Even as I was writing about the cyber crime outlook for the coming year and suggesting that we will see more high-profile arrests in 2012, the FBI was busy wrapping up a banner year for cyber crime prosecutions with a total of 30 new indictments in two separate cases. On December 15, in Las Vegas, 16 people were charged with bogus internet sales of merchandise, like automobiles, travel trailers and watercraft. A week later, 14 Romanian citizens were charged with conspiracy, fraud and identity theft offenses. These charges stemmed from their alleged participation in an extensive “phishing” scheme. Three of the charged defendants have already been extradited from Romania to the United States.
Both cases tackle long-running internet-based scams. The crimes in the Las Vegas case involve sham online sales carried out from December 2008 to the present. The arrests resulted from a joint investigation by the FBI and the Las Vegas Metropolitan Police Department as part of its Nevada Cyber Crime and Southern Nevada Eastern European Organized Crime Task Forces. The alleged perpetrators took people's money in exchange for cars and other goods offered for sale on sites like Craigslist and Autotrader, cars and goods which existed only in online photographs and were never delivered to the people who purchased them.
Just like the fake apartment that I tried to rent when I was moving to San Diego a few months ago, this phony merchandise was priced to move. As the indictment puts it, the seller was invariably someone whose personal circumstances “required that they sell the offered items quickly.” In the case of my fake apartment, the scammer said she had to leave the country for a new job on an oil rig. Scammers in the Las Vegas case often cited “unemployment, military deployment, or family emergencies.” All of which supported the next step after attracting buyers: getting the buyers to complete the transaction “through eBay, Yahoo!Finance or similar online services, which would securely hold the buyers' funds until the purchased items were delivered.” To this end, the conspirators sent the marks email messages that looked like they were from eBay, Yahoo!Finance or other such entities. The emails told buyers how to “remit payment to designated agents of those entities who were to hold the purchase money in escrow until the transactions was concluded.”
Of course, as the indictment spells out, the transactions were all a sham: “the conspirators did not deliver any of the items offered for sale; neither eBay, Yahoo!Finance, nor any similar entity participated in these transactions.” And the “escrow agents” that received the buyers' purchase money? They were participants in the scheme who “received the funds fraudulently obtained from buyers on behalf of the conspiracy.” Scores of people were allegedly victimized in this manner, netting the defendants and their associates more than $3 million.
Fraudulent transactions like these, that involve cash or bank transfers, are not protected in the same way that credit card purchases are, so the chances of victims getting their money back would appear to be slim. The lessons here are not new but worth repeating: Be deeply suspicious of any deal you encounter online that:
Another lesson from this case is that fraudsters do get arrested and prosecuted. Hopefully that lesson will deter some people from a life of cyber crime in 2012.