Over the past twenty years fraudulent activities conducted by African criminal groups have escalated posing a significant threat to email users worldwide.
African criminal enterprises (ACEs) have been identified as engaging in a myriad of get-rich schemes, identity theft, credit card fraud and insurance fraud.
ACEs are well organized and characterized by fluid, cell-like structures. Through mutual relationships, these cells form intricate networks operating through closely-knit family or tribal connections. Like other organized criminal groups, ACEs place family members and close associates in critical positions.
ACEs successfully engage in criminal fraud schemes without fear of regulatory or law enforcement intervention primarily due to poor governmental conditions in many African nations. Even if a bandit were charged in a foreign jurisdiction, his/her extradition could be very difficult owed to corrupt officials in the host country.
In order to further their crimes, ACEs establish networks of support.
- Apartment locator services, locating dwellings for ACE members who are new to a geographic area.
- Check cashing services, cashing fraudulent checks and conducting money laundering activities.
- Monetary exchange services are operated by ACE members who convert illicit proceeds into cashier's checks, money orders, bank drafts, for transfer to foreign accounts.
- Mail drops. ACE members and associates frequently utilize the services of private mail agencies, renting private mailboxes to receive fraudulent credit cards, checks, financial documents, etc. Often these facilities receive faxes and email for their clients.
The nature of ACE fraud schemes is one of "smaller is better." Instead of orchestrating large-scale fraud operations, emphasis is placed on conducting numerous smaller scams. Discipline in this area pays dividends by enabling the perpetrators to take advantage of loopholes in larger economies while allowing for little, if any, punishment should a member get arrested due to the single-crime small loss value.
ACEs sponsor 'schools' providing instruction in the methods and means by which frauds may be accomplished. Documents seized by authorities have revealed instructions to ACE members on obtaining fraudulent identification cards, social security cards and birth certificates, and the methods by which these documents may be used in fraudulent financial transactions. Instructions provided by these schools include skills such as using the Internet to fabricate false identities, and money laundering techniques.
Credit Card Fraud
Utilizing a variety of techniques, ACEs obtain credit cards by applying under assumed false identities. ACEs frequently establish their own services, verifying the fraudster's identity, address, employment and salary history. Communication abilities extend to conventional mailings, email and telephone. A personal visit would easily reveal these operations are merely boiler rooms intended to answer queries as quickly and convincingly as possible.
After receiving the credit cards, merchandise is ordered from mail order or online companies. Of course, these purchases meet or exceed the credit limits, with statements paid by fraudulent checks. Before these checks are discovered to be fraudulent, the cardholder begins his/her credit purchases anew, allowing the ACE member to reach the maximum credit limit again. At this time, there are a series of stalling techniques allowing even more purchases to be made. By the time credit card companies discover fraud, it is usually too late to recover any money. The poor investigator or auditor is left with a trail of false identities, worthless checks, false addresses and anonymous email addresses.
Parallel to credit card frauds, are frauds involving stolen credit histories. ACEs have elaborate methods for obtaining personal and financial information from unsuspecting victims, resulting in their credit history being compromised. ACE members, often well educated, accept low-level jobs as payroll clerks, security guards, janitors, etc. In these roles, they gain access to confidential personnel records in businesses where they are employed. With this information, they establish credit in the stolen identities
Prosecutions in numerous jurisdictions have indicated that ACE members are submitting fraudulent claims for automobile accidents, personal injuries, residential thefts, lost baggage and life insurance policies. Usually, these scams follow traditional insurance frauds; however, in the matter of life insurance, a life insurance policy is taken for a fictitious relative. After a short time, the policyholder files a claim stating the insured was killed, and promptly provides a fraudulent death certificate and proceeds to collect
Fraudulent Letter Scams
Individuals and businesses, around the world, are receiving unsolicited letters and email, offering a variety of get-rich-quick business schemes. Authors of these letters usually claim to be directors of petroleum or other industries. Although each letter or email appears to be unique, their stated purpose generally follows this outline: they want to transfer millions of dollars out of a host country and are asking the recipient to open a bank account to receive these funds. In exchange for his/her cooperation, the email recipient will receive a large percentage for their trouble. The letter or email would lead the reader to believe this is a routine manner of doing business, often referring to the recipient as someone of trust.
If the letter's recipient replies, the perpetrators will attempt to defraud their victims in the form of advance fees thinly disguised as tariffs or taxes. After a flurry of email or telephone calls, the authors will demand the victim pay an "economic recovery tax" or other similarly named fee, supposedly required under law before the funds may be transferred. If the victim asks why this fee can't be taken from the larger sum, the perpetrators respond their funds are frozen and can only be transferred as a block. After many fits and starts, the victim grows frustrated with sending money to the bandits and eventually stops responding. It takes only time, before the victim realizes he/she is bearing all the expense, and the perpetrators aren't paying for anything. The multi-million dollar transfers never occur, and the recipients are defrauded of any money they send.
There are several key identifiers in these letters/emails: Usually the email/letter isn't directed to a specific person, rather, it is directed to the receiving company. Salutations vary - "to whom it may concern," or the salutation is directed to a position title. Often in the body, there is a reference to the addressee as a trusted friend. If a letter is received via conventional mail, the envelopes are usually hand-written. In the case of email, the sender frequently uses one of the Internet-based services such as Hotmail or Yahoo rather than a service where credit information would be required.
The key element in addressing ACE, and similar frauds, is timely reporting to regulatory and law enforcement authorities. Cooperative partnerships between government and industry entities coupled with vigorous prosecutions can bring these criminal enterprises to an end.
Investigations centered in ACE criminal activities are being pursued by many law enforcement agencies worldwide, with two of the primary agencies being the U.S. Secret Service (www.ustreas.gov/usss/index.shtml), and the Federal Bureau of Investigation (www.fbi.gov). Anyone with information about ACE activities should contact them either directly or through their websites.
Alan B. Sterneckert, CISSP, CISA, CFE, CCCI, is a retired special agent, Federal Bureau of Investigation. He is an information security consultant, lecturer and author. He may be contacted at [email protected]