
References
Taylor, 1999 Taylor, Paul A. (1999). Hackers. Routledge. ISBN9780415180726.
[1] Sterling, Bruce (1993). "Part 2(d)". The Hacker Crackdown. McLean, Virginia: IndyPublish.com. p.61. ISBN1-4043-0641-2. [2] Blomquist, Brian (May 29, 1999). " FBI's Web Site Socked as Hackers Target Feds (http:/ / archive. nypost. com/ a/ 475198)". New York Post. Retrieved on October 21, 2008. [3] S. Raymond, Eric. "Jargon File: Cracker" (http:/ / catb. org/ jargon/ html/ C/ cracker. html). . Retrieved 2010-05-08. "Coined ca. 1985 by hackers in defense against journalistic misuse of hacker" [4] Moore, Robert (2006). Cybercrime: Investigating High-Technology Computer Crime (1st ed.). Cincinnati, Ohio: Anderson Publishing. ISBN9781593453039. [5] Kizza, Joseph M. (2005). Computer Network Security. New York, LLC: Springer-Verlag. [6] TAP Magazine Archive. http:/ / servv89pn0aj. sn. sourcedns. com/ ~gbpprorg/ 2600/ TAP/ [7] Tim Jordan, Paul A. Taylor (2004). Hacktivism and Cyberwars. Routledge. pp.133134. ISBN9780415260039. "Wild West imagery has permeated discussions of cybercultures." [8] Thomas, Douglas. Hacker Culture. University of Minnesota Press. p.90. ISBN9780816633463. [9] Clifford, Ralph D. (2006). Cybercrime:The Investigation, Prosecution and Defense of a Computer-Related Crime Second Edition. Durham, North Carolina: Carolina Academic Press. [10] Wilhelm, Douglas. "2". Professional Penetration Testing. Syngress Press. pp.503. ISBN9781597494250. [11] http:/ / www. eccouncil. org/ [12] Andress, Mandy; Cox, Phil; Tittel, Ed. CIW Security Professional. New York, NY: Hungry Minds, Inc.. p.10. ISBN0764548220. [13] Thomas, Douglas (2002). Hacker Culture. University of Minnesota Press. ISBN9780816633463. [14] http:/ / www. microsoft. com/ technet/ security/ bluehat/ default. mspx
175
Related literature
Kevin Beaver. Hacking For Dummies (http://books.google.com/books?id=ulZ7ln6ORBAC&lpg=PP1& ots=BbHPy4NvPN&dq=Kevin Beaver.Hacking For Dummies.&pg=PP1#v=onepage&q&f=false). ISBN978-0764557842. Richard Conway, Julian Cordingley. Code Hacking: A Developer's Guide to Network Security. ISBN978-1584503149. Dot.Con: The Dangers of Cyber Crime and a Call for Proactive Solutions, (http://www.scribd.com/doc/ 14361572/Dotcon-Dangers-of-Cybercrime-by-Johanna-Granville) by Johanna Granville, Australian Journal of Politics and History, vol. 49, no. 1. (Winter 2003), pp.102109. Katie Hafner & John Markoff (1991). Cyberpunk: Outlaws and Hackers on the Computer Frontier. Simon & Schuster. ISBN0-671-68322-5. David H. Freeman & Charles C. Mann (1997). @ Large: The Strange Case of the World's Biggest Internet Invasion. Simon & Schuster. ISBN0-684-82464-7. Suelette Dreyfus (1997). Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier. Mandarin. ISBN1-86330-595-5. Bill Apro & Graeme Hammond (2005). Hackers: The Hunt for Australia's Most Infamous Computer Cracker. Five Mile Press. ISBN1-74124-722-5. Stuart McClure, Joel Scambray & George Kurtz (1999). Hacking Exposed. Mcgraw-Hill. ISBN0-07-212127-0. Michael Gregg (2006). Certfied Ethical Hacker. Pearson. ISBN978-0789735317. Clifford Stoll (1990). The Cuckoo's Egg. The Bodley Head Ltd. ISBN0-370-31433-6.
External links
CNN Tech PCWorld Staff (November 2001). Timeline: A 40-year history of hacking from 1960 to 2001 (http:// archives.cnn.com/2001/TECH/internet/11/19/hack.history.idg/) Discovery Channel Documentary. History of Hacking Documentary video (http://vodpod.com/watch/ 31369-discovery-channel-the-history-of-hacking-documentary)
176
177
178
179
180
181
182
License
183
License
Creative Commons Attribution-Share Alike 3.0 Unported http:/ / creativecommons. org/ licenses/ by-sa/ 3. 0/